aws_msk_cluster : default value for client_broker : "TLS" #10673
Comments
github-actions
bot
added
the
needs-triage
bflad
added
upstream
|
Thanks for submitting this, @kunsalvi. A few weeks after general availability launch, the API default for encryption switched from Regarding the |
|
Thank you for the response. For now, I am explicitly specifying "client_broker" and its working for me. And "BadRequestException" is due to my certificate issue. |
|
This is even worst now. If not specified it forces a new resource since now it wants to be - encryption_in_transit {
- client_broker = "TLS" -> null # forces replacement
- in_cluster = true -> null
} |
…t.client_broker default to match API default Reference: #10673 Output from acceptance testing: ``` --- PASS: TestAccAWSMskCluster_basic (1595.73s) --- PASS: TestAccAWSMskCluster_BrokerNodeGroupInfo_EbsVolumeSize (1760.04s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionAtRestKmsKeyArn (1603.40s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionInTransit_ClientBroker (1603.85s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionInTransit_InCluster (1598.02s) --- PASS: TestAccAWSMskCluster_EnhancedMonitoring (1603.10s) --- PASS: TestAccAWSMskCluster_LoggingInfo (1806.72s) --- PASS: TestAccAWSMskCluster_NumberOfBrokerNodes (2036.98s) --- PASS: TestAccAWSMskCluster_OpenMonitoring (1722.68s) --- PASS: TestAccAWSMskCluster_Tags (1605.63s) --- PASS: TestAccAWSMskClusterDataSource_Name (1608.30s) ```
…t.client_broker default to match API default Reference: #10673 Output from acceptance testing: ``` --- PASS: TestAccAWSMskCluster_basic (1595.73s) --- PASS: TestAccAWSMskCluster_BrokerNodeGroupInfo_EbsVolumeSize (1760.04s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionAtRestKmsKeyArn (1603.40s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionInTransit_ClientBroker (1603.85s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionInTransit_InCluster (1598.02s) --- PASS: TestAccAWSMskCluster_EnhancedMonitoring (1603.10s) --- PASS: TestAccAWSMskCluster_LoggingInfo (1806.72s) --- PASS: TestAccAWSMskCluster_NumberOfBrokerNodes (2036.98s) --- PASS: TestAccAWSMskCluster_OpenMonitoring (1722.68s) --- PASS: TestAccAWSMskCluster_Tags (1605.63s) --- PASS: TestAccAWSMskClusterDataSource_Name (1608.30s) ```
…t.client_broker default to match API default (#14132) * resource/aws_msk_cluster: Update encryption_info.encryption_in_transit.client_broker default to match API default Reference: #10673 Output from acceptance testing: ``` --- PASS: TestAccAWSMskCluster_basic (1595.73s) --- PASS: TestAccAWSMskCluster_BrokerNodeGroupInfo_EbsVolumeSize (1760.04s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionAtRestKmsKeyArn (1603.40s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionInTransit_ClientBroker (1603.85s) --- PASS: TestAccAWSMskCluster_EncryptionInfo_EncryptionInTransit_InCluster (1598.02s) --- PASS: TestAccAWSMskCluster_EnhancedMonitoring (1603.10s) --- PASS: TestAccAWSMskCluster_LoggingInfo (1806.72s) --- PASS: TestAccAWSMskCluster_NumberOfBrokerNodes (2036.98s) --- PASS: TestAccAWSMskCluster_OpenMonitoring (1722.68s) --- PASS: TestAccAWSMskCluster_Tags (1605.63s) --- PASS: TestAccAWSMskClusterDataSource_Name (1608.30s) ``` * tests/data-source/aws_msk_cluster: Further clarify why bootstrap_brokers_tls is not using TestCheckResourceAttrPair()
|
The attribute default update has been merged and will release with version 3.0.0 of the Terraform AWS Provider, likely in the next two weeks. 👍 |
|
This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Hi
I am creating MSK cluster and if i do not keep any encryption_in_transit. It picks up "TLS" value for client_broker and cluster is created. But if I do terrform apply (without making any changes.). It forces below change :
encryption_info.0.encryption_in_transit.0.client_broker: "TLS" => "TLS_PLAINTEXT" (forces new resource)
Moreover if I provide value as :
encryption_in_transit {
client_broker = "TLS"
in_cluster = true
}
Cluster creation fails with :
Error: Error refreshing state: 1 error occurred:
* aws_msk_cluster.atropos_prod: 1 error occurred:
* aws_msk_cluster.atropos_prod: aws_msk_cluster.XXXX: failed requesting bootstrap broker info for "arn:aws:kafka:ap-south-1:286817589435:cluster/XXXX/684bd0d9-eecf-454d-b209-306ead63dda6-4" : BadRequestException: You can't get bootstrap broker nodes for a cluster in FAILED state.
status code: 400, request id: 81a984a9-2646-46e7-86af-236c0a88b329
Terrform version : Terraform v0.11.14
The text was updated successfully, but these errors were encountered: