Crash after cognito failure

[jmingtan]

Terraform Version

Terraform v0.11.7
+ provider.aws v1.40.0

Crash Output

terraform plan:

  - 'Terraform will perform the following actions:'
  - ''
  - + aws_cognito_user_pool.internal-users
  - '      id:                                                  <computed>'
  - '      admin_create_user_config.#:                          <computed>'
  - '      arn:                                                 <computed>'
  - '      creation_date:                                       <computed>'
  - '      email_verification_message:                          <computed>'
  - '      email_verification_subject:                          <computed>'
  - '      endpoint:                                            <computed>'
  - '      lambda_config.#:                                     <computed>'
  - '      last_modified_date:                                  <computed>'
  - '      mfa_configuration:                                   "OFF"'
  - '      name:                                                "ra-internal-users"'
  - '      password_policy.#:                                   <computed>'
  - '      verification_message_template.#:                     <computed>'
  - ''
  - '  + aws_cognito_user_pool_client.internal-users'
  - '      id:                                                  <computed>'
  - '      callback_urls.#:                                     "3"'
  - '      callback_urls.0:                                     "https://ra-public-internal-1264074348.ap-southeast-1.elb.amazonaws.com/oauth2/idpresponse"'
  - '      callback_urls.1:                                     "https://conan.radioactive.sg/oauth2/idpresponse"'
  - '      callback_urls.2:                                     "https://bob2.radioactive.sg/oauth2/idpresponse"'
  - '      client_secret:                                       <computed>'
  - '      name:                                                "ra-internal-users-client"'
  - '      refresh_token_validity:                              "30"'
  - '      user_pool_id:                                        "${aws_cognito_user_pool.internal-users.id}"'
  - ''
  - '  + aws_cognito_user_pool_domain.internal-users'
  - '      id:                                                  <computed>'
  - '      aws_account_id:                                      <computed>'
  - '      cloudfront_distribution_arn:                         <computed>'
  - '      domain:                                              "ra-internal-users"'
  - '      s3_bucket:                                           <computed>'
  - '      user_pool_id:                                        "${aws_cognito_user_pool.internal-users.id}"'
  - '      version:                                             <computed>'
  - ''
  - '  ~ aws_lb_listener_rule.bob-https'
  - '      action.#:                                            "1" => "2"'
  - '      action.0.authenticate_cognito.#:                     "0" => "1"'
  - '      action.0.authenticate_cognito.0.user_pool_arn:       "" => "${aws_cognito_user_pool.internal-users.arn}"'
  - '      action.0.authenticate_cognito.0.user_pool_client_id: "" => "${aws_cognito_user_pool_client.internal-users.id}"'
  - '      action.0.authenticate_cognito.0.user_pool_domain:    "" => "ra-internal-users"'
  - '      action.0.order:                                      "0" => "1"'
  - '      action.0.type:                                       "forward" => "authenticate-cognito"'
  - '      action.1.order:                                      "" => "2"'
  - '      action.1.target_group_arn:                           "" => "arn:aws:elasticloadbalancing:ap-southeast-1:633601984981:targetgroup/radioactive-internal-bob/be97b719c7799ba5"'
  - '      action.1.type:                                       "" => "forward"'
  - 'Plan: 3 to add, 1 to change, 0 to destroy.'
  - ''
  - '------------------------------------------------------------------------'
  - ''
  - 'This plan was saved to: terraform_plan'
  - ''
  - 'To perform exactly these actions, run the following command to apply:'
  - '    terraform apply "terraform_plan"'

terraform apply:
Error: Error applying plan:

1 error(s) occurred:

* aws_lb_listener_rule.bob-https: 1 error(s) occurred:

* aws_lb_listener_rule.bob-https: Error modifying LB Listener Rule: InvalidLoadBalancerAction: The user pool client must have a client secret
        status code: 400, request id: 7dbef1ae-d129-11e8-82fc-61de2e4ad58b

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Subsequently, any calls to terraform plan (even after reverting changes to the .tf files) result in a crash. Example crash: https://gist.github.com/jmingtan/6eb28f12ac641f5a557d106285b5bbe8

Expected Behavior

terraform plan should not crash

Actual Behavior

State seems to be corrupted and I can't run terraform plan anymore

[ghost]

This issue has been automatically migrated to hashicorp/terraform-provider-aws#6171 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to hashicorp/terraform-provider-aws#6171.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.