[Bug]: aws_ssoadmin_application Provider returned invalid result object after apply following resource import

[magreenbaum]

Terraform Core Version

1.5.7

AWS Provider Version

5.31.0

Affected Resource(s)

aws_ssoadmin_application

Expected Behavior

Successful terraform apply without error.

Actual Behavior

Following an import of the resource aws_ssoadmin_application, terraform plan shows addition of application_account attribute. Applying this results in an error that the provider returned invalid result object after apply.

  # module.example.aws_ssoadmin_application.this will be updated in-place
  ~ resource "aws_ssoadmin_application" "this" {
      + application_account      = (known after apply)
        id                       = "arn:aws:sso::<id>:application/ssoins-<id>/apl-<id>"
        name                     = "Example"
      + tags                     = {}
        # (6 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Relevant Error/Panic Output Snippet

╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for module.example.aws_ssoadmin_application.this.application_account. All values must be known after apply, so this is always a bug in the provider and should be
│ reported in the provider's own repository. Terraform will still save the other known object values in the state.
╵

Terraform Configuration Files

resource "aws_ssoadmin_application" "this" {
  application_provider_arn = "arn:aws:sso::aws:applicationProvider/catalog/AmazonQuickSight"
  instance_arn             = var.instance_arn
  name                     = var.name
  description              = var.description

  portal_options {
    sign_in_options {
      application_url = var.application_url
      origin          = "IDENTITY_CENTER"
    }
  }
  tags = var.tags
}

Steps to Reproduce

Import an existing ssoadmin application. Run terraform apply to apply the application_account showing known after apply.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[cdeneen-adelaide]

I believe this actually because of this bug. #34813

Basically you can't use the API to create custom SAML apps but Terraform allows you to import them. If you attempt to modify the resource it will fail. It either fails validation on the name or it tries to add a new property "application_account" that isn't possible.