Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

awscc_cloudformation_stack_set with template_url parameter set cannot be updated #1987

Open
tabasku opened this issue Sep 3, 2024 · 0 comments
Open

awscc_cloudformation_stack_set with template_url parameter set cannot be updated #1987

tabasku opened this issue Sep 3, 2024 · 0 comments
Labels
bug needs-triage

Comments

@tabasku
Copy link

tabasku commented Sep 3, 2024
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
  • The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Terraform v1.9.5
on darwin_arm64

  • provider registry.terraform.io/hashicorp/awscc v1.12.0

Affected Resource(s)

  • awscc_cloudformation_stack_set

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_cloudformation_stack_set" "stackset" {
  stack_set_name   = "teststackset"
  permission_model = "SERVICE_MANAGED"
  template_url     = "https://awscc-issue.s3.eu-west-1.amazonaws.com/empty-template.yaml"
  stack_instances_group = [
    {
      deployment_targets = {
        organizational_unit_ids = ["r-x"]
      },
      regions = ["eu-west-1"]
    }
  ]
}

Debug Output

https://gist.github.com/tabasku/5341445e3b197b5826003815f9986516

Panic Output

Expected Behavior

Running terraform apply would update resource when template_url parameter is set

Actual Behavior

Running any updated to awscc_cloudformation_stack_set resource which has template_url parameter set cannot be updated. Running terraform apply fails with following error:

Error: AWS SDK Go Service Operation Unsuccessful

  with awscc_cloudformation_stack_set.stackset,
  on main.tf line 15, in resource "awscc_cloudformation_stack_set" "stackset":
  15: resource "awscc_cloudformation_stack_set" "stackset" {

Calling Cloud Control API service UpdateResource operation returned: operation error CloudControl:
UpdateResource, https response error StatusCode: 400, RequestID: 6ad0d2d8-a349-463b-8257-3f3826605d99, api
error ValidationException: Model validation failed (#: #: only 1 subschema matches out of 2
#: #: 2 subschemas matched instead of one)

Steps to Reproduce

  1. Define new awscc_cloudformation_stack_set resource using template_url parameter
  2. terraform apply

Important Factoids

Updating Cloudformation Stackset fails also with the AWS CLI if I use same patch document that awscc provider generates in update event DEBUG:

Patch document based on DEBUG output (OrganizationUnitIds redacted)

[
  {
    "op": "add",
    "path": "/StackInstancesGroup",
    "value": [
      {
        "DeploymentTargets": {
          "OrganizationalUnitIds": [
            "X"
          ]
        },
        "Regions": [
          "eu-west-1"
        ]
      }
    ]
  },
  {
    "op": "add",
    "path": "/TemplateURL",
    "value": "https://awscc-issue.s3.eu-west-1.amazonaws.com/empty-template.yaml"
  }
]

Running

aws cloudcontrol update-resource --type-name AWS::CloudFormation::StackSet \                                                                                       
          --identifier teststackset \
          --patch-document file://update-template-url.json

An error occurred (ValidationException) when calling the UpdateResource operation: Model validation failed (#: #: only 1 subschema matches out of 2
#: #: 2 subschemas matched instead of one)

According to AWS Support in order to update Cloudformation Stackset we also need to remove TemplateBody which seems to be generated each time stackset is updated. If I add following removal to patch document update succeeds.

{"op":"remove","path":"TemplateBody"}

AWSCC provider however does not add this operation when TemplateURL is being used. Looks like this should be added in order to fix this bug.

References

  • #0000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tabasku