Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Cognito User Pool: cannot modify or remove schema items #38224

Open
leventyalcin opened this issue Jul 2, 2024 · 3 comments
Open

[Bug]: Cognito User Pool: cannot modify or remove schema items #38224

leventyalcin opened this issue Jul 2, 2024 · 3 comments
Labels
bug Addresses a defect in current functionality. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. service/cognitoidp Issues and PRs that pertain to the cognitoidp service.

Comments

@leventyalcin
Copy link

Terraform Core Version

1.8.3

AWS Provider Version

5.54.1

Affected Resource(s)

aws_cognito_user_pool

Expected Behavior

According to this issue and the this PR, the expected behaviour of Terraform plan/apply output after the first time, updates on schema should be ignored if string_attribute_constraints is present.

Actual Behavior

I am still seeing those triggers updates on aws_cognito_user_pool and it fails with the following output error message.

Plan Output

      - schema {
          - attribute_data_type      = "String" -> null
          - developer_only_attribute = false -> null
          - mutable                  = true -> null
          - name                     = "name" -> null
          - required                 = true -> null

          - string_attribute_constraints {
              - max_length = "512" -> null
              - min_length = "1" -> null
            }
        }
      + schema {
          + attribute_data_type = "String"
          + mutable             = true
          + name                = "name"
          + required            = true

          + string_attribute_constraints {
              + max_length = "512"
              + min_length = "1"
            }
        }

Apply result

Error: updating Cognito User Pool (REGION_xxxxxxxxx): cannot modify or remove schema items

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_cognito_user_pool" "pool" {
  name                = "test"
  mfa_configuration   = "OFF"
  username_attributes = ["email"]

  user_pool_add_ons {
    advanced_security_mode = "AUDIT"
  }

  schema {
    name                = "email"
    attribute_data_type = "String"
    mutable             = true
    required            = true
    string_attribute_constraints {
      min_length = 1
      max_length = 512
    }
  }

  schema {
    name                = "name"
    attribute_data_type = "String"
    mutable             = true
    required            = true
    string_attribute_constraints {
      min_length = 1
      max_length = 512
    }
  }
}

Steps to Reproduce

Terraform apply for a template contains schemas like above twice. The second apply always fail.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@leventyalcin leventyalcin added the bug Addresses a defect in current functionality. label Jul 2, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 2, 2024

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/cognitoidp Issues and PRs that pertain to the cognitoidp service. label Jul 2, 2024
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Jul 2, 2024
@lentidas lentidas mentioned this issue Jul 3, 2024
Merged
2 tasks
@justinretzolk justinretzolk added prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. and removed needs-triage Waiting for first response or review from a maintainer. labels Jul 9, 2024
@RLRabinowitz RLRabinowitz mentioned this issue Jul 22, 2024
Closed
@bannarisoftwares
Copy link

Hi @leventyalcin

Add

string_attribute_constraints {
max_length = "2048"
min_length = "0"
}
on each schema to avoid this issue

Example:

schema {
name = "scope"
attribute_data_type = "String"
mutable = true
required = false
string_attribute_constraints {
max_length = "2048"
min_length = "0"
}
}

When defining an attribute_data_type of String or Number, the respective attribute constraints configuration block (e.g string_attribute_constraints or number_attribute_constraints) is required to prevent recreation of the Terraform resource. This requirement is true for both standard (e.g., name, email) and custom schema attributes.

registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool#schema

@ewbankkit
Copy link
Contributor

Relates #38096.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. service/cognitoidp Issues and PRs that pertain to the cognitoidp service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@leventyalcin @ewbankkit @justinretzolk @bannarisoftwares