QR Code PNG data from aws_iam_virtual_mfa_device is broken

[agargiulo]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

[14:38:07] % terraform -v
Terraform v1.1.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.8.0
+ provider registry.terraform.io/hashicorp/dns v3.2.3
+ provider registry.terraform.io/hashicorp/local v2.2.2
+ provider registry.terraform.io/hashicorp/null v3.1.1
+ provider registry.terraform.io/hashicorp/random v3.1.2

Affected Resource(s)

• aws_iam_virtual_mfa_device

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

# main.tf
provider "aws" {
  region = "us-west-2"
}

terraform {
  backend "s3" {}
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4"
    }
  }
  required_version = "~> 1.1"
}

resource "aws_iam_virtual_mfa_device" "testing_mfa_qr" {
  virtual_mfa_device_name = "qr_png_test"
}

output "mfa_qr" {
  sensitive = true
  value     = aws_iam_virtual_mfa_device.testing_mfa_qr.qr_code_png
}

# backend.tfvars
bucket         = "<redacted>"
key            = "terraform/states/tf_example"
region         = "us-west-2"
encrypt        = true

Debug Output

https://gist.github.com/agargiulo/7a294288f65ae34fa5777f3c5ae086ed

Panic Output

Expected Behavior

$> terraform output -raw mfa_qr > qr_code.png
$> file qr_code.png
qr_code.png: PNG image data, 250 x 250, 8-bit/color RGB, non-interlaced
$> identify qr_code.png
qr_code.png: PNG 250x250 250x250+0+0 8-bit sRGB 1637B 0.000u 0:00.012

The raw output from this should be a valid PNG file.

Actual Behavior

The data saved into the JSON state and then fetched and saved to disk is jumbled badly It sort of resembles a PNG but it's invalid

$> terraform output -raw mfa_qr > qr_code.png
$> file qr_code.png
qr_code.png: data
$> identify qr_code.png
identify: no decode delegate for this image format `' @ error/constitute.c/ReadImage/737.

Steps to Reproduce

1. terraform apply

Important Factoids

References

• Related Pull Request: r/iam_virtual_mfa_device - new resource #23113

[agargiulo]

So I did some debugging outside of the steps in the issue here. It turns out if you JSON encode the string of the raw QR code data from the AWS API response, you get gibberish. if you JSON encode just the raw []byte slice it base64 encodes it before marshaling it to the JSON object (This might be different for cty but I feel the issue is the same for both and I get similar looking bad PNG data from the native encoding/json module.

Also, with the data in the format it's in, any time that QR binary data shows up in the plans, it messes with my terminal as it tries to display the binary data as best it can.

[Chr96er]

I just ran into this issue. Have you found a solution in the end? Unfortunately I don't quite get what the results of your investigation mean.

[breisig]

Good question, what was the fix for this?

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!