https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/msk_bootstrap_brokers
The example should read
data "aws_msk_bootstrap_brokers" "example" {
NOT: data "aws_msk_cluster" "example" {
All of the attribute descriptions that say "One or more DNS Names..." are false. I don't know what they return, but those attributes must allow for the fact that any of those lists can be empty; perhaps they return NULL in those cases, but that should be documented. Those lists should only be populated if the cluster actually supports that particular authentication method.
For serverless clusters, the only attributes that could have one or more entries would be bootstrap_brokers_sasl_iam , since that's the only type supported.
For provisioned clusters, any of them could be empty.
Furthermore:
bootstrap_brokers attribute implies that you will always get a list, without you having to specify what authentication system you want to use. This is definitely false for serverless clusters. At present, you get an empty string for serverless.bootstrap_brokers_sasl_iam attribute says it will return a list. In the case of MSK serverless, it returns a string. My guess is that all of these entries return a string with commas separating the values; that's not a "list" in terraform / HCL terms AFAIK. For example, we can't call sort(...) directly on it.And calling sort is required for the provisioned case -- the API will return the values in a randomized order which changes on every call. That means the data value is constantly changing, so will trigger spurious updates unless you sort the values. I think that's a minor bug in the data source code; I'd have it sort (and return real lists), though that will now have compatibility problems.
No response
None