[Bug]: server_certificate does not populate when using the aws_datasync_location_object_storage resource

[drubah]

Terraform Core Version

1.5.1

AWS Provider Version

5.4.0

Affected Resource(s)

• aws_datasync_location_object_storage

Expected Behavior

• A DataSync location for a Snowball Edge S3 bucket should be created with the supplied certificate.
• AWS console should reflect "Using provided certificate" under Server certificate verification.

Actual Behavior

• A DataSync location for Snowball Edge S3 bucket is created but without the supplied certificate.
• AWS console shows "Amazon Linux 2 CA Trust Profile" under Server certificate verification.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_datasync_location_object_storage" "local_storage" {
  server_protocol     = "HTTPS"
  server_certificate  = file(var.local_storage_certificate)
  agent_arns          = [aws_datasync_agent.datasync_agent.arn]
  server_hostname     = var.local_storage_hostname
  bucket_name         = var.local_storage_bucket
  access_key          = var.local_storage_ak
  secret_key          = var.local_storage_sk
}

Steps to Reproduce

• Run terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

The file referenced with server_certificate is a PEM-encoded certificate for the Snowball device. When the location is created using the AWS console the same file is properly loaded and access to the Location is successful.

I have also tried referencing server_certificate as filebase64().

After a `terraform apply' the server_certificate for the resource in terraform.tfstate still shows as empty, i.e.:

            "server_certificate": "",

Successive 'terraform applies' try to change the server_certificate resource (and says that the resource has been updated) yet it never is reflected within the console.

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @drubah 👋 Thank you for taking the time to raise this! Can you give me an idea of what the value for var.local_storage_certificate is? Debug logs (redacted as needed) may also help, if you're able to provide them.

[drubah]

Hi @justinretzolk, the value of local_storage_certificate is the full path to the PEM-encoded file, e.g., /Users/me/Desktop/cert.pem.

I've also attached redacted debug logs. This line stuck out:

2023-06-22T08:43:22.443-0500 [WARN]  Provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected new value for aws_datasync_location_object_storage.local_storage, but we are tolerating it because it is using the legacy plugin SDK.

debug.txt

Please let me know if there's anything else I can provide.