The empty filter of an aws_s3_bitbucket_lifecycle_configuration is not persisted by AWS when you edit the lifecycle configuration.
rquadling opened this issue · comments
Description
If all the contents of a bucket are subject to a simple retention for 30 days (for example), this module creates an empty filter. This is created and persisted OK within AWS. BUT ... if you then go into the AWS Console and edit and save the lifecycle rule ... making no changes but agreeing (tick a checkbox) that you accept that the rule applies to all objects in the bucket, AWS removes the filter.
And so the next Terraform deployment gives you this:
Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:
# module.s3_bucket.aws_s3_bucket_lifecycle_configuration.this[0] has changed
~ resource "aws_s3_bucket_lifecycle_configuration" "this" {
id = "reporting-bucket"
# (2 unchanged attributes hidden)
~ rule {
id = "retention-30-days"
# (1 unchanged attribute hidden)
- filter {
}
# (1 unchanged block hidden)
}
}
and
Terraform will perform the following actions:
# module.s3_bucket.aws_s3_bucket_lifecycle_configuration.this[0] will be updated in-place
~ resource "aws_s3_bucket_lifecycle_configuration" "this" {
id = "reporting-bucket"
# (2 unchanged attributes hidden)
~ rule {
id = "retention-30-days"
# (1 unchanged attribute hidden)
+ filter {
}
# (1 unchanged block hidden)
}
}
The code triggering this is https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/master/main.tf#L287
# Max 1 block - filter - without any key arguments or tags
dynamic "filter" {
for_each = length(try(flatten([rule.value.filter]), [])) == 0 ? [true] : []
content {
# prefix = ""
}
}It would seem not required to create an empty filter unless the API requires it. Admittedly, this is a VERY tiny edge case, but clutter is clutter. And, unfortunately, the configuration required by the AWS Provider (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration#specifying-an-empty-filter) does seem to be in conflict with what I've seen.
As the code above was added to be compatible with the last AWS provider for v3, this may be one of those subject to change things that may have fallen through the net.
As it stands, the terraform plan is no longer empty for an non-real change (as such).
Versions
- Module version [Required]:
v3.15.1 - Terraform version:
v1.6.3 - Provider version(s):
aws v5.27.0
Reproduction Code [Required]
Steps to reproduce the behavior:
If you take https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/7263d096e3386493dc5113ad61ad0670e6c99028/examples/complete/main.tf and remove
filter = {
tags = {
some = "value"
another = "value2"
}
}do the appropriate plan and apply. In the AWS console, edit the lifecycle configuration and immediately save it with no changes (other than the ticking the checkbox to agree to apply the rule to all files) and then another plan.
Expected behavior
The second plan SHOULD result in no changes.
Actual behavior
The second plan attempts to reinsert the empty filter after AWS has removed.
This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue was automatically closed because of stale in 10 days