Terraform-provider-aws: Data Source: aws_acm_certificate flagging up change to id field on every run
Community Note
- Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform CLI and Terraform AWS Provider Version
Affected Resource(s)
- Data Source: aws_acm_certificate
Terraform Configuration Files
terraform {
required_version = ">= 0.13.3"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.6"
}
}
}
provider "aws" {
region = "us-east-1"
}
data aws_acm_certificate somecertificate {
domain = "somecertificate.example.com"
}
Debug Output
https://gist.github.com/daveshepherd/6b46ab6c443ae9089f1d2e9f32b36435
Expected Behavior
When running terraform plan or terraform apply repeatedly, no changes should be shown for this data object.
Actual Behavior
Each time terraform plan or terraform apply is run it flags up a change with the id field on the defined aws_acm_certificate data object. The id appears to be the current timestamp.
Steps to Reproduce
- Create a AWS certificate either via the console of via Terraform
- Define a terraform project as per the definition above, using the domain name of the certificate you created
- Run
terraform init - Run
terraform apply - Run
terraform plan- changes are highlighted, despite only just applying terraform and no changes have been made to this certificate.
Important Factoids
This has only become apparent since moving to terraform 0.13, presumably because 'The terraform plan and terraform apply commands will now detect and report changes to root module outputs as needing to be applied even if there are no resource changes in the plan.' This was also present with the AWS provider version 2.55 when running with terraform 0.13.
'id' is not defined as an attribute in the documentation for the acm_certificate data source. However, the acm_certificate resource does define the 'id' attribute as 'The ARN of the certificate' which is inconsistent with the data object, if nothing else.
References
daveshepherd
All 6 comments
Hi @daveshepherd, thank you for reporting this issue!
There were some unexpected changes with data source handling that occurred in the Terraform CLI version 0.13.0 release that are causing this additional data source output in addition to the unstable id attribute in the output. There are now larger tracking issues for both sides of this so to consolidate efforts and discussions:
hashicorp/terraform#25812
14579
Please upvote and subscribe to those for further updates. 馃憤
anGie44
on 17 Sep 2020
@daveshepherd out of curiosity, does configuring most_recent = false in the data source help at all as a workaround? e.g.
data "aws_acm_certificate" "somecertificate" {
domain = "somecertificate.example.com"
most_recent = false
}
bflad
on 18 Sep 2020
@bflad - I've set most_recent to both true and false and these changes are not longer highlighted. Thanks.
daveshepherd
on 18 Sep 2020
Okay great to hear there is at least a temporary workaround, thank you for following up. This is definitely a problem we would like to prevent going forward and we will provide additional updates as soon as we can.
bflad
on 18 Sep 2020
Thank you for the workaround! This was driving me crazy.
isurfbecause
on 20 Sep 2020
@daveshepherd out of curiosity, does configuring
most_recent = falsein the data source help at all as a workaround? e.g.data "aws_acm_certificate" "somecertificate" { domain = "somecertificate.example.com" most_recent = false }
This worked for me, thanks!
f3d0r
on 23 Sep 2020
Related issues
blaltarriba
路
3Comments
andywirv
路
3Comments
EmmN
路
3Comments
hashibot
路
3Comments
hashibot
路
3Comments
Most helpful comment
@daveshepherd out of curiosity, does configuring
most_recent = falsein the data source help at all as a workaround? e.g.