-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when updating aws_ssm_document resource name when name is being referenced in an aws_ssm_association resource. #7221
Comments
Is there any news on this bug? I am encountering the very same issue. Any work-arounds would also be helpful. |
I'm facing this issue as well. Is there any plan to fix the same? |
I figured out a work around.
good luck |
Thanks for the workaround. I would like to use it, but it doesn't scale. I can't be manually changing the document and all references every time. |
murthyanish, It is a work around so it wont be perfect. You can minimize your re work by isolating the documents in their own module. Then make sure your module exports the valid arn or document name. Since the references would only care about the exported arn, changes are limited to the module itself. divide and conquer |
Reference: #7221 Reference: #10004 Reference: #13483 Reference: #14679 The name is the primary identifier for the resource, so calling `UpdateDocument` with a new name is invalid. This attempted in-place update behavior was additionally confusing because it would silently not do anything on just name updates. Previously (just `aws_ssm_document` resource): ``` === CONT TestAccAWSSSMDocument_Name resource_aws_ssm_document_test.go:50: Step 3/3 error: After applying this test step and performing a `terraform refresh`, the plan was not empty. stdout An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_ssm_document.test will be updated in-place ~ resource "aws_ssm_document" "test" { id = "tf-acc-test-3858217851784081459" ~ name = "tf-acc-test-3858217851784081459" -> "tf-acc-test-8266894063699649325" tags = {} # (17 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. --- FAIL: TestAccAWSSSMDocument_Name (25.03s) ``` Previously (temporarily adding `aws_ssm_association` resource in test): ``` === CONT TestAccAWSSSMDocument_Name resource_aws_ssm_document_test.go:50: Step 3/3 error: Error running apply: exit status 1 Error: Error creating SSM association: InvalidDocument: Invalid document provided testing_new.go:63: Error running post-test destroy, there may be dangling resources: exit status 1 Error: InvalidDocument: Document tf-acc-test-2434960888500369098 does not exist in your account --- FAIL: TestAccAWSSSMDocument_Name (20.39s) ``` Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSSSMDocument_params (32.31s) --- PASS: TestAccAWSSSMDocument_session (32.42s) --- PASS: TestAccAWSSSMDocument_permission_public (32.93s) --- PASS: TestAccAWSSSMDocument_permission_batching (33.39s) --- PASS: TestAccAWSSSMDocument_permission_private (34.12s) --- PASS: TestAccAWSSSMDocument_basic (41.99s) --- PASS: TestAccAWSSSMDocument_Name (46.45s) --- PASS: TestAccAWSSSMDocument_target_type (50.60s) --- PASS: TestAccAWSSSMDocument_SchemaVersion_1 (50.79s) --- PASS: TestAccAWSSSMDocument_update (50.97s) --- PASS: TestAccAWSSSMDocument_DocumentFormat_YAML (51.02s) --- PASS: TestAccAWSSSMDocument_automation (51.41s) --- PASS: TestAccAWSSSMDocument_VersionName (53.47s) --- PASS: TestAccAWSSSMDocument_Tags (60.30s) --- PASS: TestAccAWSSSMDocument_permission_change (63.56s) --- PASS: TestAccAWSSSMDocument_package (76.31s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- PASS: TestAccAWSSSMDocument_session (34.91s) --- PASS: TestAccAWSSSMDocument_permission_public (38.16s) --- PASS: TestAccAWSSSMDocument_permission_batching (38.82s) --- PASS: TestAccAWSSSMDocument_params (44.52s) --- PASS: TestAccAWSSSMDocument_basic (48.72s) --- PASS: TestAccAWSSSMDocument_permission_private (49.47s) --- PASS: TestAccAWSSSMDocument_automation (50.99s) --- PASS: TestAccAWSSSMDocument_target_type (52.10s) --- PASS: TestAccAWSSSMDocument_SchemaVersion_1 (52.11s) --- PASS: TestAccAWSSSMDocument_VersionName (54.82s) --- PASS: TestAccAWSSSMDocument_DocumentFormat_YAML (55.16s) --- PASS: TestAccAWSSSMDocument_Name (55.40s) --- PASS: TestAccAWSSSMDocument_update (63.46s) --- PASS: TestAccAWSSSMDocument_Tags (64.97s) --- PASS: TestAccAWSSSMDocument_permission_change (67.99s) --- PASS: TestAccAWSSSMDocument_package (78.07s) ```
