Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash after cognito failure #6171

Closed
ghost opened this issue Oct 16, 2018 · 6 comments · Fixed by #6319
Closed

Crash after cognito failure #6171

ghost opened this issue Oct 16, 2018 · 6 comments · Fixed by #6319
Assignees
Labels
bug Addresses a defect in current functionality. crash Results from or addresses a Terraform crash or kernel panic. service/elbv2 Issues and PRs that pertain to the elbv2 service.
Milestone

Comments

@ghost
Copy link

ghost commented Oct 16, 2018

This issue was originally opened by @jmingtan as hashicorp/terraform#19084. It was migrated here as a result of the provider split. The original body of the issue is below.


Terraform Version

Terraform v0.11.7
+ provider.aws v1.40.0

Crash Output

terraform plan:

  - 'Terraform will perform the following actions:'
  - ''
  - + aws_cognito_user_pool.internal-users
  - '      id:                                                  <computed>'
  - '      admin_create_user_config.#:                          <computed>'
  - '      arn:                                                 <computed>'
  - '      creation_date:                                       <computed>'
  - '      email_verification_message:                          <computed>'
  - '      email_verification_subject:                          <computed>'
  - '      endpoint:                                            <computed>'
  - '      lambda_config.#:                                     <computed>'
  - '      last_modified_date:                                  <computed>'
  - '      mfa_configuration:                                   "OFF"'
  - '      name:                                                "ra-internal-users"'
  - '      password_policy.#:                                   <computed>'
  - '      verification_message_template.#:                     <computed>'
  - ''
  - '  + aws_cognito_user_pool_client.internal-users'
  - '      id:                                                  <computed>'
  - '      callback_urls.#:                                     "3"'
  - '      callback_urls.0:                                     "https://ra-public-internal-1264074348.ap-southeast-1.elb.amazonaws.com/oauth2/idpresponse"'
  - '      callback_urls.1:                                     "https://conan.radioactive.sg/oauth2/idpresponse"'
  - '      callback_urls.2:                                     "https://bob2.radioactive.sg/oauth2/idpresponse"'
  - '      client_secret:                                       <computed>'
  - '      name:                                                "ra-internal-users-client"'
  - '      refresh_token_validity:                              "30"'
  - '      user_pool_id:                                        "${aws_cognito_user_pool.internal-users.id}"'
  - ''
  - '  + aws_cognito_user_pool_domain.internal-users'
  - '      id:                                                  <computed>'
  - '      aws_account_id:                                      <computed>'
  - '      cloudfront_distribution_arn:                         <computed>'
  - '      domain:                                              "ra-internal-users"'
  - '      s3_bucket:                                           <computed>'
  - '      user_pool_id:                                        "${aws_cognito_user_pool.internal-users.id}"'
  - '      version:                                             <computed>'
  - ''
  - '  ~ aws_lb_listener_rule.bob-https'
  - '      action.#:                                            "1" => "2"'
  - '      action.0.authenticate_cognito.#:                     "0" => "1"'
  - '      action.0.authenticate_cognito.0.user_pool_arn:       "" => "${aws_cognito_user_pool.internal-users.arn}"'
  - '      action.0.authenticate_cognito.0.user_pool_client_id: "" => "${aws_cognito_user_pool_client.internal-users.id}"'
  - '      action.0.authenticate_cognito.0.user_pool_domain:    "" => "ra-internal-users"'
  - '      action.0.order:                                      "0" => "1"'
  - '      action.0.type:                                       "forward" => "authenticate-cognito"'
  - '      action.1.order:                                      "" => "2"'
  - '      action.1.target_group_arn:                           "" => "arn:aws:elasticloadbalancing:ap-southeast-1:633601984981:targetgroup/radioactive-internal-bob/be97b719c7799ba5"'
  - '      action.1.type:                                       "" => "forward"'
  - 'Plan: 3 to add, 1 to change, 0 to destroy.'
  - ''
  - '------------------------------------------------------------------------'
  - ''
  - 'This plan was saved to: terraform_plan'
  - ''
  - 'To perform exactly these actions, run the following command to apply:'
  - '    terraform apply "terraform_plan"'

terraform apply:
Error: Error applying plan:

1 error(s) occurred:

* aws_lb_listener_rule.bob-https: 1 error(s) occurred:

* aws_lb_listener_rule.bob-https: Error modifying LB Listener Rule: InvalidLoadBalancerAction: The user pool client must have a client secret
        status code: 400, request id: 7dbef1ae-d129-11e8-82fc-61de2e4ad58b

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Subsequently, any calls to terraform plan (even after reverting changes to the .tf files) result in a crash. Example crash: https://gist.github.com/jmingtan/6eb28f12ac641f5a557d106285b5bbe8

Expected Behavior

terraform plan should not crash

Actual Behavior

State seems to be corrupted and I can't run terraform plan anymore

@bflad bflad added bug Addresses a defect in current functionality. crash Results from or addresses a Terraform crash or kernel panic. service/elbv2 Issues and PRs that pertain to the elbv2 service. labels Oct 16, 2018
@bflad
Copy link
Contributor

bflad commented Oct 16, 2018

Relevant portion of the crash log:

2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: panic: runtime error: index out of range
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: goroutine 401 [running]:
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: github.com/terraform-providers/terraform-provider-aws/aws.sortActionsBasedonTypeinTFFile(0x30b7a0f, 0x6, 0xc00000d008, 0x1, 0x1, 0xc0002e9030, 0x0, 0x151500015000000, 0x2b44f80000415400)
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/aws/structure.go:1918 +0x313
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: github.com/terraform-providers/terraform-provider-aws/aws.resourceAwsLbListenerRuleRead(0xc0002e9030, 0x2b62fc0, 0xc00026e300, 0xc0002e9030, 0x0)
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/aws/resource_aws_lb_listener_rule.go:546 +0x321
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/helper/schema.(*Resource).Refresh(0xc0004309a0, 0xc0005cc370, 0x2b62fc0, 0xc00026e300, 0xc0005a93d0, 0x4c0501, 0x2663860)
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/helper/schema/resource.go:352 +0x160
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/helper/schema.(*Provider).Refresh(0xc000430d90, 0xc0005cc320, 0xc0005cc370, 0xc000423180, 0xc0006acd80, 0x7f51857fbb00)
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/helper/schema/provider.go:308 +0x92
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/plugin.(*ResourceProviderServer).Refresh(0xc00055fc60, 0xc000c446d0, 0xc000c447a0, 0x0, 0x0)
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/plugin/resource_provider.go:549 +0x4e
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: reflect.Value.call(0xc000170ae0, 0xc00000c6d0, 0x13, 0x30b574a, 0x4, 0xc000405f18, 0x3, 0x3, 0xc000456080, 0xc00015e200, ...)
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/goenv/versions/1.11.1/src/reflect/value.go:447 +0x449
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: reflect.Value.Call(0xc000170ae0, 0xc00000c6d0, 0x13, 0xc0004cff18, 0x3, 0x3, 0x0, 0x0, 0x100010000)
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/goenv/versions/1.11.1/src/reflect/value.go:308 +0xa4
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: net/rpc.(*service).call(0xc00038b680, 0xc0003d23c0, 0xc000034dc0, 0xc000034dd0, 0xc000188700, 0xc0009466c0, 0x2663820, 0xc000c446d0, 0x16, 0x2663860, ...)
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/goenv/versions/1.11.1/src/net/rpc/server.go:384 +0x14e
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: created by net/rpc.(*Server).ServeCodec
2018-10-16T18:33:24.192+0800 [DEBUG] plugin.terraform-provider-aws_v1.40.0_x4: 	/opt/goenv/versions/1.11.1/src/net/rpc/server.go:481 +0x47e

@bflad
Copy link
Contributor

bflad commented Nov 1, 2018

Bug fix pull request submitted: #6319

@bflad
Copy link
Contributor

bflad commented Nov 1, 2018

The fix for actions deleted outside Terraform has been merged and will release with version 1.43.0 of the AWS provider, likely middle of next week. 👍

@jmingtan
Copy link

jmingtan commented Nov 2, 2018 via email

@bflad
Copy link
Contributor

bflad commented Nov 7, 2018

This has been released in version 1.43.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link
Author

ghost commented Apr 2, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 2, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. crash Results from or addresses a Terraform crash or kernel panic. service/elbv2 Issues and PRs that pertain to the elbv2 service.
Projects
None yet
2 participants