Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v3.54.0_x5 plugin crashed on creating aws_cloudfront_origin_request_policy #20589

Closed
twiden opened this issue Aug 17, 2021 · 7 comments · Fixed by #12509
Closed

v3.54.0_x5 plugin crashed on creating aws_cloudfront_origin_request_policy #20589

twiden opened this issue Aug 17, 2021 · 7 comments · Fixed by #12509
Labels
bug Addresses a defect in current functionality. crash Results from or addresses a Terraform crash or kernel panic. service/cloudfront Issues and PRs that pertain to the cloudfront service.
Milestone
v3.65.0

Comments

@twiden
Copy link

twiden commented Aug 17, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.0.4 on linux_amd64
provider registry.terraform.io/hashicorp/aws v3.54.0

Affected Resource(s)

  • aws_cloudfront_cache_policy
  • aws_cloudfront_origin_request_policy

Terraform Configuration Files

variable "comment" {
  default = "terraform-test-foobar-com-cdn"
}
provider "aws" {
  region  = "us-east-1"
}

locals {
  aws_cloudfront_policies = {
    "default" = {
      origin_request_policy = {
        cookie_behavior = "whitelist",
        cookies         = [],
        header_behavior = "whitelist",
        headers         = []
      },
      cache_policy = {
        default_ttl     = 86400,
        max_ttl         = 31536000,
        min_ttl         = 0,
        cookie_behavior = "whitelist"
        cookies = [
          "foo",
        ],
        header_behavior = "whitelist"
        headers = [
          "bar"
        ]
      }
    },
  }
}

resource "aws_cloudfront_origin_request_policy" "origin_request_policy" {
  for_each = local.aws_cloudfront_policies
  name     = "${var.comment}-${index(keys(local.aws_cloudfront_policies), each.key)}-origin-request-policy"
  comment  = var.comment
  cookies_config {
    cookie_behavior = each.value.origin_request_policy.cookie_behavior
    dynamic "cookies" {
        for_each = can(each.value.origin_request_policy.cookies) ? [1] : []
        content {
          items = each.value.origin_request_policy.cookies
        }
      }
  }
  headers_config {
    header_behavior = each.value.cache_policy.header_behavior
    dynamic "headers" {
      for_each = can(each.value.origin_request_policy.headers) ? [1] : []
      content {
        items = each.value.origin_request_policy.headers
      }
    }
  }
  query_strings_config {
    query_string_behavior = "all"
  }
}

resource "aws_cloudfront_cache_policy" "cache_policy" {
  for_each    = local.aws_cloudfront_policies
  name        = "${var.comment}-${index(keys(local.aws_cloudfront_policies), each.key)}-cache-policy"
  comment     = var.comment
  default_ttl = each.value.cache_policy.default_ttl
  max_ttl     = each.value.cache_policy.max_ttl
  min_ttl     = each.value.cache_policy.min_ttl
  parameters_in_cache_key_and_forwarded_to_origin {
    cookies_config {
      cookie_behavior = each.value.cache_policy.cookie_behavior
      dynamic "cookies" {
        for_each = can(each.value.cache_policy.cookies) ? [1] : []
        content {
          items = each.value.cache_policy.cookies
        }
      }
    }
    headers_config {
      header_behavior = each.value.cache_policy.header_behavior
      dynamic "headers" {
        for_each = can(each.value.cache_policy.headers) ? [1] : []
        content {
          items = each.value.cache_policy.headers
        }
      }
    }
    query_strings_config {
      query_string_behavior = "all"
    }
  }
}

Debug Output

https://gist.github.com/twiden/56ede08ad08bad55988e7537ac236fca

Panic Output

Expected Behavior

Two resources should be created:
1 aws_cloudfront_origin_request_policy
1 aws_cloudfront_cache_policy

Actual Behavior

Plugin crashes

Steps to Reproduce

  1. terraform apply -auto-approve

Important Factoids

References

  • #0000
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/cloudfront Issues and PRs that pertain to the cloudfront service. labels Aug 17, 2021
@ewbankkit ewbankkit added bug Addresses a defect in current functionality. crash Results from or addresses a Terraform crash or kernel panic. and removed needs-triage Waiting for first response or review from a maintainer. labels Aug 20, 2021
@ewbankkit
Copy link
Contributor 

Stack trace from the terraform-provider-aws_v3.54.0_x5 plugin:

panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 90 [running]:
github.com/terraform-providers/terraform-provider-aws/aws.expandCloudFrontOriginRequestPolicyCookiesConfig(0xc000f6a480, 0x73b034a)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-aws/aws/cloudfront_origin_request_policy_structure.go:36 +0x1e5
github.com/terraform-providers/terraform-provider-aws/aws.expandCloudFrontOriginRequestPolicyConfig(0xc000f20400, 0xc002143718)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-aws/aws/cloudfront_origin_request_policy_structure.go:114 +0x179
github.com/terraform-providers/terraform-provider-aws/aws.resourceAwsCloudFrontOriginRequestPolicyCreate(0xc000f20400, 0x6558a80, 0xc000816000, 0x1, 0xffffffffffffffff)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-aws/aws/resource_aws_cloudfront_origin_request_policy.go:130 +0x55
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0xc00094ca80, 0x7f3e5e8, 0xc001890200, 0xc000f20400, 0x6558a80, 0xc000816000, 0x0, 0x0, 0x0)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/gdavison/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:318 +0x1ee
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc00094ca80, 0x7f3e5e8, 0xc001890200, 0xc0007f1420, 0xc000de15e0, 0x6558a80, 0xc000816000, 0x0, 0x0, 0x0, ...)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/gdavison/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:456 +0x67b
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc000304e70, 0x7f3e5e8, 0xc001890200, 0xc0014e92c0, 0xc001890200, 0x7183ae0, 0xc000e9d400)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/gdavison/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:955 +0x8ef
github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(*server).ApplyResourceChange(0xc002165b00, 0x7f3e690, 0xc001890200, 0xc0007f1180, 0xc002165b00, 0xc000e9d470, 0xc0021b7ba0)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/[email protected]/tfprotov5/server/server.go:332 +0xb5
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x7183ae0, 0xc002165b00, 0x7f3e690, 0xc000e9d470, 0xc0025038c0, 0x0, 0x7f3e690, 0xc000e9d470, 0xc000f1e000, 0x2a2)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:380 +0x214
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000331c00, 0x7f60758, 0xc0016d8180, 0xc0021ca100, 0xc0005d18c0, 0xb831380, 0x0, 0x0, 0x0)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/google.golang.org/[email protected]/server.go:1194 +0x52b
google.golang.org/grpc.(*Server).handleStream(0xc000331c00, 0x7f60758, 0xc0016d8180, 0xc0021ca100, 0x0)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/google.golang.org/[email protected]/server.go:1517 +0xd0c
google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000f02860, 0xc000331c00, 0x7f60758, 0xc0016d8180, 0xc0021ca100)
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/google.golang.org/[email protected]/server.go:859 +0xab
created by google.golang.org/grpc.(*Server).serveStreams.func1
	/opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/google.golang.org/[email protected]/server.go:857 +0x1fd

Error: The terraform-provider-aws_v3.54.0_x5 plugin crashed!

@ewbankkit ewbankkit mentioned this issue Aug 20, 2021
Closed
@twiden
Copy link
Author

twiden commented Aug 24, 2021

I've come up with a smaller example that produces the same result and a conclusion about what the issue might be.

This resource defintion:

resource "aws_cloudfront_origin_request_policy" "origin_request_policy" {
  comment = "example-comment"
  name    = "example-name"
  cookies_config {
    cookie_behavior = "whitelist"
    cookies {
      items = []
    }
  }
  headers_config {
    header_behavior = "whitelist"
    headers {
      items = []
    }
  }
  query_strings_config {
    query_string_behavior = "all"
  }
}

Produces this plan

Terraform will perform the following actions:

  # aws_cloudfront_origin_request_policy.origin_request_policy will be created
  + resource "aws_cloudfront_origin_request_policy" "origin_request_policy" {
      + comment = "example-comment"
      + etag    = (known after apply)
      + id      = (known after apply)
      + name    = "example-name"

      + cookies_config {
          + cookie_behavior = "whitelist"

          + cookies {}
        }

      + headers_config {
          + header_behavior = "whitelist"

          + headers {}
        }

      + query_strings_config {
          + query_string_behavior = "all"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

As you can see the headers and cookies blocks are empty brackets. They should be maps containing an empty list of items.

      + cookies_config {
          + cookie_behavior = "whitelist"

          + cookies {
               items = []
             }
        }

      + headers_config {
          + header_behavior = "whitelist"

          + headers {
               items = []
             }
        }

@Tarasovych
Copy link

Same issue with terraform-provider-aws_v3.57.0_x5

@ewbankkit ewbankkit mentioned this issue Sep 10, 2021
Closed
@Lauan
Copy link

Lauan commented Sep 10, 2021

Hey, just to centralize info on this thread, It's still an issue with version 3.58.0.
I did similar tests here and reached the same conclusions as @twiden . It seems the problem is bound to the dynamic block behavior for the nested blocks (headers, cookies and query_strings) when the list of items is empty.

@mercuriete
Copy link

mercuriete commented Sep 23, 2021
edited
Loading

same issue with: terraform-provider-aws_v3.59.0_x5

a whitelist with empty items crashes the plugin but...

what I really wanted to do is:
cookie_behavior = "none"

the following example works fine:

resource "aws_cloudfront_origin_request_policy" "only-host-header" {
  name    = "${local.name_prefix}-only-host-policy"
  cookies_config {
    cookie_behavior = "none"
  }
  headers_config {
    header_behavior = "whitelist"
    headers {
      items = ["Host"]
    }
  }
  query_strings_config {
    query_string_behavior = "none"
  }
}

This is for a web page frontend deployed on EKS that already have an HTTPS domain and loadbalancer that needed Host Header to access properly to the webpage and then cloudfront on top for caching assets.
https://aws.amazon.com/es/premiumsupport/knowledge-center/configure-cloudfront-to-forward-headers/

@ewbankkit ewbankkit mentioned this issue Nov 10, 2021
Merged
@github-actions github-actions bot added this to the v3.65.0 milestone Nov 10, 2021
@github-actions
Copy link

This functionality has been released in v3.65.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@masterqwerty masterqwerty mentioned this issue Nov 19, 2021
Closed
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. crash Results from or addresses a Terraform crash or kernel panic. service/cloudfront Issues and PRs that pertain to the cloudfront service.
Projects
None yet
Milestone
v3.65.0
Development

Successfully merging a pull request may close this issue.

r/aws_cloudfront_field_level_encryption_profile - new resource DrFaust92/terraform-provider-aws
5 participants
@ewbankkit @twiden @mercuriete @Lauan @Tarasovych