Merge pull request #5367 from terraform-providers/b-elbv2-unsafe-dere…

…ferences elbv2: Prevent panics from unsafe * nil dereferences
hashicorp · Jul 27, 2018 · c449117 · c449117
2 parents 105b748 + cd39d3b
commit c449117
Show file tree

Hide file tree

Showing 15 changed files with 141 additions and 173 deletions.
diff --git a/aws/data_source_aws_lb.go b/aws/data_source_aws_lb.go
@@ -6,7 +6,6 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/elbv2"
-	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -140,12 +139,12 @@ func dataSourceAwsLbRead(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG] Reading Load Balancer: %s", describeLbOpts)
 	describeResp, err := elbconn.DescribeLoadBalancers(describeLbOpts)
 	if err != nil {
-		return errwrap.Wrapf("Error retrieving LB: {{err}}", err)
+		return fmt.Errorf("Error retrieving LB: %s", err)
 	}
 	if len(describeResp.LoadBalancers) != 1 {
 		return fmt.Errorf("Search returned %d results, please revise so only one is returned", len(describeResp.LoadBalancers))
 	}
-	d.SetId(*describeResp.LoadBalancers[0].LoadBalancerArn)
+	d.SetId(aws.StringValue(describeResp.LoadBalancers[0].LoadBalancerArn))
 
 	return flattenAwsLbResource(d, meta, describeResp.LoadBalancers[0])
 }
diff --git a/aws/data_source_aws_lb_target_group.go b/aws/data_source_aws_lb_target_group.go
@@ -6,7 +6,6 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/elbv2"
-	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -147,14 +146,14 @@ func dataSourceAwsLbTargetGroupRead(d *schema.ResourceData, meta interface{}) er
 	log.Printf("[DEBUG] Reading Load Balancer Target Group: %s", describeTgOpts)
 	describeResp, err := elbconn.DescribeTargetGroups(describeTgOpts)
 	if err != nil {
-		return errwrap.Wrapf("Error retrieving LB Target Group: {{err}}", err)
+		return fmt.Errorf("Error retrieving LB Target Group: %s", err)
 	}
 	if len(describeResp.TargetGroups) != 1 {
 		return fmt.Errorf("Search returned %d results, please revise so only one is returned", len(describeResp.TargetGroups))
 	}
 
 	targetGroup := describeResp.TargetGroups[0]
 
-	d.SetId(*targetGroup.TargetGroupArn)
+	d.SetId(aws.StringValue(targetGroup.TargetGroupArn))
 	return flattenAwsLbTargetGroupResource(d, meta, targetGroup)
 }
diff --git a/aws/resource_aws_alb_target_group_test.go b/aws/resource_aws_alb_target_group_test.go
@@ -8,7 +8,6 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/elbv2"
-	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
@@ -495,10 +494,10 @@ func testAccCheckAWSALBTargetGroupDestroy(s *terraform.State) error {
 		}
 
 		// Verify the error
-		if isTargetGroupNotFound(err) {
+		if isAWSErr(err, elbv2.ErrCodeTargetGroupNotFoundException, "") {
 			return nil
 		} else {
-			return errwrap.Wrapf("Unexpected error checking ALB destroyed: {{err}}", err)
+			return fmt.Errorf("Unexpected error checking ALB destroyed: %s", err)
 		}
 	}
 

diff --git a/aws/resource_aws_lb.go b/aws/resource_aws_lb.go
@@ -11,7 +11,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/elbv2"
-	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -264,15 +263,15 @@ func resourceAwsLbCreate(d *schema.ResourceData, meta interface{}) error {
 
 	resp, err := elbconn.CreateLoadBalancer(elbOpts)
 	if err != nil {
-		return errwrap.Wrapf("Error creating Application Load Balancer: {{err}}", err)
+		return fmt.Errorf("Error creating Application Load Balancer: %s", err)
 	}
 
 	if len(resp.LoadBalancers) != 1 {
 		return fmt.Errorf("No load balancers returned following creation of %s", d.Get("name").(string))
 	}
 
 	lb := resp.LoadBalancers[0]
-	d.SetId(*lb.LoadBalancerArn)
+	d.SetId(aws.StringValue(lb.LoadBalancerArn))
 	log.Printf("[INFO] LB ID: %s", d.Id())
 
 	stateConf := &resource.StateChangeConf{
@@ -287,13 +286,13 @@ func resourceAwsLbCreate(d *schema.ResourceData, meta interface{}) error {
 			}
 
 			if len(describeResp.LoadBalancers) != 1 {
-				return nil, "", fmt.Errorf("No load balancers returned for %s", *lb.LoadBalancerArn)
+				return nil, "", fmt.Errorf("No load balancers returned for %s", aws.StringValue(lb.LoadBalancerArn))
 			}
 			dLb := describeResp.LoadBalancers[0]
 
-			log.Printf("[INFO] LB state: %s", *dLb.State.Code)
+			log.Printf("[INFO] LB state: %s", aws.StringValue(dLb.State.Code))
 
-			return describeResp, *dLb.State.Code, nil
+			return describeResp, aws.StringValue(dLb.State.Code), nil
 		},
 		Timeout:    d.Timeout(schema.TimeoutCreate),
 		MinTimeout: 10 * time.Second,
@@ -324,7 +323,7 @@ func resourceAwsLbRead(d *schema.ResourceData, meta interface{}) error {
 			return nil
 		}
 
-		return errwrap.Wrapf("Error retrieving ALB: {{err}}", err)
+		return fmt.Errorf("Error retrieving ALB: %s", err)
 	}
 	if len(describeResp.LoadBalancers) != 1 {
 		return fmt.Errorf("Unable to find ALB: %#v", describeResp.LoadBalancers)
@@ -338,7 +337,7 @@ func resourceAwsLbUpdate(d *schema.ResourceData, meta interface{}) error {
 
 	if !d.IsNewResource() {
 		if err := setElbV2Tags(elbconn, d); err != nil {
-			return errwrap.Wrapf("Error Modifying Tags on ALB: {{err}}", err)
+			return fmt.Errorf("Error Modifying Tags on ALB: %s", err)
 		}
 	}
 
@@ -474,9 +473,9 @@ func resourceAwsLbUpdate(d *schema.ResourceData, meta interface{}) error {
 			}
 			dLb := describeResp.LoadBalancers[0]
 
-			log.Printf("[INFO] LB state: %s", *dLb.State.Code)
+			log.Printf("[INFO] LB state: %s", aws.StringValue(dLb.State.Code))
 
-			return describeResp, *dLb.State.Code, nil
+			return describeResp, aws.StringValue(dLb.State.Code), nil
 		},
 		Timeout:    d.Timeout(schema.TimeoutUpdate),
 		MinTimeout: 10 * time.Second,
@@ -623,7 +622,7 @@ func getLbNameFromArn(arn string) (string, error) {
 func flattenSubnetsFromAvailabilityZones(availabilityZones []*elbv2.AvailabilityZone) []string {
 	var result []string
 	for _, az := range availabilityZones {
-		result = append(result, *az.SubnetId)
+		result = append(result, aws.StringValue(az.SubnetId))
 	}
 	return result
 }
@@ -633,10 +632,10 @@ func flattenSubnetMappingsFromAvailabilityZones(availabilityZones []*elbv2.Avail
 	for _, availabilityZone := range availabilityZones {
 		for _, loadBalancerAddress := range availabilityZone.LoadBalancerAddresses {
 			m := make(map[string]interface{}, 0)
-			m["subnet_id"] = *availabilityZone.SubnetId
+			m["subnet_id"] = aws.StringValue(availabilityZone.SubnetId)
 
 			if loadBalancerAddress.AllocationId != nil {
-				m["allocation_id"] = *loadBalancerAddress.AllocationId
+				m["allocation_id"] = aws.StringValue(loadBalancerAddress.AllocationId)
 			}
 
 			l = append(l, m)
@@ -666,7 +665,7 @@ func flattenAwsLbResource(d *schema.ResourceData, meta interface{}, lb *elbv2.Lo
 	d.Set("arn", lb.LoadBalancerArn)
 	d.Set("arn_suffix", lbSuffixFromARN(lb.LoadBalancerArn))
 	d.Set("name", lb.LoadBalancerName)
-	d.Set("internal", (lb.Scheme != nil && *lb.Scheme == "internal"))
+	d.Set("internal", (lb.Scheme != nil && aws.StringValue(lb.Scheme) == "internal"))
 	d.Set("security_groups", flattenStringList(lb.SecurityGroups))
 	d.Set("vpc_id", lb.VpcId)
 	d.Set("zone_id", lb.CanonicalHostedZoneId)
@@ -686,7 +685,7 @@ func flattenAwsLbResource(d *schema.ResourceData, meta interface{}, lb *elbv2.Lo
 		ResourceArns: []*string{lb.LoadBalancerArn},
 	})
 	if err != nil {
-		return errwrap.Wrapf("Error retrieving LB Tags: {{err}}", err)
+		return fmt.Errorf("Error retrieving LB Tags: %s", err)
 	}
 
 	var et []*elbv2.Tag
@@ -702,35 +701,35 @@ func flattenAwsLbResource(d *schema.ResourceData, meta interface{}, lb *elbv2.Lo
 		LoadBalancerArn: aws.String(d.Id()),
 	})
 	if err != nil {
-		return errwrap.Wrapf("Error retrieving LB Attributes: {{err}}", err)
+		return fmt.Errorf("Error retrieving LB Attributes: %s", err)
 	}
 
 	accessLogMap := map[string]interface{}{}
 	for _, attr := range attributesResp.Attributes {
-		switch *attr.Key {
+		switch aws.StringValue(attr.Key) {
 		case "access_logs.s3.enabled":
 			accessLogMap["enabled"] = aws.StringValue(attr.Value) == "true"
 		case "access_logs.s3.bucket":
 			accessLogMap["bucket"] = aws.StringValue(attr.Value)
 		case "access_logs.s3.prefix":
 			accessLogMap["prefix"] = aws.StringValue(attr.Value)
 		case "idle_timeout.timeout_seconds":
-			timeout, err := strconv.Atoi(*attr.Value)
+			timeout, err := strconv.Atoi(aws.StringValue(attr.Value))
 			if err != nil {
-				return errwrap.Wrapf("Error parsing ALB timeout: {{err}}", err)
+				return fmt.Errorf("Error parsing ALB timeout: %s", err)
 			}
 			log.Printf("[DEBUG] Setting ALB Timeout Seconds: %d", timeout)
 			d.Set("idle_timeout", timeout)
 		case "deletion_protection.enabled":
-			protectionEnabled := (*attr.Value) == "true"
+			protectionEnabled := aws.StringValue(attr.Value) == "true"
 			log.Printf("[DEBUG] Setting LB Deletion Protection Enabled: %t", protectionEnabled)
 			d.Set("enable_deletion_protection", protectionEnabled)
 		case "routing.http2.enabled":
-			http2Enabled := (*attr.Value) == "true"
+			http2Enabled := aws.StringValue(attr.Value) == "true"
 			log.Printf("[DEBUG] Setting ALB HTTP/2 Enabled: %t", http2Enabled)
 			d.Set("enable_http2", http2Enabled)
 		case "load_balancing.cross_zone.enabled":
-			crossZoneLbEnabled := (*attr.Value) == "true"
+			crossZoneLbEnabled := aws.StringValue(attr.Value) == "true"
 			log.Printf("[DEBUG] Setting NLB Cross Zone Load Balancing Enabled: %t", crossZoneLbEnabled)
 			d.Set("enable_cross_zone_load_balancing", crossZoneLbEnabled)
 		}

diff --git a/aws/resource_aws_lb_listener.go b/aws/resource_aws_lb_listener.go
@@ -9,7 +9,6 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/elbv2"
-	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
@@ -50,7 +49,11 @@ func resourceAwsLbListener() *schema.Resource {
 				StateFunc: func(v interface{}) string {
 					return strings.ToUpper(v.(string))
 				},
-				ValidateFunc: validateLbListenerProtocol(),
+				ValidateFunc: validation.StringInSlice([]string{
+					elbv2.ProtocolEnumHttp,
+					elbv2.ProtocolEnumHttps,
+					elbv2.ProtocolEnumTcp,
+				}, true),
 			},
 
 			"ssl_policy": {
@@ -74,9 +77,11 @@ func resourceAwsLbListener() *schema.Resource {
 							Required: true,
 						},
 						"type": {
-							Type:         schema.TypeString,
-							Required:     true,
-							ValidateFunc: validateLbListenerActionType(),
+							Type:     schema.TypeString,
+							Required: true,
+							ValidateFunc: validation.StringInSlice([]string{
+								elbv2.ActionTypeEnumForward,
+							}, true),
 						},
 					},
 				},
@@ -136,7 +141,7 @@ func resourceAwsLbListenerCreate(d *schema.ResourceData, meta interface{}) error
 	})
 
 	if err != nil {
-		return errwrap.Wrapf("Error creating LB Listener: {{err}}", err)
+		return fmt.Errorf("Error creating LB Listener: %s", err)
 	}
 
 	if len(resp.Listeners) == 0 {
@@ -160,7 +165,7 @@ func resourceAwsLbListenerRead(d *schema.ResourceData, meta interface{}) error {
 			d.SetId("")
 			return nil
 		}
-		return errwrap.Wrapf("Error retrieving Listener: {{err}}", err)
+		return fmt.Errorf("Error retrieving Listener: %s", err)
 	}
 
 	if len(resp.Listeners) != 1 {
@@ -175,16 +180,16 @@ func resourceAwsLbListenerRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("protocol", listener.Protocol)
 	d.Set("ssl_policy", listener.SslPolicy)
 
-	if listener.Certificates != nil && len(listener.Certificates) == 1 {
+	if listener.Certificates != nil && len(listener.Certificates) == 1 && listener.Certificates[0] != nil {
 		d.Set("certificate_arn", listener.Certificates[0].CertificateArn)
 	}
 
 	defaultActions := make([]map[string]interface{}, 0)
 	if listener.DefaultActions != nil && len(listener.DefaultActions) > 0 {
 		for _, defaultAction := range listener.DefaultActions {
 			action := map[string]interface{}{
-				"target_group_arn": *defaultAction.TargetGroupArn,
-				"type":             *defaultAction.Type,
+				"target_group_arn": aws.StringValue(defaultAction.TargetGroupArn),
+				"type":             aws.StringValue(defaultAction.Type),
 			}
 			defaultActions = append(defaultActions, action)
 		}
@@ -238,7 +243,7 @@ func resourceAwsLbListenerUpdate(d *schema.ResourceData, meta interface{}) error
 		return nil
 	})
 	if err != nil {
-		return errwrap.Wrapf("Error modifying LB Listener: {{err}}", err)
+		return fmt.Errorf("Error modifying LB Listener: %s", err)
 	}
 
 	return resourceAwsLbListenerRead(d, meta)
@@ -251,22 +256,8 @@ func resourceAwsLbListenerDelete(d *schema.ResourceData, meta interface{}) error
 		ListenerArn: aws.String(d.Id()),
 	})
 	if err != nil {
-		return errwrap.Wrapf("Error deleting Listener: {{err}}", err)
+		return fmt.Errorf("Error deleting Listener: %s", err)
 	}
 
 	return nil
 }
-
-func validateLbListenerActionType() schema.SchemaValidateFunc {
-	return validation.StringInSlice([]string{
-		elbv2.ActionTypeEnumForward,
-	}, true)
-}
-
-func validateLbListenerProtocol() schema.SchemaValidateFunc {
-	return validation.StringInSlice([]string{
-		"http",
-		"https",
-		"tcp",
-	}, true)
-}
diff --git a/aws/resource_aws_lb_listener_certificate.go b/aws/resource_aws_lb_listener_certificate.go
@@ -6,10 +6,9 @@ import (
 	"log"
 	"time"
 
-	"github.com/hashicorp/terraform/helper/resource"
-
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/elbv2"
+	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -141,11 +140,11 @@ func findAwsLbListenerCertificate(certificateArn, listenerArn string, skipDefaul
 	}
 
 	for _, cert := range resp.Certificates {
-		if skipDefault && *cert.IsDefault {
+		if skipDefault && aws.BoolValue(cert.IsDefault) {
 			continue
 		}
 
-		if *cert.CertificateArn == certificateArn {
+		if aws.StringValue(cert.CertificateArn) == certificateArn {
 			return cert, nil
 		}
 	}

diff --git a/aws/resource_aws_lb_listener_certificate_test.go b/aws/resource_aws_lb_listener_certificate_test.go
@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/elbv2"
 	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
@@ -111,19 +110,19 @@ func testAccCheckAwsLbListenerCertificateDestroy(s *terraform.State) error {
 
 		resp, err := conn.DescribeListenerCertificates(input)
 		if err != nil {
-			if wserr, ok := err.(awserr.Error); ok && wserr.Code() == "ListenerNotFound" {
+			if isAWSErr(err, elbv2.ErrCodeListenerNotFoundException, "") {
 				return nil
 			}
 			return err
 		}
 
 		for _, cert := range resp.Certificates {
 			// We only care about additional certificates.
-			if *cert.IsDefault {
+			if aws.BoolValue(cert.IsDefault) {
 				continue
 			}
 
-			if *cert.CertificateArn == rs.Primary.Attributes["certificate_arn"] {
+			if aws.StringValue(cert.CertificateArn) == rs.Primary.Attributes["certificate_arn"] {
 				return errors.New("LB listener certificate not destroyed")
 			}
 		}