Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ignore enabled_policy_types until provider supports updated list #6

Closed
wants to merge 1 commit into from
Closed

ignore enabled_policy_types until provider supports updated list #6

wants to merge 1 commit into from

Conversation

MrGossett
Copy link
Owner

#3 failed because of some issues upstream.

hashicorp/terraform-provider-aws#14142 is to support the new AISERVICES_OPT_OUT_POLICY type for Organizations Policies. It is blocked by hashicorp/terraform-provider-aws#14000, which will update the provider to use a more recent version of the AWS SDK for Go, which adds that new type.

until those upstream issues are fixed, we manually enabled the type and we'll just need to ignore lifecycle changes until the terraform provider will accept the new policy type.

@MrGossett MrGossett self-assigned this Jul 27, 2020
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_organizations_policy.ai_opt_out: Refreshing state... [id=p-90wn1tbld4]
data.aws_iam_policy_document.apigw_assume: Refreshing state...
aws_dynamodb_table.blue_tfstate: Refreshing state... [id=TerraformStateLock]
data.aws_ssm_parameter.orgs_map: Refreshing state...
data.aws_iam_policy_document.apigw_logs: Refreshing state...
aws_organizations_organization.org: Refreshing state... [id=o-khnyu61nvn]
aws_iam_role.apigw_logs: Refreshing state... [id=APIGWCloudWatchGlobal]
aws_iam_role_policy.apigw_logs: Refreshing state... [id=APIGWCloudWatchGlobal:APIGWLogs]
aws_organizations_account.blue: Refreshing state... [id=372916070974]
aws_organizations_account.indigo: Refreshing state... [id=760208797553]
aws_organizations_account.grey: Refreshing state... [id=925497362398]
aws_organizations_policy_attachment.ai_opt_out_root: Refreshing state... [id=r-4lxd:p-90wn1tbld4]
aws_s3_bucket.blue_tfstate: Refreshing state... [id=terraform-state-372916070974]
aws_s3_bucket.indigo_tfstate: Refreshing state... [id=terraform-state-760208797553]
aws_dynamodb_table.indigo_tfstate: Refreshing state... [id=TerraformStateLock]
aws_s3_bucket.grey_tfstate: Refreshing state... [id=terraform-state-925497362398]
aws_dynamodb_table.grey_tfstate: Refreshing state... [id=TerraformStateLock]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_organizations_policy.ai_opt_out must be replaced
-/+ resource "aws_organizations_policy" "ai_opt_out" {
      ~ arn     = "arn:aws:organizations::372916070974:policy/o-khnyu61nvn/aiservices_opt_out_policy/p-90wn1tbld4" -> (known after apply)
      ~ content = jsonencode( # whitespace changes
            {
                services = {
                    @@operators_allowed_for_child_policies = [
                        "@@none",
                    ]
                    default                                = {
                        @@operators_allowed_for_child_policies = [
                            "@@none",
                        ]
                        opt_out_policy                         = {
                            @@assign                               = "optOut"
                            @@operators_allowed_for_child_policies = [
                                "@@none",
                            ]
                        }
                    }
                }
            }
        )
      ~ id      = "p-90wn1tbld4" -> (known after apply)
        name    = "AIServicesOptOutAll"
      ~ type    = "AISERVICES_OPT_OUT_POLICY" -> "SERVICE_CONTROL_POLICY" # forces replacement
    }

  # aws_organizations_policy_attachment.ai_opt_out_root will be destroyed
  - resource "aws_organizations_policy_attachment" "ai_opt_out_root" {
      - id        = "r-4lxd:p-90wn1tbld4" -> null
      - policy_id = "p-90wn1tbld4" -> null
      - target_id = "r-4lxd" -> null
    }

  # aws_organizations_policy_attachment.ai_opt_out_root["r-4lxd"] will be created
  + resource "aws_organizations_policy_attachment" "ai_opt_out_root" {
      + id        = (known after apply)
      + policy_id = (known after apply)
      + target_id = "r-4lxd"
    }

Plan: 2 to add, 0 to change, 2 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

Pusher: @MrGossett, Action: pull_request, Working Directory: ``, Workflow: Terraform

@MrGossett MrGossett mentioned this pull request Jul 27, 2020
Closed
@MrGossett MrGossett closed this Jul 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@MrGossett MrGossett

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MrGossett