Default attribute values

[ewbankkit]

There are a couple of outstanding issues around default attribute values.
Firstly, although the CloudFormation resource type schema allows a property's JSON Schema default value to be specfied, relatively few of the current schemas are doing so.
For example with AWS::KMS::Key:

resource "awscc_kms_key" "test" {
  key_policy = jsonencode(...)
}

% terraform apply
...
% terraform plan
...
awscc_kms_key.test: Refreshing state... [id=64dc65ee-9e6b-4511-bc2f-8165dd84a38c]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":

  # awscc_kms_key.test has been changed
  ~ resource "awscc_kms_key" "test" {
      + enable_key_rotation = false
      + enabled             = true
        id                  = "64dc65ee-9e6b-4511-bc2f-8165dd84a38c"
      + key_spec            = "SYMMETRIC_DEFAULT"
      + key_usage           = "ENCRYPT_DECRYPT"
      + multi_region        = false
      + tags                = [
        ]
        # (3 unchanged attributes hidden)
    }

Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo
or respond to these changes.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # awscc_kms_key.test will be updated in-place
  ~ resource "awscc_kms_key" "test" {
      - enable_key_rotation = false -> null
      - enabled             = true -> null
        id                  = "64dc65ee-9e6b-4511-bc2f-8165dd84a38c"
      - key_spec            = "SYMMETRIC_DEFAULT" -> null
      - key_usage           = "ENCRYPT_DECRYPT" -> null
      - multi_region        = false -> null
      - tags                = [
        ]
        # (3 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

No default is specified for the KeySpec or KeyUsage properties (although a value is mentioned in the description).

The second issue is that even if a default value were specified we would do nothing with it 😄.
hashicorp/terraform-plugin-framework#34, hashicorp/terraform-plugin-framework#102 will add Plugin Framework support which we must exploit.

[ewbankkit]

Relates: hashicorp/aws-cloudformation-resource-schema-sdk-go#20.

[ewbankkit]

Most default values are primitive values:

internal/service/cloudformation/schemas/AWS_GlobalAccelerator_Accelerator.json:      "default": "IPV4",
internal/service/cloudformation/schemas/AWS_GlobalAccelerator_Accelerator.json:      "default": true,
internal/service/cloudformation/schemas/AWS_GlobalAccelerator_EndpointGroup.json:          "default": 100

There are some that are arrays of simple values:

internal/service/cloudformation/schemas/AWS_CloudFront_Distribution.json

                "CachedMethods": {
                    "default": [
                        "GET",
                        "HEAD"
                    ],
                    "items": {
                        "type": "string"
                    },
                    "type": "array",
                    "uniqueItems": false
                },

or objects

internal/service/cloudformation/schemas/AWS_DataSync_LocationNFS.json

    "MountOptions": {
      "$ref": "#/definitions/MountOptions",
      "default": {
        "Version": "AUTOMATIC"
      }
    },

[ewbankkit]

Note that since default values are implemented as a plan modification, attributes with default values must be marked as Computed, else Terraform reports errors such as

awscc_kms_key.test: Refreshing state... [id=2cef7028-5142-4a72-8902-a4ed89784e57]
╷
│ Error: Provider produced invalid plan
│ 
│ Provider "registry.terraform.io/hashicorp/awscc" planned an invalid value for awscc_kms_key.test.key_usage: planned value cty.StringVal("ENCRYPT_DECRYPT") for a non-computed
│ attribute.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵

[ewbankkit]

Note that there are some resources that declare required properties that have default values:

internal/service/cloudformation/schemas/AWS_Cassandra_Table.json

    "Mode": {
      "description": "Capacity mode for the specified table",
      "type": "string",
      "enum": [
        "PROVISIONED",
        "ON_DEMAND"
      ],
      "default": "ON_DEMAND"
    },
    "BillingMode": {
      "type": "object",
      "properties": {
        "Mode": {
          "$ref": "#/definitions/Mode"
        },
        "ProvisionedThroughput": {
          "$ref": "#/definitions/ProvisionedThroughput"
        }
      },
      "required": [
        "Mode"
      ],
      "additionalProperties": false
    },

We will emit these as Optional/Computed attributes.