Skip to content

fix: suppress perpetual diff for cloudwatch_logging_options when disabled#47474

Open
yosofbadr wants to merge 2 commits intohashicorp:mainfrom
yosofbadr:fix/firehose-cloudwatch-diff
Open

fix: suppress perpetual diff for cloudwatch_logging_options when disabled#47474
yosofbadr wants to merge 2 commits intohashicorp:mainfrom
yosofbadr:fix/firehose-cloudwatch-diff

Conversation

@yosofbadr
Copy link
Copy Markdown
Contributor

@yosofbadr yosofbadr commented Apr 15, 2026
edited
Loading

Summary

Fixes #40446

When cloudwatch_logging_options.enabled is false on an aws_kinesis_firehose_delivery_stream, the AWS API returns empty strings for log_group_name and log_stream_name. If the user specifies values for these fields in their configuration (which is common -- they may toggle logging on/off via a variable), Terraform detects a diff on every plan and continually reapplies the same settings.

This PR adds a DiffSuppressFunc to both log_group_name and log_stream_name within the cloudwatch_logging_options schema. When the sibling enabled field is false, diffs on these fields are suppressed. This follows the same pattern used in the Athena workgroup resource (diffSuppressWorkGroupConfigurationMonitoringCloudWatchLogging).

The fix applies to all destination types that use cloudwatch_logging_options (Elasticsearch, Extended S3, HTTP Endpoint, Iceberg, OpenSearch, OpenSearch Serverless, Redshift, Snowflake, Splunk) since they all share the same cloudWatchLoggingOptionsSchema() function.

Changes

  • internal/service/firehose/delivery_stream.go: Added diffSuppressCloudWatchLoggingOptionsDisabled function and wired it as DiffSuppressFunc on log_group_name and log_stream_name fields.

Test plan

  • Verify go build ./internal/service/firehose/ passes
  • Verify go vet ./internal/service/firehose/ passes
  • Create a Firehose delivery stream with cloudwatch_logging_options where enabled = false and log_group_name/log_stream_name are set
  • Run terraform plan and confirm no diff is detected
  • Toggle enabled = true, apply, then set enabled = false again and confirm no perpetual diff
  • Run existing acceptance tests: go test ./internal/service/firehose/ -run TestAcc

@yosofbadr
fix: suppress diff for cloudwatch_logging_options when disabled
1ab0c29 
When cloudwatch_logging_options.enabled is false, the AWS API returns
empty strings for log_group_name and log_stream_name. This causes a
perpetual diff when users specify these values in their configuration
but set enabled to false.

Add a DiffSuppressFunc to both log_group_name and log_stream_name
fields that suppresses the diff when the sibling enabled field is
false, following the same pattern used in the Athena workgroup
resource for its cloud_watch_logging_configuration.

Fixes hashicorp#40446
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 15, 2026

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions Bot added needs-triage Waiting for first response or review from a maintainer. service/firehose Issues and PRs that pertain to the firehose service. size/XS Managed by automation to categorize the size of a PR. labels Apr 15, 2026
@yosofbadr yosofbadr marked this pull request as ready for review April 15, 2026 20:21
@yosofbadr yosofbadr requested a review from a team as a code owner April 15, 2026 20:21
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 15, 2026
edited
Loading

✅ Thank you for correcting the previously detected issues! The maintainers appreciate your efforts to make the review process as smooth as possible.

@dosubot dosubot Bot added the bug Addresses a defect in current functionality. label Apr 15, 2026
@github-actions github-actions Bot added size/S Managed by automation to categorize the size of a PR. and removed size/XS Managed by automation to categorize the size of a PR. labels Apr 16, 2026
@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Addresses a defect in current functionality. service/firehose Issues and PRs that pertain to the firehose service. size/S Managed by automation to categorize the size of a PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: aws_kinesis_firehose_delivery_stream continually applies cloudwatch_logging_options

2 participants

@yosofbadr @justinretzolk