WAF regional (aws_wafregional_web_acl) with rules for ipset, sql injection and cross-site scripting failed with crash.log after updating aws-provider to terraform-provider-aws_v2.59.0_x4

boris-ait commented 4 years ago

WAF regional (aws_wafregional_web_acl) with rules for ipset, sql injection, and cross-site scripting failed with crash.log after updating aws-provider to terraform-provider-aws_v2.59.0_x4

It does work with terraform-provider-aws_v2.58.0_x4 In release notes of terraform-provider-aws_v2.59.0_x4 I do see fixes related to aws_wafregional_web_acl so it can cause the issue.

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

020/05/01 00:11:37 [WARN] Log levels other than TRACE are currently unreliable, and are supported only for backward compatibility. Use TF_LOG=TRACE to see Terraform's internal logs.

2020/05/01 00:11:37 [INFO] Terraform version: 0.12.24
2020/05/01 00:11:37 [INFO] Go runtime version: go1.13.8 2020/05/01 00:11:37 [INFO] CLI args: []string{"/usr/local/bin/terraform", "--version"} 2020/05/01 00:11:37 [DEBUG] Attempting to open CLI config file: /Users/borisp/.terraformrc 2020/05/01 00:11:37 [DEBUG] File doesn't exist, but doesn't need to. Ignoring. 2020/05/01 00:11:37 [INFO] CLI command args: []string{"version", "--version"} Terraform v0.12.24 2020/05/01 00:11:37 [DEBUG] checking for provider in "." 2020/05/01 00:11:37 [DEBUG] checking for provider in "/usr/local/bin" 2020/05/01 00:11:37 [DEBUG] checking for provider in ".terraform/plugins/darwin_amd64" 2020/05/01 00:11:37 [DEBUG] found provider "terraform-provider-aws_v2.59.0_x4" 2020/05/01 00:11:37 [DEBUG] found valid plugin: "aws", "2.59.0", "/Users/borisp/SPC/waf-automation/waf-automations-module/.terraform/plugins/darwin_amd64/terraform-provider-aws_v2.59.0_x4"

provider.aws v2.59.0
Affected Resource(s)

aws_wafregional_web_acl aws_wafregional_rule aws_wafregional_sql_injection_match_set aws_wafregional_ipset aws_wafregional_xss_match_set

Terraform Configuration Files

Debug Output

crash.log link: https://gist.github.com/boris-ait/8bb3b0330a2fe1ac197686206682539a

Panic Output

2020-04-30T23:36:09.120+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: 2020/04/30 23:36:09 [DEBUG] [aws-sdk-go] {"ChangeToken":"518df000-181c-4cc3-8949-a1af6ed3fa43"} 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: panic: interface conversion: interface {} is schema.Set, not []interface {} 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: goroutine 568 [running]: 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: github.com/terraform-providers/terraform-provider-aws/aws.diffWafXssMatchSetTuples(0xa225a98, 0x0, 0x0, 0xc000153000, 0x8, 0x8, 0x16af359, 0x0, 0x0) 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/aws/resource_aws_waf_xss_match_set.go:245 +0xcb2 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: github.com/terraform-providers/terraform-provider-aws/aws.updateXssMatchSetResourceWR.func1(0xc000a8fa20, 0xa225a98, 0xc00000e790, 0x0, 0x0) 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/aws/resource_aws_wafregional_xss_match_set.go:167 +0xcc 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: github.com/terraform-providers/terraform-provider-aws/aws.(WafRegionalRetryer).RetryWithToken.func1(0xc000bbf8c0) 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/aws/wafregionl_token_handlers.go:34 +0x17b 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: github.com/hashicorp/terraform-plugin-sdk/helper/resource.Retry.func1(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/resource/wait.go:22 +0x51 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: github.com/hashicorp/terraform-plugin-sdk/helper/resource.(StateChangeConf).WaitForState.func1(0xc000f029c0, 0xc0001640e0, 0xc000a98400, 0xc000d04e40, 0xc000a964d8, 0xc000a964d0) 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/resource/state.go:103 +0x29d 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: created by github.com/hashicorp/terraform-plugin-sdk/helper/resource.(StateChangeConf).WaitForState 2020-04-30T23:36:09.123+0300 [DEBUG] plugin.terraform-provider-aws_v2.59.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/resource/state.go:80 +0x1bf 2020/04/30 23:36:09 [DEBUG] aws_wafregional_rule.WAFBlacklistRule: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalMaybeTainted 2020/04/30 23:36:09 [DEBUG] aws_wafregional_sql_injection_match_set.WAFSqlInjectionDetection: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalMaybeTainted 2020/04/30 23:36:09 [TRACE] EvalMaybeTainted: aws_wafregional_sql_injection_match_set.WAFSqlInjectionDetection encountered an error during creation, so it is now marked as tainted 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalWriteState 2020/04/30 23:36:09 [DEBUG] aws_wafregional_rule.WAFScannersProbesRule: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalMaybeTainted 2020/04/30 23:36:09 [TRACE] EvalMaybeTainted: aws_wafregional_rule.WAFBlacklistRule encountered an error during creation, so it is now marked as tainted 2020/04/30 23:36:09 [TRACE] EvalWriteState: removing state object for aws_wafregional_sql_injection_match_set.WAFSqlInjectionDetection 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalApplyProvisioners 2020/04/30 23:36:09 [DEBUG] aws_wafregional_rule.WAFIPReputationListsRule: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing 2020/04/30 23:36:09 [DEBUG] aws_wafregional_xss_match_set.WAFXssDetection: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing 2020/04/30 23:36:09 [TRACE] EvalApplyProvisioners: aws_wafregional_sql_injection_match_set.WAFSqlInjectionDetection has no state, so skipping provisioners 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalMaybeTainted 2020/04/30 23:36:09 [TRACE] EvalMaybeTainted: aws_wafregional_sql_injection_match_set.WAFSqlInjectionDetection encountered an error during creation, so it is now marked as tainted 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalWriteState 2020/04/30 23:36:09 [TRACE] EvalWriteState: removing state object for aws_wafregional_sql_injection_match_set.WAFSqlInjectionDetection 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalIf 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalIf 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalWriteDiff 2020/04/30 23:36:09 [TRACE] : eval: terraform.EvalApplyPost 2020-04-30T23:36:09.133+0300 [DEBUG] plugin: plugin process exited: path=/Users/borisp/SPC/waf-automation/waf-automations-module/.terraform/plugins/darwin_amd64/terraform-provider-aws_v2.59.0_x4 pid=42461 error="exit status 2" 2020/04/30 23:36:09 [ERROR] : eval: terraform.EvalApplyPost, err: rpc error: code = Unavailable desc = transport is closing

Expected Behavior

create resources without errors

Actual Behavior

failing with crash.log

Steps to Reproduce

terraform apply

Important Factoids

References

0000

ewbankkit commented 4 years ago

@boris-ait Thanks for raising this. It seems to be the same problem as #13014, #12106 and should be fixed by https://github.com/terraform-providers/terraform-provider-aws/pull/13024, which is scheduled for v2.60.0, coming soon.

bflad commented 4 years ago

As mentioned above, the fix for this went out yesterday in version 2.60.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashicorp / terraform-provider-aws