Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: "Provider produced inconsistent result after apply" in aws_cognito_user_pool_client #30268

Closed
MrBuddyCasino opened this issue Mar 27, 2023 · 10 comments · Fixed by #30459
Closed

[Bug]: "Provider produced inconsistent result after apply" in aws_cognito_user_pool_client #30268

MrBuddyCasino opened this issue Mar 27, 2023 · 10 comments · Fixed by #30459
Assignees
@gdavison
Labels
bug Addresses a defect in current functionality. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. service/cognitoidp Issues and PRs that pertain to the cognitoidp service.
Milestone
v4.62.0

Comments

@MrBuddyCasino
Copy link

Terraform Core Version

1.1.7

AWS Provider Version

~> 4.55

Affected Resource(s)

  • module.cognito_oauth.aws_cognito_user_pool_client

Expected Behavior

apply should have succeeded

Actual Behavior

Terraform output the error message provided below. It looks like an "empty list vs null" issue.

Relevant Error/Panic Output Snippet

│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to
│ module.cognito_oauth.aws_cognito_user_pool_client.this["connectservices-oauth-dev"],
│ provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an
│ unexpected new value: .logout_urls: was cty.SetValEmpty(cty.String), but
│ now null.
│ 
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

Terraform Configuration Files

resource "aws_cognito_user_pool_client" "this" {
  for_each = var.pool_clients

  name         = each.key
  user_pool_id = aws_cognito_user_pool.this.id

  generate_secret       = true
  access_token_validity = 60

  allowed_oauth_flows = [
    "code",
  ]
  allowed_oauth_flows_user_pool_client = true
  allowed_oauth_scopes = [
    "email",
    "openid",
  ]

  callback_urls = each.value.callback_urls
  logout_urls   = []

  enable_propagate_additional_user_context_data = false

  enable_token_revocation = true
  id_token_validity       = 60

  token_validity_units {
    access_token  = "minutes"
    id_token      = "minutes"
    refresh_token = "days"
  }

  explicit_auth_flows = [
    "ALLOW_REFRESH_TOKEN_AUTH",
    "ALLOW_USER_PASSWORD_AUTH",
    "ALLOW_USER_SRP_AUTH",
  ]

  prevent_user_existence_errors = "ENABLED"

  read_attributes = [
    "email",
    "email_verified",
  ]
  write_attributes = [
    "email",
  ]

  supported_identity_providers = [
    aws_cognito_identity_provider.this.provider_name,
  ]
}

Steps to Reproduce

I'm not sure it is feasible to reproduce a full Cognito setup. The "null vs empty list" issue can probably easily be checked in the backing code.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@MrBuddyCasino MrBuddyCasino added bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. labels Mar 27, 2023
@github-actions github-actions bot added the service/cognitoidp Issues and PRs that pertain to the cognitoidp service. label Mar 27, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@MrBuddyCasino MrBuddyCasino changed the title [Bug]: "Provider produced inconsistent result after apply" in aws-cognito module [Bug]: "Provider produced inconsistent result after apply" in aws_cognito_user_pool_client Mar 27, 2023
@alnemo
Copy link

alnemo commented Mar 27, 2023
edited
Loading

Seeing same, provider update to 4.60 broke compatibility for all existing Cognito clients, giving unexpected new value error for attributes
.allowed_oauth_flows
.callback_urls
.logout_urls
.supported_identity_providers

Checked, downgrading to 4.59 allows to apply with no error
terraform { required_providers { aws = { source = "hashicorp/aws" version = "<= 4.59" } } }

@ewbankkit
Copy link
Contributor

Related: #30257.

@ewbankkit ewbankkit added regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. and removed needs-triage Waiting for first response or review from a maintainer. labels Mar 27, 2023
@bidego
Copy link

bidego commented Mar 27, 2023

Worked for me forcing provider <= 4.59 as @alnemo mentioned

@half2me
Copy link

half2me commented Mar 28, 2023

same issue here when I have:

explicit_auth_flows = []

@gdavison gdavison self-assigned this Mar 29, 2023
@sherifkayad
Copy link

I have the same issue when I have empty callback URLs e.g.:

callback_urls = []

This was referenced Apr 3, 2023
Closed
Closed
@gdavison gdavison mentioned this issue Apr 4, 2023
Merged
@github-actions github-actions bot added this to the v4.62.0 milestone Apr 5, 2023
@YakDriver
Copy link
Member

Fixed by #30459

@github-actions
Copy link

github-actions bot commented Apr 7, 2023

This functionality has been released in v4.62.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@HarryBo112
Copy link

Hi, it still seems to give an error. I am using tf core 1.4.2 and aws provider 4.62.0.
I've also tried other combinations (upgraded to aws provider 4.63.0, downgraded tf core), but it still gives me:

│ Error: Provider produced inconsistent result after apply │ │ When applying changes to aws_cognito_user_pool_client.my_ui, provider │ "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected │ new value: .token_validity_units: block count changed from 0 to 1. │ │ This is a bug in the provider, which should be reported in the provider's │ own issue tracker. ╵

Anything I could try? Downgrading aws provider to 4.59.0 does not show this issue.

@HarryBo112 HarryBo112 mentioned this issue Apr 24, 2023
Closed
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gdavison gdavison

Labels
bug Addresses a defect in current functionality. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. service/cognitoidp Issues and PRs that pertain to the cognitoidp service.
Projects
None yet
Milestone
v4.62.0
Development

Successfully merging a pull request may close this issue.

Fixes "inconsistent result" errors with empty Set values hashicorp/terraform-provider-aws
9 participants
@gdavison @ewbankkit @MrBuddyCasino @half2me @sherifkayad @bidego @alnemo @YakDriver @HarryBo112