Creation of aws_cloudwatch_event_rule errors when using Partner event sources

[alfuananzo]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v0.13.4
+ provider registry.terraform.io/hashicorp/aws v3.34.0
+ provider registry.terraform.io/hashicorp/external v2.1.0
+ provider registry.terraform.io/hashicorp/local v2.1.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/template v2.2.0

Affected Resource(s)

• aws_cloudwatch_event_rule

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

resource "aws_cloudwatch_event_rule" "this_rule" {
  event_bus_name = local.rule_name
  name           = "some-rule-name"
  description    = "Some description."
  event_pattern = <<EOF
{
  "detail-type": ["Build Started"],
  "detail": {
    "build": {
      "branch": ["master"]
    }
  }
}
EOF
}

Debug Output

Panic Output

Error: error reading CloudWatch Events Rule (aws.partner/service.com/name/c66a61fa-b4e7-4a80-9b61-2141a9b8fdf1/buildkite-build-outside-office-hours): unexpected format for ID ("aws.partner/service.com/name/b66c92fa-b4e7-4a83-9b61-2141a9b8fdgh/some-rule-name"), expected <event-bus-name>/<rule-name> or <rule-name>

Expected Behavior

Expected is that the eventbridge rule is created, which it is. However, the final step of the function returns a check in the state if the rule is there. This check fails because of a formatting error check that fails incorrectly (format is correct). End state is that the resource is in AWS, is in state as well, but can't be used since refreshing state will cause it to error with the above error.

Actual Behavior

Resource is build, but fails when state is checked (either during the apply, or afterwards during a plan).

Steps to Reproduce

1. terraform apply

Really, thats all there should be to it.

Important Factoids

Already checked out the source of this issue. aws/internal/service/cloudwatchevents/id.go has a function called RuleParseID, which is called at the end of each creation of a Eventbridge rule. The rule parser ID uses a / to split the string of the rule name and checks if either:
a. The rule contains no / by doing len(parts) == 1 and checking if the one part is not empty
b. The rule contains exactly one / by doing len(parts) == 2 and both parts are not empty.

A check should be added here, checking if the first part is the string e.g parts[0] == "aws.partner" which is used in each eventbus partner string. If this is the case, multiple / should be allowed in the rule id.

References

None

[ewbankkit]

terraform-provider-aws/aws/internal/service/cloudwatchevents/id.go

Lines 40 to 50 in 18cac7d

	func RuleParseID(id string) (string, string, error) {
	parts := strings.Split(id, ruleIDSeparator)
	if len(parts) == 1 && parts[0] != "" {
	return DefaultEventBusName, parts[0], nil
	}
	if len(parts) == 2 && parts[0] != "" && parts[1] != "" {
	return parts[0], parts[1], nil
	}
	return "", "", fmt.Errorf("unexpected format for ID (%q), expected <event-bus-name>"+ruleIDSeparator+"<rule-name> or <rule-name>", id)
	}

Related:

• Fix validation for CloudWatch event bus name #16815
• Add support for EventBridge partner event bus #16431
• aws_cloudwatch_event_rule: Expected value of event_bus_name to match regular expression #18182
• Cloudwatch EventRule to support partner eventbus names #18143

[ewbankkit]

It looks like we may have the same issue with aws_cloudwatch_event_permission and aws_cloudwatch_event_target resources.

[ewbankkit]

For aws_cloudwatch_event_permission a partner event bus name cannot be specified:

        resource_aws_cloudwatch_event_permission_test.go:328: Step 1/2 error: Error running apply: exit status 1
            2021/03/29 17:37:22 [DEBUG] Using modified User-Agent: Terraform/0.12.26 HashiCorp-terraform-exec/0.13.0
    
            Error: Creating CloudWatch Events permission failed: ValidationException: 1 validation error detected: Value 'aws.partner/datadog.com/TerraformTesting' at 'eventBusName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\.\-_A-Za-z0-9]+
                    status code: 400, request id: 8329ec8c-828c-4048-a665-60aaafd76f0d

[kromol]

@ewbankkit I can help with updating aws_cloudwatch_event_permission and aws_cloudwatch_event_target (if needed) in the pull request if you are busy with something else. Just let me know what is the preferable way - open PR into your fork or open new PR in this repository?

[ewbankkit]

@kromol Thanks for the offer of help 👏.
The open PR (#18491) should take care of this (CloudWatch Event Permissions don't support partner event buses).
I'm waiting on another Maintainer to review it.

[ghost]

This has been released in version 3.39.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.