Reference: #7221 Reference: #10004 Reference: #13483 Reference: #14679 The name is the primary identifier for the resource, so calling `UpdateDocument` with a new name is invalid. This attempted in-place update behavior was additionally confusing because it would silently not do anything on just name updates. Previously (just `aws_ssm_document` resource): ``` === CONT TestAccAWSSSMDocument_Name resource_aws_ssm_document_test.go:50: Step 3/3 error: After applying this test step and performing a `terraform refresh`, the plan was not empty. stdout An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_ssm_document.test will be updated in-place ~ resource "aws_ssm_document" "test" { id = "tf-acc-test-3858217851784081459" ~ name = "tf-acc-test-3858217851784081459" -> "tf-acc-test-8266894063699649325" tags = {} # (17 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. --- FAIL: TestAccAWSSSMDocument_Name (25.03s) ``` Previously (temporarily adding `aws_ssm_association` resource in test): ``` === CONT TestAccAWSSSMDocument_Name resource_aws_ssm_document_test.go:50: Step 3/3 error: Error running apply: exit status 1 Error: Error creating SSM association: InvalidDocument: Invalid document provided testing_new.go:63: Error running post-test destroy, there may be dangling resources: exit status 1 Error: InvalidDocument: Document tf-acc-test-2434960888500369098 does not exist in your account --- FAIL: TestAccAWSSSMDocument_Name (20.39s) ``` Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSSSMDocument_params (32.31s) --- PASS: TestAccAWSSSMDocument_session (32.42s) --- PASS: TestAccAWSSSMDocument_permission_public (32.93s) --- PASS: TestAccAWSSSMDocument_permission_batching (33.39s) --- PASS: TestAccAWSSSMDocument_permission_private (34.12s) --- PASS: TestAccAWSSSMDocument_basic (41.99s) --- PASS: TestAccAWSSSMDocument_Name (46.45s) --- PASS: TestAccAWSSSMDocument_target_type (50.60s) --- PASS: TestAccAWSSSMDocument_SchemaVersion_1 (50.79s) --- PASS: TestAccAWSSSMDocument_update (50.97s) --- PASS: TestAccAWSSSMDocument_DocumentFormat_YAML (51.02s) --- PASS: TestAccAWSSSMDocument_automation (51.41s) --- PASS: TestAccAWSSSMDocument_VersionName (53.47s) --- PASS: TestAccAWSSSMDocument_Tags (60.30s) --- PASS: TestAccAWSSSMDocument_permission_change (63.56s) --- PASS: TestAccAWSSSMDocument_package (76.31s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- PASS: TestAccAWSSSMDocument_session (34.91s) --- PASS: TestAccAWSSSMDocument_permission_public (38.16s) --- PASS: TestAccAWSSSMDocument_permission_batching (38.82s) --- PASS: TestAccAWSSSMDocument_params (44.52s) --- PASS: TestAccAWSSSMDocument_basic (48.72s) --- PASS: TestAccAWSSSMDocument_permission_private (49.47s) --- PASS: TestAccAWSSSMDocument_automation (50.99s) --- PASS: TestAccAWSSSMDocument_target_type (52.10s) --- PASS: TestAccAWSSSMDocument_SchemaVersion_1 (52.11s) --- PASS: TestAccAWSSSMDocument_VersionName (54.82s) --- PASS: TestAccAWSSSMDocument_DocumentFormat_YAML (55.16s) --- PASS: TestAccAWSSSMDocument_Name (55.40s) --- PASS: TestAccAWSSSMDocument_update (63.46s) --- PASS: TestAccAWSSSMDocument_Tags (64.97s) --- PASS: TestAccAWSSSMDocument_permission_change (67.99s) --- PASS: TestAccAWSSSMDocument_package (78.07s) ```
The fix (requiring |
This has been released in version 3.29.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Terraform Version
Terraform v0.11.11
Affected Resource(s)
Terraform Configuration Files
Initial Configuration
Updated Configuration
Expected Behavior
Changing the name used for the
aws_ssm_document
resource should result into a resource replacement (destroy, add) as opposed to an update.Actual Behavior
Plan
Error on Apply
Steps to Reproduce
name
foraws_ssm_document
resource to a SSM document name that has not been previously used in the AWS account before (e.g. "Updated Configuration" above)aws_ssm_document
name is updated to a name which has not been used before.The text was updated successfully, but these errors were encountered: