search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.82k stars 9.16k forks source link

WAF V1 Provider #22378

Closed JeremyPDC closed 2 years ago

JeremyPDC commented 2 years ago

Using terraform version 1.0.11 and provider release 3.70.0.

When adding a new WEB ACL using WAF v1.

Resources used are the following.

resource "aws_wafregional_byte_match_set" resource "aws_wafregional_rule" resource "aws_wafregional_web_acl"

Plan worked fine but when running apply saw the following error.

https://gist.github.com/JeremyPDC/443f8b5b142a581f4166f65b5fb3387c

Looking into this it appears to be a problem with the following.

https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/waf/helpers.go#L274

Fixed the provider in our terraform to version 3.61.0 which I think moves the code back to this.

Priority: aws.Int64(int64(rule["priority"].(int))),

from this

Priority: aws.Int64(rule["priority"].(int64)),

That fixed the problem.

ewbankkit commented 2 years ago 
[10:37:29][Step 5/5] Stack trace from the terraform-provider-aws_v3.70.0_x5 plugin:
[10:37:29][Step 5/5] 
[10:37:29][Step 5/5] panic: interface conversion: interface {} is int, not int64
[10:37:29][Step 5/5] 
[10:37:29][Step 5/5] goroutine 190 [running]:
[10:37:29][Step 5/5] github.com/hashicorp/terraform-provider-aws/internal/service/waf.ExpandActivatedRule(...)
[10:37:29][Step 5/5]    /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-aws/internal/service/waf/helpers.go:274
[10:37:29][Step 5/5] github.com/hashicorp/terraform-provider-aws/internal/service/waf.DiffRuleGroupActivatedRules(0xef18990, 0x0, 0x0, 0xc0018a1330, 0x1, 0x1, 0xc002041730, 0xc000eae400, 0xc000eae000)
[10:37:29][Step 5/5]    /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-aws/internal/service/waf/helpers.go:246 +0xe33
[10:37:29][Step 5/5] github.com/hashicorp/terraform-provider-aws/internal/service/wafregional.updateWafRuleGroupResourceWR.func1(0xc001c9b0a0, 0xef18990, 0xc002041730, 0x0, 0x0)
[10:37:29][Step 5/5]    /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-aws/internal/service/wafregional/rule_group.go:249 +0xd0
[10:37:29][Step 5/5] github.com/hashicorp/terraform-provider-aws/internal/service/wafregional.(*WafRegionalRetryer).RetryWithToken.func1(0x2)
[10:37:29][Step 5/5]    /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-aws/internal/service/wafregional/token_handlers.go:36 +0x1fc
[10:37:29][Step 5/5] github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.RetryContext.func1(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
[10:37:29][Step 5/5]    /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.9.0/helper/resource/wait.go:27 +0x5b
[10:37:29][Step 5/5] github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.(*StateChangeConf).WaitForStateContext.func1(0xc00203f680, 0xc00157f8f0, 0xc00254b9e0, 0xc002059780, 0xc000f7b658, 0xc000f7b650)
[10:37:29][Step 5/5]    /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.9.0/helper/resource/state.go:110 +0x2e9
[10:37:29][Step 5/5] created by github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.(*StateChangeConf).WaitForStateContext
[10:37:29][Step 5/5]    /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.9.0/helper/resource/state.go:83 +0x1c6
[10:37:29][Step 5/5] 
[10:37:29][Step 5/5] Error: The terraform-provider-aws_v3.70.0_x5 plugin crashed!
[10:37:29][Step 5/5] 
[10:37:29][Step 5/5] This is always indicative of a bug within the plugin. It would be immensely
[10:37:29][Step 5/5] helpful if you could report the crash with the plugin's maintainers so that it
[10:37:29][Step 5/5] can be fixed. The output above should help diagnose the issue.
zalaps commented 2 years ago

@JeremyPDC I'm facing this issue in version = "3.73.0". Has this been dispatched in any of releases?

JeremyPDC commented 2 years ago

I have not seen a fix. If you lock your version of terraform it will work. Though probably not ideal.

This is what ours is locked at for the moment.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      # This needs to be fixed due to a bug found in the waf provider code
      version = "3.61.0"
    }
  }
}
zalaps commented 2 years ago

terraform { required_providers { aws = { source = "hashicorp/aws" # This needs to be fixed due to a bug found in the waf provider code version = "3.61.0" } } }

Forcing version to stay at 3.61.0 worked smoothly. I was able to get ipset, rule, rule group and web-acl successfully. Strangely, I was not able to visualize created resources on AWS Console. Later realized that WAFv2 will not display it as it has different set of APIs. Out of curiosity checked in WAF Classic as well, couldn't find any resources on Console UI.

Anyways, I moved to WAFv2. Worked OK with 3.73.0.

Thanks @JeremyPDC for quick response. Have a good weekend!

ewbankkit commented 2 years ago

Related: https://github.com/hashicorp/terraform-provider-aws/issues/19613.

davewongillies commented 2 years ago

We're seeing this with 3.69.0 as well.

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.