awscc_sso_assignments data source fails terraform plan unconditionally

[yanilov]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Terraform v1.9.6
on darwin_arm64

• provider registry.terraform.io/hashicorp/awscc v1.16.1

Affected Resource(s)

• awscc_sso_assignments

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

terraform {
  required_providers {
    awscc = {
      source  = "hashicorp/awscc"
      version = "~> 1.16"
    }
  }
  required_version = "~> 1.2"
}

variable "region" {
  type = string
}

provider "awscc" {
  region = var.region
}

data "awscc_sso_assignments" "main" {}

Expected Behavior

terraform plan is able to get the list of assignments and populate the data source.

Actual Behavior

plan fails due to missing required properties:

data.awscc_sso_assignments.main: Reading...

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: AWS SDK Go Service Operation Unsuccessful
│
│   with data.awscc_sso_assignments.main,
│   on main.tf line 32, in data "awscc_sso_assignments" "main":
│   32: data "awscc_sso_assignments" "main" {}
│
│ Calling CloudControl service ListResources operation returned: operation error CloudControl: ListResources, https response error StatusCode: 400, RequestID: ce3eb622-4df2-4737-8f6a-a5c3bf678250, InvalidRequestException: Missing Or
│ Invalid ResourceModel property in AWS::SSO::Assignment list handler request input. Required property: [InstanceArn, PermissionSetArn, PrincipalId, PrincipalType, TargetId, TargetType]

Steps to Reproduce

1. run aws sso login and log into the organization's management account
2. run tf plan -var region=<REGION> , specifying the region in which the SSO instance is deployed, e.g. tf plan -var region=us-east-1

[quixoticmonk]

Thank you for opening the issue @yanilov . Opening an internal service ticket to review the schema as the list-resources using CC API returns a similar message.

aws cloudcontrol list-resources --type-name AWS::SSO::Assignment

An error occurred (InvalidRequestException) when calling the ListResources operation: 
Missing Or Invalid ResourceModel property in AWS::SSO::Assignment 
list handler request input. 
Required property: [InstanceArn, PermissionSetArn, 
PrincipalId, PrincipalType, TargetId, TargetType]