[Bug]: Crash removing network prefix list from AWS managed grafana resource

[jonathanallen]

Terraform Core Version

1.8.5

AWS Provider Version

5.57

Affected Resource(s)

resource "aws_grafana_workspace"

Expected Behavior

Update state to recognize there is no NACL on the resource

Actual Behavior

Crash.

Relevant Error/Panic Output Snippet

tack trace from the terraform-provider-aws_v5.57.0_x5 plugin:

panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 44 [running]:
github.com/hashicorp/terraform-provider-aws/internal/service/grafana.expandNetworkAccessControl({0x14002eb91d0?, 0x113f549a5?, 0x4?})
        github.com/hashicorp/terraform-provider-aws/internal/service/grafana/workspace.go:588 +0x1a4
github.com/hashicorp/terraform-provider-aws/internal/service/grafana.resourceWorkspaceUpdate({0x119449308, 0x14002eb2f00}, 0x14000bb8c80, {0x1191ae960, 0x14003061110})
        github.com/hashicorp/terraform-provider-aws/internal/service/grafana/workspace.go:360 +0xcf4
github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0x14000bb8c80?, {0x1191ae960?, 0x14003061110})
        github.com/hashicorp/terraform-provider-aws/internal/provider/intercept.go:113 +0x1d8
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0x119449308?, {0x119449308?, 0x14002e84900?}, 0xd?, {0x1191ae960?, 0x14003061110?})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource.go:835 +0x64
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x14001a3d5e0, {0x119449308, 0x14002e84900}, 0x140032e8ea0, 0x14000bb8600, {0x1191ae960, 0x14003061110})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource.go:947 +0x670
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x14001d34d80, {0x119449308?, 0x14002e84840?}, 0x140031a5270)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/grpc_provider.go:1153 +0xaa4
github.com/hashicorp/terraform-plugin-mux/tf5muxserver.(*muxServer).ApplyResourceChange(0x14001549a40, {0x119449308?, 0x14002e84570?}, 0x140031a5270)
        github.com/hashicorp/terraform-plugin-mux@v0.16.0/tf5muxserver/mux_server_ApplyResourceChange.go:36 +0x184
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0x140013c68c0, {0x119449308?, 0x14002c69b30?}, 0x14001760310)
        github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/tf5server/server.go:865 +0x2b4
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x118f743a0, 0x140013c68c0}, {0x119449308, 0x14002c69b30}, 0x140001f9c00, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:518 +0x1c0
google.golang.org/grpc.(*Server).processUnaryRPC(0x140018f9000, {0x119449308, 0x14002c69aa0}, {0x1194a2660, 0x14000da0c00}, 0x14002c78900, 0x14003101740, 0x1229b9678, 0x0)
        google.golang.org/grpc@v1.63.2/server.go:1369 +0xb58
google.golang.org/grpc.(*Server).handleStream(0x140018f9000, {0x1194a2660, 0x14000da0c00}, 0x14002c78900)
        google.golang.org/grpc@v1.63.2/server.go:1780 +0xb20
google.golang.org/grpc.(*Server).serveStreams.func2.1()
        google.golang.org/grpc@v1.63.2/server.go:1019 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 55
        google.golang.org/grpc@v1.63.2/server.go:1030 +0x13c
panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 99 [running]:
github.com/hashicorp/terraform-provider-aws/internal/service/grafana.expandNetworkAccessControl({0x1400344b6d0?, 0x1114149a5?, 0x4?})
        github.com/hashicorp/terraform-provider-aws/internal/service/grafana/workspace.go:588 +0x1a4
github.com/hashicorp/terraform-provider-aws/internal/service/grafana.resourceWorkspaceUpdate({0x116909308, 0x140034428d0}, 0x14001123d80, {0x11666e960, 0x140047496c0})
        github.com/hashicorp/terraform-provider-aws/internal/service/grafana/workspace.go:360 +0xcf4
github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0x14001123d80?, {0x11666e960?, 0x140047496c0})
        github.com/hashicorp/terraform-provider-aws/internal/provider/intercept.go:113 +0x1d8
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0x116909308?, {0x116909308?, 0x140033ec360?}, 0xd?, {0x11666e960?, 0x140047496c0?})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource.go:835 +0x64
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x14001a99880, {0x116909308, 0x140033ec360}, 0x1400184dc70, 0x14001123b80, {0x11666e960, 0x140047496c0})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource.go:947 +0x670
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x140047562e8, {0x116909308?, 0x140033ec2a0?}, 0x14003397400)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/grpc_provider.go:1153 +0xaa4
github.com/hashicorp/terraform-plugin-mux/tf5muxserver.(*muxServer).ApplyResourceChange(0x140001ce380, {0x116909308?, 0x140033d3f50?}, 0x14003397400)
        github.com/hashicorp/terraform-plugin-mux@v0.16.0/tf5muxserver/mux_server_ApplyResourceChange.go:36 +0x184
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0x14000f06460, {0x116909308?, 0x140033d3590?}, 0x140015dfea0)
        github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/tf5server/server.go:865 +0x2b4
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x1164343a0, 0x14000f06460}, {0x116909308, 0x140033d3590}, 0x14001123180, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:518 +0x1c0
google.golang.org/grpc.(*Server).processUnaryRPC(0x14001ef0000, {0x116909308, 0x140033d3500}, {0x116962660, 0x14000533b00}, 0x140033e2000, 0x140036382d0, 0x11fe79678, 0x0)
        google.golang.org/grpc@v1.63.2/server.go:1369 +0xb58
google.golang.org/grpc.(*Server).handleStream(0x14001ef0000, {0x116962660, 0x14000533b00}, 0x140033e2000)
        google.golang.org/grpc@v1.63.2/server.go:1780 +0xb20
google.golang.org/grpc.(*Server).serveStreams.func2.1()
        google.golang.org/grpc@v1.63.2/server.go:1019 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 25
        google.golang.org/grpc@v1.63.2/server.go:1030 +0x13c

Error: The terraform-provider-aws_v5.57.0_x5 plugin crashed!

Terraform Configuration Files

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place

Terraform will perform the following actions:

module.XXXXX.aws_grafana_workspace.this[0] will be updated in-place

~ resource "aws_grafana_workspace" "this" { id = "g-XXXXXX" name = "XXXXXX" tags = {}

(16 unchanged attributes hidden)

  + network_access_control {}

    # (1 unchanged block hidden)
}

module.XXXXXX.aws_grafana_workspace.this[0] will be updated in-place

~ resource "aws_grafana_workspace" "this" { id = "g-XXXXXX" name = "XXXXXX" tags = {}

(16 unchanged attributes hidden)

  + network_access_control {}

    # (1 unchanged block hidden)

Steps to Reproduce

Add grafana resource with a network resource. Attempt to update grafana resource to go to an unconfigured network access control: network_access_control = { prefix_list_ids = [] vpce_ids = [] }

Get errors during the Terraform update:

│ Error: updating Grafana Workspace (g-XXXX): InvalidParameter: 2 validation error(s) found. │ - missing required field, UpdateWorkspaceInput.NetworkAccessControl.PrefixListIds. │ - missing required field, UpdateWorkspaceInput.NetworkAccessControl.VpceIds.

Use AWS Console to reconfigure Grafana workspace to open access.

Change TF config to empty values, run TF, provider crashes.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.