Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS OpsWorks ssh_key in app_source keeps re-applying #6648

Closed
iroller opened this issue May 12, 2016 · 6 comments
Closed

AWS OpsWorks ssh_key in app_source keeps re-applying #6648

iroller opened this issue May 12, 2016 · 6 comments
Labels
bug provider/aws

Comments

@iroller
Copy link
Contributor

iroller commented May 12, 2016
edited
Loading

Hi there,

It looks like there's the same issue as #3635 existing in aws_opsworks_application -> app_source -> ssh_key.

Config:

resource "aws_opsworks_application" "app" {
  name        = "application"

  app_source = {
    type     = "git"
...
    ssh_key  = "${file("~/.ssh/private-key")}"
  }

On terraform plan/apply it keeps re-applying the ssh_key even though it's the same.

Also if it's filtered it shouldn't be displayed:

$ terraform plan

~ aws_opsworks_application.app
    app_source.0.ssh_key:  "*****FILTERED*****" => "-----BEGIN RSA PRIVATE KEY--- ... my-private-key-here"

Terraform Version

v0.6.15

Affected Resource(s)

  • aws_opsworks_application
  • app_source
@iroller iroller mentioned this issue May 12, 2016
Merged
@stack72
Copy link
Contributor

stack72 commented May 12, 2016

Closed by #6649

@stack72 stack72 closed this as completed May 12, 2016
@iroller
Copy link
Contributor Author

iroller commented May 19, 2016
edited
Loading

Sad but the pull request wasn't complete. There's no support for "WriteOnly" attributes for aws_opsworks_application. It's only supported in aws_opsworks_layers.

To get that bug actually fixed we'll need to add "WriteOnly" support to the main schema or there should be a separate struct, e.g. opsworksApplicationAttribute for "app_source" just like it's done for aws_opsworks_layers's opsworksLayerTypeAttribute.

cc @apparentlymart

@wookieb
Copy link

wookieb commented Jun 30, 2016
edited
Loading

Ping. Could you please open the issue? I'm using terraform 0.6.16 and got the same issue.
cc @apparentlymart

@stack72 stack72 reopened this Jul 1, 2016
@u2mejc
Copy link
Contributor

u2mejc commented Jul 7, 2016

@wookieb There are a few of these immutable resources. As a stop gap, I've avoided these issues by simply using the lifecycle ignore_changes feature, like this:

lifecycle {
    ignore_changes = ["custom_cookbooks_source.0.ssh_key"]
  }

@solinv
Copy link

solinv commented Jul 20, 2016

The lifecycle ignore_changes workaround @u2mejc proposed doesn't work for us.

Whenever another attribute of the resource (aws_opsworks_stack in our case) changes, custom_cookbooks_source.0.ssh_key will be set to empty string in OpsWorks, effectively breaking the whole thing for us as I can't see any kind of workaround.

If interested, I have a very minimal stack.tf that I could enhance with comments on how to reproduce. Using 0.6.16.

@hashibot hashibot mentioned this issue Jun 13, 2017
Closed
@xsalazar xsalazar mentioned this issue Sep 19, 2019
Merged
@ghost
Copy link

ghost commented Apr 10, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@stack72 @iroller @wookieb @solinv @u2mejc @hashibot