Fix: Ensure that SqsManagedSseEnabled (sqs_managed_sse_enabled) is always passed to CreateQueue SQS API #26843
Conversation
…ways passed to CreateQueue SQS API # Community Note Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request Closes: #22197 ## Summary Affected resource: `aws_sqs_queue` Seems that since 01 of September 2022 [CreateQueue SQS API](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) changed and if **SqsManagedSseEnabled** parameter is not passed, SQS created as encrypted by default with `aws_sqs_queue` resource. Current logic in provider (internal/attrmap/attrmap.go, ResourceDataToAPIAttributesCreate) omit SqsManagedSseEnabled (sqs_managed_sse_enabled) if it's equal false. Which causes SQS to be created as encrypted and then it's changed to unencrypted on next apply. This change fixes it, but probably not in a best way.
Community NoteVoting for Prioritization
For Submitters
|
github-actions
bot
added
size/XS
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Welcome @nantiferov 👋
It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.
Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.
Thanks again, and welcome to the community! 😃
|
I am seeing this issue as well. When I set the resource variable to |
ewbankkit
added
service/sqs
ewbankkit
added
the
upstream
github-actions
bot
added
the
documentation
|
@nantiferov Thanks for the contribution 🎉 👏. It looks like Amazon announced this change a couple of weeks ago: https://aws.amazon.com/about-aws/whats-new/2022/10/amazon-sqs-announces-server-side-encryption-ssq-managed-sse-sqs-default/. The best way to fix this is to mark the |
|
Hi. I'm sorry but it's not fixed :/. It brakes our Pipeline consitency. It Deploys as a "True" with encryption enabled and tries to disable it when we are deploying again. |
|
@ewbankkit thank you for review and merge, but as @BehbudSh mentioned, afaik this won't fix the issue as it's related to |
|
@nantiferov Thanks for chasing up on this. As usual, lack of a covering acceptance test case failed to uncover the real problem. |
|
This functionality has been released in v4.36.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Summary
Affected resource:
aws_sqs_queueSeems that since 01 of September 2022 CreateQueue SQS API changed and if SqsManagedSseEnabled parameter is not passed, SQS created as encrypted by default with
aws_sqs_queueresource.Current logic in provider (internal/attrmap/attrmap.go, ResourceDataToAPIAttributesCreate) omit SqsManagedSseEnabled (sqs_managed_sse_enabled) if it's equal false. Which causes SQS to be created as encrypted and then it's changed to unencrypted on next apply.
This change fixes it, but probably not in a best way.
Closes: #22197
Output from acceptance testing:
NOTE:
attrmappackage is used in couple of other services, but this change affects only SQS I believe.