-
-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSK cluster to get recreated when sasl is reverted to null #52
Comments
I'm also seeing a similar problem. Unfortunately we edited the security settings on our MSK cluster by hand (enabled TLS). Now if I describe the cluster using awscli, I see that the
And if I try to apply my Terraform code (which now has
|
Same issue. |
same problem. I am using the provider version = "~> 4.14.0" |
@simoferr98 if you're hitting this issue, could you create a ticket with the terraform aws provider? All we can do in this module is bump the minimum aws version of the provider |
I also faced this issue. And this is related to: hashicorp/terraform-provider-aws#24914 & hashicorp/terraform-provider-aws#30752 A workaround is to set explicit false for not used authentication method, f.e.:
But this will not work in this module. Even if I set
You are using dynamic blocks that will not generate the sasl part if IMHO you could adopt this workaround in the module and always sets |
That's a great point. We're open to prs to fix this. terraform-aws-msk-apache-kafka-cluster/main.tf Lines 180 to 186 in 1a63c04
Changing the dynamic to a non-dynamic and defaulting the inputs of each boolean to false should fix this and apply the workaround mentioned above |
Describe the Bug
In a certain case the msk config has a
tls block with enabled: false whilst also having sasl/scram
eg. output from aws kafka list-clusters
When running a terraform plan it wants to recreate the cluster
As a workaround i added a ignore changes to the aws_msk_cluster resource
Expected Behavior
I expect this to not replace the cluster as there is really no change
Steps to Reproduce
See above description.
I believe if you enable unauthenticated access via console and disable the cluster can have the extra info in the config
Screenshots
If applicable, add screenshots or logs to help explain your problem.
Environment (please complete the following information):
Anything that will help us triage the bug will help. Here are some ideas:
Additional Context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: