每次申请时都会重新创建 Terraform Cognito 用户池
Terraform Cognito User Pool gets recreated on every apply
在 Terraform 中使用 'schema' 中的任何内容创建 aws_cognito_user_pool 会导致每次 Terraform 运行时重新创建用户池。我们想使用自定义属性,因此需要在架构中设置选项。
根据文档
"When defining an attribute_data_type of String or Number, the respective attribute constraints configuration block (e.g string_attribute_constraints or number_attribute_contraints) is required to prevent recreation of the Terraform resource. This requirement is true for both standard (e.g. name, email) and custom schema attributes."
如果我理解正确,我还需要列出架构中的所有标准属性,这样我就可以添加 string_attribute_contraints.
resource "aws_cognito_user_pool" "pool" {
count = "${var.user_pool_count}"
name = "${lookup(var.user_pool[count.index], "name")}"
username_attributes = ["email"]
auto_verified_attributes = ["email"]
schema = [
{
name = "address"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "birthdate"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "email"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "family_name"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "gender"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "given_name"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "locale"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "middle_name"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "name"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "nickname"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "phone_number"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "picture"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "preferred_username"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "profile"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "zoneinfo"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "updated_at"
attribute_data_type = "Number"
number_attribute_constraints = {
min_value = 1
}
},
{
name = "website"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
]
}
With the above example, even though I have not added any custom attributes yet, it recreates the user pool on every run.
EDIT - Added gist link to Terraform plan as it would put me over the Whosebug character limit.
https://gist.github.com/mehstg/6bf22a35254a168c14b98af57f86ed85
plan output 表明您的大部分架构属性缺少 max_length 约束,该约束是在池中的架构属性上设置的:
schema.1286155211.attribute_data_type: "" => "String" (forces new resource)
schema.1286155211.developer_only_attribute: "" => ""
schema.1286155211.mutable: "" => ""
schema.1286155211.name: "" => "locale" (forces new resource)
schema.1286155211.number_attribute_constraints.#: "" => "0"
schema.1286155211.required: "" => ""
schema.1286155211.string_attribute_constraints.#: "" => "1" (forces new resource)
schema.1286155211.string_attribute_constraints.0.max_length: "" => ""
schema.1286155211.string_attribute_constraints.0.min_length: "" => "1" (forces new resource)
...
schema.3812649078.developer_only_attribute: "false" => "false"
schema.3812649078.mutable: "false" => "false"
schema.3812649078.name: "locale" => "" (forces new resource)
schema.3812649078.number_attribute_constraints.#: "0" => "0"
schema.3812649078.required: "false" => "false"
schema.3812649078.string_attribute_constraints.#: "1" => "0" (forces new resource)
schema.3812649078.string_attribute_constraints.0.max_length: "2048" => "" (forces new resource)
schema.3812649078.string_attribute_constraints.0.min_length: "1" => "" (forces new resource)
Terraform 正在检测此偏差并尝试更改您的用户池以匹配您的配置。不幸的是,用户池模式属性是不可变的,因此 Terraform 被迫销毁整个用户池并创建一个新的。
添加缺失的约束应该可以解决这个问题。
resource "aws_cognito_user_pool" "pool" {
count = var.user_pool_count
name = var.user_pool[count.index]["name"]
username_attributes = ["email"]
auto_verified_attributes = ["email"]
schema = [
# ...
{
name = "locale"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
max_length = 1
}
},
# ...
]
}
在 Terraform 中使用 'schema' 中的任何内容创建 aws_cognito_user_pool 会导致每次 Terraform 运行时重新创建用户池。我们想使用自定义属性,因此需要在架构中设置选项。
根据文档
"When defining an attribute_data_type of String or Number, the respective attribute constraints configuration block (e.g string_attribute_constraints or number_attribute_contraints) is required to prevent recreation of the Terraform resource. This requirement is true for both standard (e.g. name, email) and custom schema attributes."
如果我理解正确,我还需要列出架构中的所有标准属性,这样我就可以添加 string_attribute_contraints.
resource "aws_cognito_user_pool" "pool" {
count = "${var.user_pool_count}"
name = "${lookup(var.user_pool[count.index], "name")}"
username_attributes = ["email"]
auto_verified_attributes = ["email"]
schema = [
{
name = "address"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "birthdate"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "email"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "family_name"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "gender"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "given_name"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "locale"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "middle_name"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "name"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "nickname"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "phone_number"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "picture"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "preferred_username"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "profile"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "zoneinfo"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
{
name = "updated_at"
attribute_data_type = "Number"
number_attribute_constraints = {
min_value = 1
}
},
{
name = "website"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
}
},
]
}
With the above example, even though I have not added any custom attributes yet, it recreates the user pool on every run.
EDIT - Added gist link to Terraform plan as it would put me over the Whosebug character limit.
https://gist.github.com/mehstg/6bf22a35254a168c14b98af57f86ed85
plan output 表明您的大部分架构属性缺少 max_length 约束,该约束是在池中的架构属性上设置的:
schema.1286155211.attribute_data_type: "" => "String" (forces new resource)
schema.1286155211.developer_only_attribute: "" => ""
schema.1286155211.mutable: "" => ""
schema.1286155211.name: "" => "locale" (forces new resource)
schema.1286155211.number_attribute_constraints.#: "" => "0"
schema.1286155211.required: "" => ""
schema.1286155211.string_attribute_constraints.#: "" => "1" (forces new resource)
schema.1286155211.string_attribute_constraints.0.max_length: "" => ""
schema.1286155211.string_attribute_constraints.0.min_length: "" => "1" (forces new resource)
...
schema.3812649078.developer_only_attribute: "false" => "false"
schema.3812649078.mutable: "false" => "false"
schema.3812649078.name: "locale" => "" (forces new resource)
schema.3812649078.number_attribute_constraints.#: "0" => "0"
schema.3812649078.required: "false" => "false"
schema.3812649078.string_attribute_constraints.#: "1" => "0" (forces new resource)
schema.3812649078.string_attribute_constraints.0.max_length: "2048" => "" (forces new resource)
schema.3812649078.string_attribute_constraints.0.min_length: "1" => "" (forces new resource)
Terraform 正在检测此偏差并尝试更改您的用户池以匹配您的配置。不幸的是,用户池模式属性是不可变的,因此 Terraform 被迫销毁整个用户池并创建一个新的。
添加缺失的约束应该可以解决这个问题。
resource "aws_cognito_user_pool" "pool" {
count = var.user_pool_count
name = var.user_pool[count.index]["name"]
username_attributes = ["email"]
auto_verified_attributes = ["email"]
schema = [
# ...
{
name = "locale"
attribute_data_type = "String"
string_attribute_constraints = {
min_length = 1
max_length = 1
}
},
# ...
]
}