Skip to content

Fix persistent diffs in aws_controltower_landing_zone manifest_json #44902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix persistent diffs in aws_controltower_landing_zone manifest_json #44902

wants to merge 2 commits into from
+296 −6

Conversation

@cariandrum22
Copy link

@cariandrum22 cariandrum22 commented Nov 2, 2025

Rollback Plan

In case of any issues, users can rollback to the previous version of the provider. The changes are isolated to the aws_controltower_landing_zone resource's diff suppression logic.

Changes to Security Controls

No changes to security controls. This PR only affects diff suppression and state normalization for the manifest_json attribute.

Description

Fixes #35763

This PR resolves persistent diffs in the aws_controltower_landing_zone resource's manifest_json attribute caused by:

  1. Array ordering differences: AWS API may return governedRegions in a different order than specified in configuration
  2. Type inconsistencies: AWS API returns retentionDays as strings, but users may specify them as numbers

The fix implements a two-part solution:

  1. Custom diff suppression function (suppressEquivalentLandingZoneManifestDiffs) that normalizes and compares manifests semantically
  2. State normalization during read to ensure consistent representation in state

Implementation details:

  • Added normalizeManifestJSON() function to:
    • Sort governedRegions array alphabetically for order-independent comparison
    • Convert retentionDays string values to numbers in loggingBucket and accessLoggingBucket configurations
  • Added unit tests covering 7 scenarios including edge cases
  • Applied normalization in both Read function (state refresh) and diff suppression

Testing:

Unit tests verify the normalization handles:

  • Identical manifests (should suppress diff)
  • retentionDays as number vs string (should suppress diff)
  • governedRegions in different order (should suppress diff)
  • Different governedRegions values (should NOT suppress diff)
  • Different retentionDays values (should NOT suppress diff)
  • Empty manifest edge cases

Relations

N/A

References

Output from Acceptance Testing

N/A - Unit tests only at this stage. The affected resource requires AWS Organizations management account which is not available in standard acceptance testing.

@cariandrum22
Fix persistent diffs in aws_controltower_landing_zone manifest_json
d747f39 
This fixes issue hashicorp#35763 by normalizing the manifest JSON both during
plan comparison (via DiffSuppressFunc) and when reading state.

The fix handles two issues:
1. governedRegions array order changes - sorted alphabetically
2. retentionDays type conversion between string and number

Without state normalization in the Read function, the AWS API returns
data that differs from what was stored in state, causing perpetual diffs
even when the semantic content is identical.
@cariandrum22 cariandrum22 requested a review from a team as a code owner November 2, 2025 10:44
@github-actions
Copy link
Contributor

github-actions bot commented Nov 2, 2025

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 2, 2025
edited
Loading

✅ Thank you for correcting the previously detected issues! The maintainers appreciate your efforts to make the review process as smooth as possible.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/controltower Issues and PRs that pertain to the controltower service. size/L Managed by automation to categorize the size of a PR. labels Nov 2, 2025
@github-actions github-actions bot added the size/XL Managed by automation to categorize the size of a PR. label Nov 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-triage Waiting for first response or review from a maintainer. service/controltower Issues and PRs that pertain to the controltower service. size/L Managed by automation to categorize the size of a PR. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Control Tower Landing Zone reports changes when no material changes present

1 participant

@cariandrum22