Question

在Terraform中使用“ schema”中的任何内容创建aws_cognito_user_pool都会导致每次Terraform运行时都重新创建用户池。我们要使用自定义属性，因此需要在架构中设置选项。

根据文档

“在定义String或Number的attribute_data_type时，需要相应的属性约束配置块（例如string_attribute_constraints或number_attribute_contraints）以防止重新利用Terraform资源。此要求对于标准（例如名称，电子邮件）和自定义而言均适用模式属性。”

如果我正确理解了这一点，那么我也需要列出架构中的所有标准属性，以便添加string_attribute_contraints。

  resource "aws_cognito_user_pool" "pool" {
  count = "${var.user_pool_count}"
  name  = "${lookup(var.user_pool[count.index], "name")}"

  username_attributes      = ["email"]
  auto_verified_attributes = ["email"]

  schema = [
    {
      name                = "address"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "birthdate"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "email"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "family_name"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "gender"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "given_name"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "locale"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "middle_name"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "name"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "nickname"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "phone_number"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "picture"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "preferred_username"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "profile"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "zoneinfo"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "updated_at"
      attribute_data_type = "Number"

      number_attribute_constraints = {
        min_value = 1
      }
    },
    {
      name                = "website"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
  ]
}

With the above example, even though I have not added any custom attributes yet, it recreates the user pool on every run.

EDIT - Added gist link to Terraform plan as it would put me over the Stackoverflow character limit.
https://gist.github.com/mehstg/6bf22a35254a168c14b98af57f86ed85

Answer 1

plan output表明您的大多数架构属性都缺少在池中的架构属性上设置的max_length约束：

      schema.1286155211.attribute_data_type:                       "" => "String" (forces new resource)
      schema.1286155211.developer_only_attribute:                  "" => ""
      schema.1286155211.mutable:                                   "" => ""
      schema.1286155211.name:                                      "" => "locale" (forces new resource)
      schema.1286155211.number_attribute_constraints.#:            "" => "0"
      schema.1286155211.required:                                  "" => ""
      schema.1286155211.string_attribute_constraints.#:            "" => "1" (forces new resource)
      schema.1286155211.string_attribute_constraints.0.max_length: "" => ""
      schema.1286155211.string_attribute_constraints.0.min_length: "" => "1" (forces new resource)
...
      schema.3812649078.developer_only_attribute:                  "false" => "false"
      schema.3812649078.mutable:                                   "false" => "false"
      schema.3812649078.name:                                      "locale" => "" (forces new resource)
      schema.3812649078.number_attribute_constraints.#:            "0" => "0"
      schema.3812649078.required:                                  "false" => "false"
      schema.3812649078.string_attribute_constraints.#:            "1" => "0" (forces new resource)
      schema.3812649078.string_attribute_constraints.0.max_length: "2048" => "" (forces new resource)
      schema.3812649078.string_attribute_constraints.0.min_length: "1" => "" (forces new resource)

Terraform正在检测此漂移，并尝试更改用户池以匹配您的配置。不幸的是，用户池架构属性是不可变的，因此Terraform被迫破坏整个用户池并创建一个新的用户池。

添加缺少的约束应该可以解决此问题。

resource "aws_cognito_user_pool" "pool" {
  count = "${var.user_pool_count}"
  name  = "${lookup(var.user_pool[count.index], "name")}"

  username_attributes      = ["email"]
  auto_verified_attributes = ["email"]

  schema = [
    # ...
    {
      name                = "locale"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    # ...
  ]
}

每次应用都会重新创建Terraform Cognito用户池

1 个答案: