Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

elbv2: Prevent panics from unsafe * nil dereferences #5367

Merged
merged 2 commits into from
Jul 27, 2018
Merged

elbv2: Prevent panics from unsafe * nil dereferences #5367

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d2e38fd
elbv2: Prevent panics from unsafe dereferences
bflad Jul 27, 2018
cd39d3b
resource/aws_lb_listener_rule: Ensure priority conversion error inclu…
bflad Jul 27, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions aws/data_source_aws_lb.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/terraform/helper/schema"
)

Expand Down Expand Up @@ -140,12 +139,12 @@ func dataSourceAwsLbRead(d *schema.ResourceData, meta interface{}) error {
log.Printf("[DEBUG] Reading Load Balancer: %s", describeLbOpts)
describeResp, err := elbconn.DescribeLoadBalancers(describeLbOpts)
if err != nil {
return errwrap.Wrapf("Error retrieving LB: {{err}}", err)
return fmt.Errorf("Error retrieving LB: %s", err)
}
if len(describeResp.LoadBalancers) != 1 {
return fmt.Errorf("Search returned %d results, please revise so only one is returned", len(describeResp.LoadBalancers))
}
d.SetId(*describeResp.LoadBalancers[0].LoadBalancerArn)
d.SetId(aws.StringValue(describeResp.LoadBalancers[0].LoadBalancerArn))

return flattenAwsLbResource(d, meta, describeResp.LoadBalancers[0])
}
5 changes: 2 additions & 3 deletions aws/data_source_aws_lb_target_group.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/terraform/helper/schema"
)

Expand Down Expand Up @@ -147,14 +146,14 @@ func dataSourceAwsLbTargetGroupRead(d *schema.ResourceData, meta interface{}) er
log.Printf("[DEBUG] Reading Load Balancer Target Group: %s", describeTgOpts)
describeResp, err := elbconn.DescribeTargetGroups(describeTgOpts)
if err != nil {
return errwrap.Wrapf("Error retrieving LB Target Group: {{err}}", err)
return fmt.Errorf("Error retrieving LB Target Group: %s", err)
}
if len(describeResp.TargetGroups) != 1 {
return fmt.Errorf("Search returned %d results, please revise so only one is returned", len(describeResp.TargetGroups))
}

targetGroup := describeResp.TargetGroups[0]

d.SetId(*targetGroup.TargetGroupArn)
d.SetId(aws.StringValue(targetGroup.TargetGroupArn))
return flattenAwsLbTargetGroupResource(d, meta, targetGroup)
}
5 changes: 2 additions & 3 deletions aws/resource_aws_alb_target_group_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/terraform/helper/acctest"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
Expand Down Expand Up @@ -495,10 +494,10 @@ func testAccCheckAWSALBTargetGroupDestroy(s *terraform.State) error {
}

// Verify the error
if isTargetGroupNotFound(err) {
if isAWSErr(err, elbv2.ErrCodeTargetGroupNotFoundException, "") {
return nil
} else {
return errwrap.Wrapf("Unexpected error checking ALB destroyed: {{err}}", err)
return fmt.Errorf("Unexpected error checking ALB destroyed: %s", err)
}
}

Expand Down
43 changes: 21 additions & 22 deletions aws/resource_aws_lb.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
Expand Down Expand Up @@ -264,15 +263,15 @@ func resourceAwsLbCreate(d *schema.ResourceData, meta interface{}) error {

resp, err := elbconn.CreateLoadBalancer(elbOpts)
if err != nil {
return errwrap.Wrapf("Error creating Application Load Balancer: {{err}}", err)
return fmt.Errorf("Error creating Application Load Balancer: %s", err)
}

if len(resp.LoadBalancers) != 1 {
return fmt.Errorf("No load balancers returned following creation of %s", d.Get("name").(string))
}

lb := resp.LoadBalancers[0]
d.SetId(*lb.LoadBalancerArn)
d.SetId(aws.StringValue(lb.LoadBalancerArn))
log.Printf("[INFO] LB ID: %s", d.Id())

stateConf := &resource.StateChangeConf{
Expand All @@ -287,13 +286,13 @@ func resourceAwsLbCreate(d *schema.ResourceData, meta interface{}) error {
}

if len(describeResp.LoadBalancers) != 1 {
return nil, "", fmt.Errorf("No load balancers returned for %s", *lb.LoadBalancerArn)
return nil, "", fmt.Errorf("No load balancers returned for %s", aws.StringValue(lb.LoadBalancerArn))
}
dLb := describeResp.LoadBalancers[0]

log.Printf("[INFO] LB state: %s", *dLb.State.Code)
log.Printf("[INFO] LB state: %s", aws.StringValue(dLb.State.Code))

return describeResp, *dLb.State.Code, nil
return describeResp, aws.StringValue(dLb.State.Code), nil
},
Timeout: d.Timeout(schema.TimeoutCreate),
MinTimeout: 10 * time.Second,
Expand Down Expand Up @@ -324,7 +323,7 @@ func resourceAwsLbRead(d *schema.ResourceData, meta interface{}) error {
return nil
}

return errwrap.Wrapf("Error retrieving ALB: {{err}}", err)
return fmt.Errorf("Error retrieving ALB: %s", err)
}
if len(describeResp.LoadBalancers) != 1 {
return fmt.Errorf("Unable to find ALB: %#v", describeResp.LoadBalancers)
Expand All @@ -338,7 +337,7 @@ func resourceAwsLbUpdate(d *schema.ResourceData, meta interface{}) error {

if !d.IsNewResource() {
if err := setElbV2Tags(elbconn, d); err != nil {
return errwrap.Wrapf("Error Modifying Tags on ALB: {{err}}", err)
return fmt.Errorf("Error Modifying Tags on ALB: %s", err)
}
}

Expand Down Expand Up @@ -474,9 +473,9 @@ func resourceAwsLbUpdate(d *schema.ResourceData, meta interface{}) error {
}
dLb := describeResp.LoadBalancers[0]

log.Printf("[INFO] LB state: %s", *dLb.State.Code)
log.Printf("[INFO] LB state: %s", aws.StringValue(dLb.State.Code))

return describeResp, *dLb.State.Code, nil
return describeResp, aws.StringValue(dLb.State.Code), nil
},
Timeout: d.Timeout(schema.TimeoutUpdate),
MinTimeout: 10 * time.Second,
Expand Down Expand Up @@ -623,7 +622,7 @@ func getLbNameFromArn(arn string) (string, error) {
func flattenSubnetsFromAvailabilityZones(availabilityZones []*elbv2.AvailabilityZone) []string {
var result []string
for _, az := range availabilityZones {
result = append(result, *az.SubnetId)
result = append(result, aws.StringValue(az.SubnetId))
}
return result
}
Expand All @@ -633,10 +632,10 @@ func flattenSubnetMappingsFromAvailabilityZones(availabilityZones []*elbv2.Avail
for _, availabilityZone := range availabilityZones {
for _, loadBalancerAddress := range availabilityZone.LoadBalancerAddresses {
m := make(map[string]interface{}, 0)
m["subnet_id"] = *availabilityZone.SubnetId
m["subnet_id"] = aws.StringValue(availabilityZone.SubnetId)

if loadBalancerAddress.AllocationId != nil {
m["allocation_id"] = *loadBalancerAddress.AllocationId
m["allocation_id"] = aws.StringValue(loadBalancerAddress.AllocationId)
}

l = append(l, m)
Expand Down Expand Up @@ -666,7 +665,7 @@ func flattenAwsLbResource(d *schema.ResourceData, meta interface{}, lb *elbv2.Lo
d.Set("arn", lb.LoadBalancerArn)
d.Set("arn_suffix", lbSuffixFromARN(lb.LoadBalancerArn))
d.Set("name", lb.LoadBalancerName)
d.Set("internal", (lb.Scheme != nil && *lb.Scheme == "internal"))
d.Set("internal", (lb.Scheme != nil && aws.StringValue(lb.Scheme) == "internal"))
d.Set("security_groups", flattenStringList(lb.SecurityGroups))
d.Set("vpc_id", lb.VpcId)
d.Set("zone_id", lb.CanonicalHostedZoneId)
Expand All @@ -686,7 +685,7 @@ func flattenAwsLbResource(d *schema.ResourceData, meta interface{}, lb *elbv2.Lo
ResourceArns: []*string{lb.LoadBalancerArn},
})
if err != nil {
return errwrap.Wrapf("Error retrieving LB Tags: {{err}}", err)
return fmt.Errorf("Error retrieving LB Tags: %s", err)
}

