Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: changing redshift master password after restoring does nothing #27549

Open
jurgen-weber-deltatre opened this issue Oct 30, 2022 · 5 comments
Open

[Bug]: changing redshift master password after restoring does nothing #27549

jurgen-weber-deltatre opened this issue Oct 30, 2022 · 5 comments
Labels
bug Addresses a defect in current functionality. service/redshift Issues and PRs that pertain to the redshift service.

Comments

@jurgen-weber-deltatre
Copy link

jurgen-weber-deltatre commented Oct 30, 2022
edited
Loading

Terraform Core Version

1.3.3

AWS Provider Version

4.37.0

Affected Resource(s)

Our aws_redshift_cluster was originally migration from a snapshot; so snapshot_identifier was set. After the restoration has been completed we then removed this setting so it does not restore on every plan/apply.

Now at the same time, the master_username and master_password were set, but as the documentation says it is ignored or not required when you are restoring.

Now I wish to rotate the password, this does nothing. I know the password has changed because other resources related to it are changing/updating but on a plan no change happens to the aws_redshift_cluster resource.

If I change the username, the AWS API seems to want to recreate the whole thing.. Which of course I Don't want to recreate my redshift cluster. I just want to change the master password.

Expected Behavior

An 'update in place' action to happen on the aws_redshift_cluster resource.

Actual Behavior

Nothing, absolutely nothing happens even thought hte master_password has changed.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

  source              = "terraform-aws-modules/redshift/aws"

  iam_role_arns       = [
    aws_iam_role.redshift_service.arn
  ]
  database_name       = var.redshift_cluster_database_name
  cluster_identifier  = var.name
  node_type           = local.config_tier["redshift_cluster_node_type"][var.config_tier]
  master_password     = local.admin_password_selector
  master_username     = var.redshift_cluster_master_username
  number_of_nodes     = local.config_tier["redshift_cluster_number_of_nodes"][var.config_tier]
  cluster_version     = var.redshift_cluster_version
  create_random_password = false
  logging             = {
    enable            = local.config_tier["enable_logging"][var.config_tier]
    bucket_name       = local.config_tier["enable_logging"][var.config_tier] == "true" ? aws_s3_bucket.logs.bucket : null
  }

  enhanced_vpc_routing = true

  # KMS Key
  encrypted            = local.config_tier["encrypted"][var.config_tier]
  kms_key_arn          = local.config_tier["encrypted"][var.config_tier] == "true" ? data.aws_kms_key.default_redshift.arn : ""

  # maintenance window
  preferred_maintenance_window = var.redshift_maintenance_window

  # snapshot
  automated_snapshot_retention_period = 7
  final_snapshot_identifier = "final-snapshot-${var.name}"

  # restore from snapshot
  snapshot_identifier         = var.redshift_snapshot_identifier
  snapshot_cluster_identifier = var.redshift_snapshot_cluster_identifier
  owner_account               = var.redshift_snapshot_owner

  subnet_ids           = var.redshift_subnets
  tags                 = local.tags
  vpc_security_group_ids  = [
    aws_security_group.redshift.id
  ]
  parameter_group_name = "batch-pipeline-${terraform.workspace}-redshift-1-0-custom-params"
  parameter_group_parameters = {
    wlm_json_configuration = {
      name = "wlm_json_configuration"
      value  = jsonencode([
        {
          query_concurrency: 5
        }
      ])
    }
    require_ssl = {
      name  = "require_ssl"
      value = false
    }
    use_fips_ssl = {
      name  = "use_fips_ssl"
      value = false
    }
    enable_user_activity_logging = {
      name  = "enable_user_activity_logging"
      value = false
    }
    max_concurrency_scaling_clusters = {
      name  = "max_concurrency_scaling_clusters"
      value = 1
    }
    enable_case_sensitive_identifier = {
      name  = "enable_case_sensitive_identifier"
      value = false
    }
  }
}```

### Steps to Reproduce

restore a cluster from a snapshot, then attempt to change the master_password.

### Debug Output

_No response_

### Panic Output

_No response_

### Important Factoids

The original restore happened over a year ago, so I Can not really tell when what version of TF or the provider it was restored under.

I also tried removing the resource from the state and importing again, with the same result.

### References

_No response_

### Would you like to implement a fix?

_No response_
@jurgen-weber-deltatre jurgen-weber-deltatre added bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. labels Oct 30, 2022
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@justinretzolk justinretzolk added service/redshift Issues and PRs that pertain to the redshift service. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 1, 2022
@cjol
Copy link

cjol commented Feb 23, 2023

I think we are suffering from this bug, but our Redshift cluster was not restored at all. It's been created under Terraform control from the start, but changing the master_password parameter similarly does nothing.

@Latyn4ik
Copy link

Latyn4ik commented Oct 6, 2023
edited
Loading

Also faced this problem, this bug destroys the whole process of deploying new infrastructure

Terraform v1.5.5
on linux_amd64

  • provider registry.terraform.io/hashicorp/aws v5.19.0

@Latyn4ik
Copy link

Latyn4ik commented Oct 6, 2023

Hi @jurgen-weber-deltatre do you find workaround for this problem ?

@RuStyC0der
Copy link

Also faced this issue recently and it blocks big peace of my work. Is there any workaround? Also, if there is something I can do to help to resolve this issue please ping me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/redshift Issues and PRs that pertain to the redshift service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@cjol @Latyn4ik @justinretzolk @RuStyC0der @jurgen-weber-deltatre