-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_lakeformation_permissions tries to revoke non-existent permissions #17633
Comments
I am facing the same issue, and we could fix this asap. |
Strange as it may sound, the first issue with permissions may be due to the order you've placed the strings in your list. I was facing the same issue with table permissions, when I set permissions as: However, when I set permissions as: Obviously this is far from ideal, and still looking into the grant_option permission issue, which I'm also facing. |
For the The second error went away for me once I started specifying this in the permissions block: e.g.
|
PG-Daniel-Andrews However, after applying perms on the first PLAN, any subsequent action now comes up with : I am executing with a role that has a policy of Allow * Now I cannot run with or without the resource as it won't destroy. Worth as shot anyway, so thanks |
Any resolution here? I am seeing something similar when making an update to a permission set. TF is trying to revoke a non-existent "ALL" permission on places where I previously granted a more limited permission set. |
This has been released in version 3.39.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform v0.13.5
Affected Resource(s)
aws_lakeformation_permissions
Terraform Configuration Files
Debug Output
First Apply works successfully and grants the requested permissions in lake formation.
However, subsequent applys generate the following error :
Expected Behavior
No Changes to Apply
Actual Behavior
The plan decides that the resource needs to be replaced.
Looking at the PLAN, Terraform is seeing false current values for both sets of permissions.
With 'permissions' it is removing and re-adding the 'ALTER' , which has not changed in the TF code at all
With 'permissions_with_grant_option' it is trying to remove permissions that never existed
Steps to Reproduce
terraform apply
Important Factoids
Also Note :
Playing in the console, I note that you are not allowed to add the grant_option permissions, if you do not also have them as normal 'permission'.
Console >>
`All privileges within the grant option list need to be a part of the privileges list."
References
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lakeformation_permissions
The text was updated successfully, but these errors were encountered: