Handle single event selector in cloudtrail with non-default read_write_type

[ts-tek]

Fixes the residual issue mentioned at end of #3697

Changes proposed in this pull request:

• Handle defining a single event selector with a non default read_write_type

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSCloudTrail'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -run=TestAccAWSCloudTrail -timeout 120m
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccAWSCloudTrailServiceAccount_basic
--- PASS: TestAccAWSCloudTrailServiceAccount_basic (15.62s)
=== RUN   TestAccAWSCloudTrail_importBasic
--- PASS: TestAccAWSCloudTrail_importBasic (36.11s)
=== RUN   TestAccAWSCloudTrail
=== RUN   TestAccAWSCloudTrail/Trail
=== RUN   TestAccAWSCloudTrail/Trail/kmsKey
=== RUN   TestAccAWSCloudTrail/Trail/tags
=== RUN   TestAccAWSCloudTrail/Trail/eventSelector
=== RUN   TestAccAWSCloudTrail/Trail/basic
=== RUN   TestAccAWSCloudTrail/Trail/cloudwatch
=== RUN   TestAccAWSCloudTrail/Trail/enableLogging
=== RUN   TestAccAWSCloudTrail/Trail/isMultiRegion
=== RUN   TestAccAWSCloudTrail/Trail/logValidation
--- PASS: TestAccAWSCloudTrail (571.22s)
    --- PASS: TestAccAWSCloudTrail/Trail (571.22s)
        --- PASS: TestAccAWSCloudTrail/Trail/kmsKey (53.50s)
        --- PASS: TestAccAWSCloudTrail/Trail/tags (77.33s)
        --- PASS: TestAccAWSCloudTrail/Trail/eventSelector (91.25s)
        --- PASS: TestAccAWSCloudTrail/Trail/basic (54.42s)
        --- PASS: TestAccAWSCloudTrail/Trail/cloudwatch (79.32s)
        --- PASS: TestAccAWSCloudTrail/Trail/enableLogging (75.47s)
        --- PASS: TestAccAWSCloudTrail/Trail/isMultiRegion (86.50s)
        --- PASS: TestAccAWSCloudTrail/Trail/logValidation (53.43s)
=== RUN   TestAccAWSCloudTrail_include_global_service_events
--- PASS: TestAccAWSCloudTrail_include_global_service_events (33.21s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	656.199s

[tsiq-tek]

Just wondering if there was any estimate on when this might get accepted?

[mnikhil-git]

hi @ts-tek and @tsiq-tek

just curious if there is any news or information as to when this is being planned for merging?

@bflad can you please help check this fix and is good to go ? looks like assignee/review are missing and probably the reason why is it not in the radar..

[rossmckelvie]

The issue #3697 for this has been closed in preference of this PR, are there plans to continue work on this PR? Happy to test, I apply changes to a terraform project nearly weekly that has a cloudtrail configuration with the default event selectors that are prone to this bug.

[markliederbach]

Bump for @rossmckelvie. Would really like this solved for the sake of #3697. Else, that issue should be re-opened.

[klauern]

Related, #11712 would probably be fixed by this as well.

[linuxman79]

Hi,

I'm also experiencing this issue. I have the following event_selector configuration and it shows constant diffs:

event_selector {
include_management_events = true
read_write_type = "All"
}

Just wondering if anyone has plans to merge the pull request from @ts-tek?

Thanks,
Ben

[lucsmitty]

Also looking for status on this. Will this also be a terraform version 12+ fix only, or also in terraform 11.x?

[cloudyparts]

@bflad - this appears to fix multiple open issues #3697 and #11712.

This has been an issue for a long time. Is there anything we can do to push this forward?

[KyMidd]

Agree this would be useful. For others, we worked around this issue with:

lifecycle {
    ignore_changes = [event_selector]
  }

[bflad]

Thank you so much for this @ts-tek 🚀 LGTM

Output from acceptance testing:

--- PASS: TestAccAWSCloudTrail (898.22s)
    --- PASS: TestAccAWSCloudTrail/Trail (898.22s)
        --- PASS: TestAccAWSCloudTrail/Trail/tags (120.93s)
        --- PASS: TestAccAWSCloudTrail/Trail/cloudwatch (110.30s)
        --- PASS: TestAccAWSCloudTrail/Trail/isMultiRegion (115.70s)
        --- SKIP: TestAccAWSCloudTrail/Trail/isOrganization (1.68s)
        --- PASS: TestAccAWSCloudTrail/Trail/kmsKey (52.65s)
        --- PASS: TestAccAWSCloudTrail/Trail/eventSelector (148.11s)
        --- PASS: TestAccAWSCloudTrail/Trail/basic (86.62s)
        --- PASS: TestAccAWSCloudTrail/Trail/enableLogging (120.31s)
        --- PASS: TestAccAWSCloudTrail/Trail/includeGlobalServiceEvents (54.87s)
        --- PASS: TestAccAWSCloudTrail/Trail/logValidation (87.03s)

[ghost]

This has been released in version 2.68.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[rossmckelvie]

Unfortunately this does not seem to fix #3697 for me, which was closed in preference of this PR. workaround must remain even with 2.68.0 installed:

  # These are defaults, and terraform will always think it needs to change https://github.com/terraform-providers/terraform-provider-aws/pull/5448
  event_selector {
    read_write_type           = "All"
    include_management_events = true
  }
  # TODO: remove lifecycle once above linked issue is resolved. lifecycle is a temporary workaround
  lifecycle {
    ignore_changes = [event_selector]
  }

[KyMidd]

Confirm this doesn't fix for us either - still seeing changes on each run for event selector.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!