cloudflare_zone_lockdown: IP address without subnet mask crashes the provider

[hoexter]

Terraform Version

Terraform v0.12.20

Affected Resource(s)

cloudflare_zone_lockdown

Terraform Configuration Files

resource "cloudflare_zone_lockdown" "whitelist" {
  zone_id     = cloudflare_zone.foobar_com.id
  paused      = "false"
  description = "Whitelist testing users"
  urls        = local.locked_down_endpoints

  dynamic "configurations" {
    for_each = transpose(local.whitelist)
    content {
      target = "ip_range"
      value  = configurations.key
    }
  }
}

locals {
  locked_down_endpoints = [
    "www.foobar.com/*",
  ]

  whitelist = {
    "Office"             = ["192.168.1.2/32", "10.1.2.3"],
  }
}

The error is the missing subnet mask on the second IP in the whitelist entry "Office".

Panic Output

Error: rpc error: code = Unavailable desc = transport is closing

panic: interface conversion: interface {} is nil, not string
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4:
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: goroutine 15 [running]:
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: github.com/terraform-providers/terraform-provider-cloudflare/cloudflare.resourceCloudflareZoneLockdownUpdate(0xc0001e82a0, 0x1099e60, 0xc00016c540, 0x24, 0x1c700a0)
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/cloudflare/resource_cloudflare_zone_lockdown.go:196 +0x901
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: github.com/terraform-providers/terraform-provider-cloudflare/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Resource).Apply(0xc0004ce700, 0xc00015c6e0, 0xc0001eb560, 0x1099e60, 0xc00016c540, 0xc000179501, 0xc000311578, 0xf2d780)
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/schema/resource.go:311 +0x264
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: github.com/terraform-providers/terraform-provider-cloudflare/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Provider).Apply(0xc0004cea00, 0xc0001ada68, 0xc00015c6e0, 0xc0001eb560, 0xc00060f708, 0xc0000c0b70, 0xf2f460)
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/schema/provider.go:294 +0x18f
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: github.com/terraform-providers/terraform-provider-cloudflare/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).ApplyResourceChange(0xc000156578, 0x1337f40, 0xc000305b00, 0xc0001507e0, 0xc000156578, 0xc000305b00, 0xc000227bd0)
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin/grpc_provider.go:885 +0x884
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: github.com/terraform-providers/terraform-provider-cloudflare/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x1061fe0, 0xc000156578, 0x1337f40, 0xc000305b00, 0xc000150780, 0x0, 0x1337f40, 0xc000305b00, 0xc0001d8000, 0x12a1)
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5/tfplugin5.pb.go:3189 +0x23e
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: github.com/terraform-providers/terraform-provider-cloudflare/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc0003d8160, 0x1343fe0, 0xc000568d80, 0xc000146900, 0xc00014d050, 0x1c44800, 0x0, 0x0, 0x0)
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/vendor/google.golang.org/grpc/server.go:995 +0x466
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: github.com/terraform-providers/terraform-provider-cloudflare/vendor/google.golang.org/grpc.(*Server).handleStream(0xc0003d8160, 0x1343fe0, 0xc000568d80, 0xc000146900, 0x0)
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/vendor/google.golang.org/grpc/server.go:1275 +0xda6
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: github.com/terraform-providers/terraform-provider-cloudflare/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0000b2380, 0xc0003d8160, 0x1343fe0, 0xc000568d80, 0xc000146900)
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/vendor/google.golang.org/grpc/server.go:710 +0x9f
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: created by github.com/terraform-providers/terraform-provider-cloudflare/vendor/google.golang.org/grpc.(*Server).serveStreams.func1
2020-01-27T12:46:45.185+0100 [DEBUG] plugin.terraform-provider-cloudflare_v2.3.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-cloudflare/vendor/google.golang.org/grpc/server.go:708 +0xa1
2020-01-27T12:46:45.187+0100 [DEBUG] plugin: plugin process exited: path=/home/sven/foobar/terraform/cloudflare/foobar.com/.terraform/plugins/linux_amd64/terraform-provider-cloudflare_v2.3.0_x4 pid=8962 error="exit status 2"
2020/01/27 12:46:45 [DEBUG] cloudflare_zone_lockdown.whitelist: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/01/27 12:46:45 [TRACE] EvalWriteState: recording 1 dependencies for cloudflare_zone_lockdown.whitelist
2020/01/27 12:46:45 [TRACE] EvalWriteState: writing current state object for cloudflare_zone_lockdown.whitelist
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalApplyProvisioners
2020/01/27 12:46:45 [TRACE] EvalApplyProvisioners: cloudflare_zone_lockdown.whitelist is not freshly-created, so no provisioning is required
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/01/27 12:46:45 [TRACE] EvalWriteState: recording 1 dependencies for cloudflare_zone_lockdown.whitelist
2020/01/27 12:46:45 [TRACE] EvalWriteState: writing current state object for cloudflare_zone_lockdown.whitelist
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalIf
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalIf
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalWriteDiff
2020/01/27 12:46:45 [TRACE] <root>: eval: *terraform.EvalApplyPost
2020/01/27 12:46:45 [ERROR] <root>: eval: *terraform.EvalApplyPost, err: rpc error: code = Unavailable desc = transport is closing
2020/01/27 12:46:45 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020/01/27 12:46:45 [TRACE] [walkApply] Exiting eval tree: cloudflare_zone_lockdown.whitelist
2020/01/27 12:46:45 [TRACE] vertex "cloudflare_zone_lockdown.whitelist": visit complete
2020/01/27 12:46:45 [TRACE] dag/walk: upstream of "provider.cloudflare (close)" errored, so skipping
2020/01/27 12:46:45 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2020/01/27 12:46:45 [TRACE] dag/walk: upstream of "root" errored, so skipping
2020-01-27T12:46:45.414+0100 [DEBUG] plugin: plugin exited

Expected Behavior

terraform does not crash, suitable error message pointing at the error a plus

Actual Behavior

What actually happened?

Steps to Reproduce

Try to deploy a whitelist entry for cloudflare_zone_lockdown without a defined subnet mask. Crashes during terraform apply.

References

Looks similar to https://github.com/terraform-providers/terraform-provider-cloudflare/issues/588

[jacobbednarz]

Thanks for the report @hoexter! I think a better validation of the schema should resolve this. I am also not sure why this crashed and didn't throw up the error message included 🤔

[jacobbednarz]

Ah, because you're using a dynamic, the error message isn't getting propagated up. Using a regular block here shows the exception as expected.

--- FAIL: TestAccCloudflareZoneLockdownIPRangeWithInvalidCIDR (0.94s)
    testing.go:640: Step 0 error: errors during apply:

        Error: error creating zone lockdown for zone ID "REDACTED": error from makeRequest: HTTP status 400: content "{\n  \"result\": null,\n  \"success\": false,\n  \"errors\": [\n    {\n      \"message\": \"zonelockdown.api.validation=invalid CIDR address: 198.51.100.4\"\n    }\n  ],\n  \"messages\": []\n}\n"

          on /var/folders/d4/5sgps61s2jg8f0_71663vw800000gn/T/tf-test394260898/main.tf line 2:
          (source code not available)