var et []*elbv2.Tag
Expand All @@ -702,35 +701,35 @@ func flattenAwsLbResource(d *schema.ResourceData, meta interface{}, lb *elbv2.Lo
LoadBalancerArn: aws.String(d.Id()),
})
if err != nil {
return errwrap.Wrapf("Error retrieving LB Attributes: {{err}}", err)
return fmt.Errorf("Error retrieving LB Attributes: %s", err)
}

accessLogMap := map[string]interface{}{}
for _, attr := range attributesResp.Attributes {
switch *attr.Key {
switch aws.StringValue(attr.Key) {
case "access_logs.s3.enabled":
accessLogMap["enabled"] = aws.StringValue(attr.Value) == "true"
case "access_logs.s3.bucket":
accessLogMap["bucket"] = aws.StringValue(attr.Value)
case "access_logs.s3.prefix":
accessLogMap["prefix"] = aws.StringValue(attr.Value)
case "idle_timeout.timeout_seconds":
timeout, err := strconv.Atoi(*attr.Value)
timeout, err := strconv.Atoi(aws.StringValue(attr.Value))
if err != nil {
return errwrap.Wrapf("Error parsing ALB timeout: {{err}}", err)
return fmt.Errorf("Error parsing ALB timeout: %s", err)
}
log.Printf("[DEBUG] Setting ALB Timeout Seconds: %d", timeout)
d.Set("idle_timeout", timeout)
case "deletion_protection.enabled":
protectionEnabled := (*attr.Value) == "true"
protectionEnabled := aws.StringValue(attr.Value) == "true"
log.Printf("[DEBUG] Setting LB Deletion Protection Enabled: %t", protectionEnabled)
d.Set("enable_deletion_protection", protectionEnabled)
case "routing.http2.enabled":
http2Enabled := (*attr.Value) == "true"
http2Enabled := aws.StringValue(attr.Value) == "true"
log.Printf("[DEBUG] Setting ALB HTTP/2 Enabled: %t", http2Enabled)
d.Set("enable_http2", http2Enabled)
case "load_balancing.cross_zone.enabled":
crossZoneLbEnabled := (*attr.Value) == "true"
crossZoneLbEnabled := aws.StringValue(attr.Value) == "true"
log.Printf("[DEBUG] Setting NLB Cross Zone Load Balancing Enabled: %t", crossZoneLbEnabled)
d.Set("enable_cross_zone_load_balancing", crossZoneLbEnabled)
}
Expand Down
43 changes: 17 additions & 26 deletions aws/resource_aws_lb_listener.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
Expand Down Expand Up @@ -50,7 +49,11 @@ func resourceAwsLbListener() *schema.Resource {
StateFunc: func(v interface{}) string {
return strings.ToUpper(v.(string))
},
ValidateFunc: validateLbListenerProtocol(),
ValidateFunc: validation.StringInSlice([]string{
elbv2.ProtocolEnumHttp,
elbv2.ProtocolEnumHttps,
elbv2.ProtocolEnumTcp,
}, true),
},

"ssl_policy": {
Expand All @@ -74,9 +77,11 @@ func resourceAwsLbListener() *schema.Resource {
Required: true,
},
"type": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validateLbListenerActionType(),
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{
elbv2.ActionTypeEnumForward,
}, true),
},
},
},
Expand Down Expand Up @@ -136,7 +141,7 @@ func resourceAwsLbListenerCreate(d *schema.ResourceData, meta interface{}) error
})

if err != nil {
return errwrap.Wrapf("Error creating LB Listener: {{err}}", err)
return fmt.Errorf("Error creating LB Listener: %s", err)
}

if len(resp.Listeners) == 0 {
Expand All @@ -160,7 +165,7 @@ func resourceAwsLbListenerRead(d *schema.ResourceData, meta interface{}) error {
d.SetId("")
return nil
}
return errwrap.Wrapf("Error retrieving Listener: {{err}}", err)
return fmt.Errorf("Error retrieving Listener: %s", err)
}

if len(resp.Listeners) != 1 {
Expand All @@ -175,16 +180,16 @@ func resourceAwsLbListenerRead(d *schema.ResourceData, meta interface{}) error {
d.Set("protocol", listener.Protocol)
d.Set("ssl_policy", listener.SslPolicy)

if listener.Certificates != nil && len(listener.Certificates) == 1 {
if listener.Certificates != nil && len(listener.Certificates) == 1 && listener.Certificates[0] != nil {
d.Set("certificate_arn", listener.Certificates[0].CertificateArn)
}

defaultActions := make([]map[string]interface{}, 0)
if listener.DefaultActions != nil && len(listener.DefaultActions) > 0 {
for _, defaultAction := range listener.DefaultActions {
action := map[string]interface{}{
"target_group_arn": *defaultAction.TargetGroupArn,
"type": *defaultAction.Type,
"target_group_arn": aws.StringValue(defaultAction.TargetGroupArn),
"type": aws.StringValue(defaultAction.Type),
}
defaultActions = append(defaultActions, action)
}
Expand Down Expand Up @@ -238,7 +243,7 @@ func resourceAwsLbListenerUpdate(d *schema.ResourceData, meta interface{}) error
return nil
})
if err != nil {
return errwrap.Wrapf("Error modifying LB Listener: {{err}}", err)
return fmt.Errorf("Error modifying LB Listener: %s", err)
}

return resourceAwsLbListenerRead(d, meta)
Expand All @@ -251,22 +256,8 @@ func resourceAwsLbListenerDelete(d *schema.ResourceData, meta interface{}) error
ListenerArn: aws.String(d.Id()),
})
if err != nil {
return errwrap.Wrapf("Error deleting Listener: {{err}}", err)
return fmt.Errorf("Error deleting Listener: %s", err)
}

return nil
}

func validateLbListenerActionType() schema.SchemaValidateFunc {
return validation.StringInSlice([]string{
elbv2.ActionTypeEnumForward,
}, true)
}

func validateLbListenerProtocol() schema.SchemaValidateFunc {
return validation.StringInSlice([]string{
"http",
"https",
"tcp",
}, true)
}
7 changes: 3 additions & 4 deletions aws/resource_aws_lb_listener_certificate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,9 @@ import (
"log"
"time"

"github.com/hashicorp/terraform/helper/resource"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
)

Expand Down Expand Up @@ -141,11 +140,11 @@ func findAwsLbListenerCertificate(certificateArn, listenerArn string, skipDefaul
}

for _, cert := range resp.Certificates {
if skipDefault && *cert.IsDefault {
if skipDefault && aws.BoolValue(cert.IsDefault) {
continue
}

if *cert.CertificateArn == certificateArn {
if aws.StringValue(cert.CertificateArn) == certificateArn {
return cert, nil
}
}
Expand Down
7 changes: 3 additions & 4 deletions aws/resource_aws_lb_listener_certificate_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"testing"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/hashicorp/terraform/helper/acctest"
"github.com/hashicorp/terraform/helper/resource"
Expand Down Expand Up @@ -111,19 +110,19 @@ func testAccCheckAwsLbListenerCertificateDestroy(s *terraform.State) error {

resp, err := conn.DescribeListenerCertificates(input)
if err != nil {
if wserr, ok := err.(awserr.Error); ok && wserr.Code() == "ListenerNotFound" {
if isAWSErr(err, elbv2.ErrCodeListenerNotFoundException, "") {
return nil
}
return err
}

for _, cert := range resp.Certificates {
// We only care about additional certificates.
if *cert.IsDefault {
if aws.BoolValue(cert.IsDefault) {
continue
}

if *cert.CertificateArn == rs.Primary.Attributes["certificate_arn"] {
if aws.StringValue(cert.CertificateArn) == rs.Primary.Attributes["certificate_arn"] {
return errors.New("LB listener certificate not destroyed")
}
}
Expand Down
Loading