Can't use master_user_name if don't set master_user_arn to null explicitly
Closed this issue · 2 comments
Description
Please provide a clear and concise description of the issue you are encountering, and a reproduction of your configuration (see the examples/* directory for references that you can copy+paste and tailor to match your configs if you are unable to copy your exact configuration). The reproduction MUST be executable by running terraform init && terraform apply without any further changes.
If your request is for a new feature, please use the Feature request template.
- ✋ I have searched the open/closed issues and my issue is not listed.
⚠️ Note
Before you submit an issue, please perform the following first:
- Remove the local
.terraformdirectory (! ONLY if state is stored remotely, which hopefully you are following that best practice!):rm -rf .terraform/ - Re-initialize the project root to pull down modules:
terraform init - Re-attempt your terraform plan or apply and check if the issue still persists
Versions
-
Module version [Required]: 1.2.2
-
Terraform version: 1.5.5
- Provider version(s): 5.56.1
Reproduction Code [Required]
Steps to reproduce the behavior: The published example doesn't catch it as it is disabled there. Set the advanced_security_options to the following
advanced_security_options = {
enabled = true
internal_user_database_enabled = true
master_user_options = {
master_user_name = "example"
master_user_password = "Barbarbarbar1!"
}
}
Expected behavior
Setup a master user with the specified username and password.
Actual behavior
Terminal Output Screenshot(s)
Error: creating OpenSearch Domain: ValidationException: You must provide either a master username or a master user ARN but not together.
with module.opensearch.aws_opensearch_domain.this[0],
on .terraform/modules/opensearch/main.tf line 29, in resource "aws_opensearch_domain" "this":
29: resource "aws_opensearch_domain" "this" {
+ advanced_security_options {
+ anonymous_auth_enabled = false
+ enabled = true
+ internal_user_database_enabled = true
+ master_user_options {
+ master_user_arn = "arn:aws:iam::xxxxx:role/xxxxx"
+ master_user_name = "os-shared-master"
+ master_user_password = (sensitive value)
}
}
Additional context
If you set master_user_arn explicitly to null it works:
advanced_security_options = {
enabled = true
internal_user_database_enabled = true
master_user_options = {
master_user_name = "example"
master_user_password = "Barbarbarbar1!"
}
}
The check here https://github.com/terraform-aws-modules/terraform-aws-opensearch/blob/master/main.tf#L48 is not doing what it should. It should set master_user_arn to null if master_user_name is specified.
This issue has been resolved in version 1.3.1 🎉
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.