file_system_administrators_group not considered during creation of ressource aws_fsx_ontap_storage_virtual_machine which forces replacement during next apply

[brakf]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Affected Resource(s)

• aws_fsx_ontap_storage_virtual_machine

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_fsx_ontap_storage_virtual_machine" "brln" {
  file_system_id = aws_fsx_ontap_file_system.eufr.id
  name           = "BRLNFS001"

  active_directory_configuration {
    netbios_name = "BRLNFS001"
    self_managed_active_directory_configuration {
      dns_ips                                = local.eufr_ad_ips
      domain_name                            = local.eufr_ad_domain_name
      username                               = local.eufr_ad_user_name
      password                               = local.eufr_ad_user_password
      file_system_administrators_group       = "BRLNGSRVAdmins" #<==== this is simply ignored during apply
      organizational_unit_distinguished_name = "OU=BRLN-Servers,OU=OU-BRLN,OU=DE,OU=Locations,DC=eu1,DC=company,DC=local"
    }
  }

  root_volume_security_style = "NTFS"

  provider = aws.eufr

}

Debug Output

https://gist.github.com/brakf/1efc660e344634e8eeec99e531c41684

Panic Output

Expected Behavior

aws_fsx_ontap_storage_virtual_machine.brln should have been created with parameter file_system_administrators_group set properly.

Actual Behavior

Instead it was not considered which prompted terraform to delete and create the same ressource again upon next apply.

Steps to Reproduce

1. terraform apply

Important Factoids

References

• #0000

[brakf]

I opened a ticket at AWS. They are still checking but the issue is not with the CreateStorageVirtualMachine API but with the DescribeStorageVirtualMachines API which is lacking those parameters in the Output.

[brakf]

AWS support confirmed that this is a bug in API Call DescribeStorageVirtualMachines. They are working on it.

[brakf]

Info from AWS Suppoer:

Hello Fabian,

Thank you for contacting AWS Premium Support team, my name is Robin and it was a pleasure having a conversation with you today.

You contacted us because FileSystemAdministratorsGroup and RootVolumeSecurityStyle parameters are missing when you ran DescribeStorageVirtualMachines API call.

I checked the behavior in lab and can confirm that even I do not see these parameters in the output of this API call.

As per the public doc we should get the details of both these parameters in the output, apologies for the inconvenience.
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.aws.amazon.com%2Fcli%2Flatest%2Freference%2Ffsx%2Fdescribe-storage-virtual-machines.html&data=04%7C01%7Cfbrakowski%40tecracer.de%7C55a5cab273e1400a7de608d9f6a92bac%7Cd686a5b9aeec445c9524a5412f2c874a%7C1%7C0%7C637812028708373832%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sb9JFQzmMTdiFRHUlzKxnqXabmeI0SWxgH%2FwH5MaMLU%3D&reserved=0

As stated on call, I have raised a ticket with the internal team to check this behavior once and confirm if its a bug or if we are missing something while running the command.

I will get back to you as soon as I have an update from internal team.

I appreciate your time and patience with us.

Thanks

We value your feedback. Please share your experience by rating this correspondence using the AWS Support Center link at the end of this correspondence. Each correspondence can also be rated by selecting the stars in top right corner of each correspondence within the AWS Support Center.

Best regards,
Robin P.
Amazon Web Services

[brakf]

I got the following feedback from AWS Support. My answer is right below:
Hello Fabian,

I have an update from the internal team.

They have confirmed that RootVolumeSecurityStyle and FileSystemAdministratorsGroup are not returned in describe API call because these are considered "write-only" fields. They have also confirmed that they will be updating the public document as soon as possible.

I understand your use case but you will have to stick to the workaround you are following in Terraform as these attributes wont be returned in the describe API call. Apologies for the all inconvenience.

I will keep the case under monitoring till tomorrow. Please feel free to get back to us if you have additional queries.

Thanks

We value your feedback. Please share your experience by rating this correspondence using the AWS Support Center link at the end of this correspondence. Each correspondence can also be rated by selecting the stars in top right corner of each correspondence within the AWS Support Center.

Best regards,
Robin P.
Amazon Web Services

My Answer:
Dear Robin,

thanks for the reply.
However, I can neither understand nor accept this response.
In my understanding the Describe API call should return ALL values that are set. How else I am I supposed to know what is configured?
Please take my response back to them and make sure that they implement those values in the describe call.

BR
Fabian

[tfrege]

Was this resolved? We're seeing the same issue as of 06/13/22.

[ewbankkit]

Closed via #33466.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.