[Bug]: ecr/lifecycle_policy: no changes shown for tagPatternList

[skurtEnd]

Terraform Core Version

v1.5.5

AWS Provider Version

~> 5.14.0

Affected Resource(s)

aws_ecr_lifecycle_policy

Expected Behavior

tagPatternList is a list parameter. When TF plan is ran, it should show the diffs in the plan.

Actual Behavior

It doesn't show any diffs in the plan when tagPatternList is the only attribute changed therefore, tagPatternList cannot be updated.

It only shows the diff when another attribute has been changed - for instance: countNumber changed from 120 to 90

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

N/A

Steps to Reproduce

Add aws_ecr_lifecycle_policy with tagPatternList
Run terraform apply
Add a new element to the tagPatternList attribute
Run plan/apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[acwwat]

One can use the following resource definition to troubleshoot this issue:

resource "aws_ecr_repository" "foo" {
  name = "bar"
}

resource "aws_ecr_lifecycle_policy" "foopolicy" {
  repository = aws_ecr_repository.foo.name

  policy = jsonencode(
    {
      rules = [
        {
          rulePriority = 1
          description  = "Images to be removed after 120 days"
          selection = {
            tagStatus = "tagged"
            tagPatternList = [
              "*-TEST",
              "*-TEST2"
            ]
            countType   = "sinceImagePushed"
            countUnit   = "days"
            countNumber = 120
          },
          "action" : {
            "type" : "expire"
          }
        }
      ]
    }
  )
}

Using this as the baseline, I can confirm that changing tagPatternList doesn't cause a change, but changing other attributes such as countNumber does. Looking at the code, it does some form of normalization with the policy document for comparison to determine of there are differences. What I can see from the debug log is that tagPatternList is NOT in the normalized (or canonical) version of the policy JSON, which explains the observed behavior. Perhaps someone can take a deeper look at the equivalentLifecyclePolicyJSON function to see if the normalization is correct.

Here are the lines of interest for the debug log when I change countNumber to 120 to see what the diff looks like:

2024-01-09T13:52:41.632-0500 [DEBUG] provider.terraform-provider-aws_v5.31.0_x5.exe: [DEBUG] Canonical Lifecycle Policy JSONs are not equal.
2024-01-09T13:52:41.632-0500 [DEBUG] provider.terraform-provider-aws_v5.31.0_x5.exe: First: {"rules":[{"rulePriority":1,"description":"Images to be removed after 120 days","selection":{"tagStatus":"tagged","countType":"sinceImagePushed","countUnit":"days","countNumber":120},"action":{}}]}
2024-01-09T13:52:41.632-0500 [DEBUG] provider.terraform-provider-aws_v5.31.0_x5.exe: Second: {"rules":[{"rulePriority":1,"description":"Images to be removed after 120 days","selection":{"tagStatus":"tagged","countType":"sinceImagePushed","countUnit":"days","countNumber":121},"action":{}}]}

[acwwat]

I believe the cause is that the model for selection does not include tagPatternList:

terraform-provider-aws/internal/service/ecr/lifecycle_policy.go

Lines 190 to 196 in 43a9d8d

	type lifecyclePolicyRuleSelection struct {
	TagStatus *string `locationName:"tagStatus" type:"string" enum:"tagStatus" required:"true"`
	TagPrefixList []*string `locationName:"tagPrefixList" type:"list"`
	CountType *string `locationName:"countType" type:"string" enum:"countType" required:"true"`
	CountUnit *string `locationName:"countUnit" type:"string" enum:"countType"`
	CountNumber *int64 `locationName:"countNumber" min:"1" type:"integer"`
	}

[github-actions]

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v5.44.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.