Feature Request: Allow data sources searching tags/filters to return empty results

[lmickh]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

There are use-cases for data sources such as aws_vpcs or aws_security_groups that do not return results based on the tags/filter. If there are not results, these data sources will error out during the planning stage. Having a flag that allowed these data sources to return empty lists could expand their usage to search for resources that might not exist yet, but could in future runs.

New or Affected Resource(s)

• data.aws_vpcs
• data.aws_security_groups
• probably could be expanded to more data sources

Potential Terraform Configuration

data "aws_security_groups" "fake" {
  allow_empty_results = true
  tags = {
    is_fake = "true"
  }
}

data "aws_vpcs" "fake" {
  allow_empty_results = true
  filter {
    name = "vpc-id"
    values = ["vpc-fake"]
  }
}

resource "aws_security_group" "this" {
  name        = "example-fake-sg-rule"
  description = "Allow inbound traffic for ssh"
  vpc_id      = "${var.vpc_id}"

  ingress {
    from_port       = 22
    to_port         = 22
    protocol        = "tcp"
    security_groups = ["${concat(var.ingress_security_groups, data.aws_security_groups.fake.ids)}"]
  }
}

References

[lmickh]

Looks like hashicorp/terraform#16380 is probably a blocker for implementing this.

[stephenl03]

This issue should be addressed. If I use the the AWS SDK, I get an empty list returned, versus 404 or empty response. Something is returned and terraform should respect that response instead of generating an error. Coding standards have progressed along with the AWS API. This should not throw an error.

aws ec2 describe-instances --profile test --region ap-northeast-2 --filters Name=instance-state-name,Values=running --query 'Reservations[*].Instances[*][].InstanceId'
[]

aws ec2 describe-instances --profile test --region us-east-1 --filters Name=instance-state-name,Values=running --query 'Reservations[*].Instances[*][].InstanceId'
[
    "i-0f44c0b9e423b3004",
    "i-008baa2d914a766f9"
]

[scooper4711]

The same goes for aws_ebs_snapshot. I want to be able to specify "create an ebs volume based on this latest snapshot, but if no snapshot exists create an empty ebs volume."
Allowing aws_ebs_snapshot to represent an empty result set would do that. e.g. aws_ebs_snapshot.latest_snapshot.id would return null if there were no snapshots matching. And likewise in the resource aws_ebs_volume would need to be able to handle a null snapshot_id

[ewbankkit]

We need to consider whether or not this would be a breaking change.

[bflad]

We have now documented in our Provider Design documentation that plural data sources should return zero, one, or multiple results without error. Singular data sources should still return an error when the remote component is not found.

We can go back through any non-conformant plural data sources to fix them up, but this might want to wait until our next major release since it is a behavior change for the existing cases. I'm going to mark it with that milestone for tracking for now, but it might be done sooner depending on some further investigation work to determine if it was previously possible to rely on the error in configurations (e.g. with try()).

[github-actions]

This functionality has been released in v4.0.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.