From 1d266661dcd5b0f5d6f4ba8f32730d68ab8bd3fd Mon Sep 17 00:00:00 2001 From: Joel Thompson Date: Tue, 7 May 2019 21:15:50 -0400 Subject: [PATCH] Not retrieve EMR AD Domain Join User from AWS API The AWS API returns ******** for the ADDomainJoinUser attribute, the same as for ADDomainJoinPassword, CrossRealmTrustPrincipalPassword, and KdcAdminPassword. This causes a terraform plan to always attempt to rebuild the cluster since the ad_domain_join_user attribute is seen as changing from ******** to what is specified and desired in the plan. This now configures EMR to not retrieve this attribute from the AWS APIs so that it doesn't always attempt to rebuild the cluster. --- aws/resource_aws_emr_cluster.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_emr_cluster.go b/aws/resource_aws_emr_cluster.go index 7a1a56113f3..274438dd48d 100644 --- a/aws/resource_aws_emr_cluster.go +++ b/aws/resource_aws_emr_cluster.go @@ -1100,6 +1100,7 @@ func flattenEmrKerberosAttributes(d *schema.ResourceData, kerberosAttributes *em // Do not set from API: // * ad_domain_join_password + // * ad_domain_join_user // * cross_realm_trust_principal_password // * kdc_admin_password @@ -1112,8 +1113,8 @@ func flattenEmrKerberosAttributes(d *schema.ResourceData, kerberosAttributes *em m["ad_domain_join_password"] = v.(string) } - if kerberosAttributes.ADDomainJoinUser != nil { - m["ad_domain_join_user"] = *kerberosAttributes.ADDomainJoinUser + if v, ok := d.GetOk("kerberos_attributes.0.ad_domain_join_user"); ok { + m["ad_domain_join_user"] = v.(string) } if v, ok := d.GetOk("kerberos_attributes.0.cross_realm_trust_principal_password"); ok {