aws_rds_cluster_role_association should allow empty feature_name argumentΒ #539
Description
Description
It is not possible to create a role association with and empty feature_name argument because the map key is always used as fallback:
terraform-aws-rds-aurora/main.tf
Line 261 in 2c3946c
While feature_name is a required input of aws_rds_cluster_role_association, setting it to an empty string or null is valid, because this parameter is only used for Aurora PostgreSQL. Example from AWS docs:
aws rds add-role-to-db-cluster \
--db-cluster-identifier my-db-cluster \
--feature-name s3Import \
--role-arn your-role-arn \
--region your-region
For Aurora MySQL, role associations can have a feature_name, but there are also cases where they should not have any. Example from AWS docs:
aws rds add-role-to-db-cluster --db-cluster-identifier my-cluster --role-arn arn:aws:iam::123456789012:role/AllowAuroraS3Role
aws rds add-role-to-db-cluster --db-cluster-identifier my-cluster --role-arn arn:aws:iam::123456789012:role/AllowAuroraLambdaRole
The use of coalesce makes it impossible to not set a feature_name.
- [x ] β I have searched the open/closed issues and my issue is not listed.
Versions
- Module version: v10.2.0
- Terraform version: OpenTofu v1.11.2
- Provider version(s): aws v6.28.0
Reproduction Code [Required]
module "aurora" {
[...]
role_associations = {
my_role_without_feature_name = {
role_arn = "role-arn arn:aws:iam::123456789012:role/AllowAuroraLambdaRole"
feature_name = ""
}
}
Expected behavior
Role association is created with feature_name = "".
Actual behavior
Apply fails because role association cannot be created. Reason is that my_role_without_feature_name is used as feature_name, which is not a valid input.
Additional context
I personally would prefer, if the default for feature_name is null or "", but being able to at least explicitly overwrite the default with null or "" is a requirement.