hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.85k stars 9.2k forks source link

QR Code PNG data from aws_iam_virtual_mfa_device is broken #23913

Open agargiulo opened 2 years ago

agargiulo commented 2 years ago

Community Note

Terraform CLI and Terraform AWS Provider Version

[14:38:07] % terraform -v
Terraform v1.1.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.8.0
+ provider registry.terraform.io/hashicorp/dns v3.2.3
+ provider registry.terraform.io/hashicorp/local v2.2.2
+ provider registry.terraform.io/hashicorp/null v3.1.1
+ provider registry.terraform.io/hashicorp/random v3.1.2

Affected Resource(s)

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

# main.tf
provider "aws" {
  region = "us-west-2"
}

terraform {
  backend "s3" {}
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4"
    }
  }
  required_version = "~> 1.1"
}

resource "aws_iam_virtual_mfa_device" "testing_mfa_qr" {
  virtual_mfa_device_name = "qr_png_test"
}

output "mfa_qr" {
  sensitive = true
  value     = aws_iam_virtual_mfa_device.testing_mfa_qr.qr_code_png
}
# backend.tfvars
bucket         = "<redacted>"
key            = "terraform/states/tf_example"
region         = "us-west-2"
encrypt        = true

Debug Output

https://gist.github.com/agargiulo/7a294288f65ae34fa5777f3c5ae086ed

Panic Output

Expected Behavior

$> terraform output -raw mfa_qr > qr_code.png
$> file qr_code.png
qr_code.png: PNG image data, 250 x 250, 8-bit/color RGB, non-interlaced
$> identify qr_code.png
qr_code.png: PNG 250x250 250x250+0+0 8-bit sRGB 1637B 0.000u 0:00.012

The raw output from this should be a valid PNG file.

Actual Behavior

The data saved into the JSON state and then fetched and saved to disk is jumbled badly It sort of resembles a PNG but it's invalid

$> terraform output -raw mfa_qr > qr_code.png
$> file qr_code.png
qr_code.png: data
$> identify qr_code.png
identify: no decode delegate for this image format `' @ error/constitute.c/ReadImage/737.

Steps to Reproduce

  1. terraform apply

Important Factoids

References

agargiulo commented 2 years ago

So I did some debugging outside of the steps in the issue here. It turns out if you JSON encode the string of the raw QR code data from the AWS API response, you get gibberish. if you JSON encode just the raw []byte slice it base64 encodes it before marshaling it to the JSON object (This might be different for cty but I feel the issue is the same for both and I get similar looking bad PNG data from the native encoding/json module.

Also, with the data in the format it's in, any time that QR binary data shows up in the plans, it messes with my terminal as it tries to display the binary data as best it can.

Chr96er commented 2 years ago

I just ran into this issue. Have you found a solution in the end? Unfortunately I don't quite get what the results of your investigation mean.

breisig commented 2 years ago

Good question, what was the fix for this?

github-actions[bot] commented 3 weeks ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!