Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

awscc_lakeformation_principal_permissions : terraform apply error #1280

Closed
wellsiau-aws opened this issue Oct 29, 2023 · 1 comment · Fixed by #1363
Closed

awscc_lakeformation_principal_permissions : terraform apply error #1280

wellsiau-aws opened this issue Oct 29, 2023 · 1 comment · Fixed by #1363
Labels
bug runtime-handling Relates to runtime handling and conversion of Terraform configuration to CloudFormation. service/lakeformation

Comments

@wellsiau-aws
Copy link
Collaborator

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
  • The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Affected Resource(s)

  • resource "awscc_lakeformation_principal_permissions" "sample" {

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_lakeformation_principal_permissions" "sample" {
  principal = {
    data_lake_principal_identifier = "arn:aws:iam::204034886740:role/Admin"
  }

  resource = {
    database = {
      catalog_id = "204034886740"
      name       = "default"
    }
  }

  permissions                   = ["CREATE_TABLE", "ALTER", "DROP", "DESCRIBE"]
  permissions_with_grant_option = ["CREATE_TABLE", "ALTER", "DROP", "DESCRIBE"]
}

Debug Output

Plan: 1 to add, 0 to change, 0 to destroy.
awscc_lakeformation_principal_permissions.sample: Creating...

│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.catalog. All values must be known after apply, so this is always a bug in
│ the provider and should be reported in the provider's own repository. Terraform will still save the other known object
│ values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.principal_identifier. All values must be known after apply, so this is
│ always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the other
│ known object values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.resource.catalog. All values must be known after apply, so this is always
│ a bug in the provider and should be reported in the provider's own repository. Terraform will still save the other known
│ object values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.resource.data_cells_filter. All values must be known after apply, so this
│ is always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the
│ other known object values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.resource.data_location. All values must be known after apply, so this is
│ always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the other
│ known object values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.resource.lf_tag. All values must be known after apply, so this is always a
│ bug in the provider and should be reported in the provider's own repository. Terraform will still save the other known
│ object values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.resource.lf_tag_policy. All values must be known after apply, so this is
│ always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the other
│ known object values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.resource.table. All values must be known after apply, so this is always a
│ bug in the provider and should be reported in the provider's own repository. Terraform will still save the other known
│ object values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.resource.table_with_columns. All values must be known after apply, so this
│ is always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the
│ other known object values in the state.


│ Error: Provider returned invalid result object after apply

│ After the apply operation, the provider still indicated an unknown value for
│ awscc_lakeformation_principal_permissions.sample.resource_identifier. All values must be known after apply, so this is
│ always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the other
│ known object values in the state.


│ Error: AWS SDK Go Service Operation Unsuccessful

│ with awscc_lakeformation_principal_permissions.sample,
│ on main.tf line 1, in resource "awscc_lakeformation_principal_permissions" "sample":
│ 1: resource "awscc_lakeformation_principal_permissions" "sample" {

│ Calling Cloud Control API service GetResource operation returned: operation error CloudControl: GetResource, https response
│ error StatusCode: 400, RequestID: 6977755c-84be-4b34-a88d-671a1ef02e14, api error ValidationException: When specifying the
│ identifier as JSON, you must specify exactly one identifier from [[/properties/PrincipalIdentifier,
│ /properties/ResourceIdentifier]], and no additional properties can be specified

Expected Behavior

terraform apply should complete succesfully

Actual Behavior

terraform apply failed and resource tained

Steps to Reproduce

  1. terraform apply
@wellsiau-aws
Copy link
Collaborator Author

This might be relevant, the subsequent terraform plan output:

awscc_lakeformation_principal_permissions.sample: Refreshing state... [id={"DataLakePrincipalIdentifier":"arn:aws:iam::204034886740:role/Admin"}|{"Catalog":null,"Database":{"CatalogId":"204034886740","Name":"default"},"Table":null,"TableWithColumns":null,"DataLocation":null,"DataCellsFilter":null,"LFTag":null,"LFTagPolicy":null}]

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: AWS SDK Go Service Operation Unsuccessful
│ 
│   with awscc_lakeformation_principal_permissions.sample,
│   on main.tf line 1, in resource "awscc_lakeformation_principal_permissions" "sample":
│    1: resource "awscc_lakeformation_principal_permissions" "sample" {
│ 
│ Calling Cloud Control API service GetResource operation returned: operation error CloudControl: GetResource, https response
│ error StatusCode: 400, RequestID: 652abd06-2797-4a72-ad0d-db42011dd4f6, api error ValidationException: When specifying the
│ identifier as JSON, you must specify exactly one identifier from [[/properties/PrincipalIdentifier,
│ /properties/ResourceIdentifier]], and no additional properties can be specified

Interestingly, the id attribute on the terraform state contains the entire READ response:

{
  "version": 4,
  "terraform_version": "1.4.2",
   ...
  "resources": [
    {
      "mode": "managed",
      "type": "awscc_lakeformation_principal_permissions",
      "name": "sample",
      "provider": "provider[\"registry.terraform.io/hashicorp/awscc\"]",
      "instances": [
        {
          "status": "tainted",
          "schema_version": 1,
          "attributes": {
            "catalog": null,
            "id": "{\"DataLakePrincipalIdentifier\":\"arn:aws:iam::204034886740:role/Admin\"}|{\"Catalog\":null,\"Database\":{\"CatalogId\":\"204034886740\",\"Name\":\"default\"},\"Table\":null,\"TableWithColumns\":null,\"DataLocation\":null,\"DataCellsFilter\":null,\"LFTag\":null,\"LFTagPolicy\":null}",
            "permissions": [
              "CREATE_TABLE",
              "ALTER",
              "DROP",
              "DESCRIBE"
            ],
            ... <redacted>
}

@ewbankkit ewbankkit added bug runtime-handling Relates to runtime handling and conversion of Terraform configuration to CloudFormation. and removed needs-triage labels Nov 8, 2023
@ewbankkit ewbankkit mentioned this issue Nov 8, 2023
Closed
@ewbankkit ewbankkit mentioned this issue Jan 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug runtime-handling Relates to runtime handling and conversion of Terraform configuration to CloudFormation. service/lakeformation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Provider returned invalid result object after apply errors hashicorp/terraform-provider-awscc
2 participants
@ewbankkit @wellsiau-aws