search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.12k stars 9.47k forks source link

CloudFront Lambda@Edge Diff Mismatch #18218

Closed gcallaghan closed 6 years ago

gcallaghan commented 6 years ago

Terraform Version

$ terraform -v
Terraform v0.11.7

Terraform Configuration Files

[... snip ...]

resource "aws_cloudfront_distribution" "default" {
  enabled             = "${var.enabled}"
  is_ipv6_enabled     = "${var.is_ipv6_enabled}"
  comment             = "${var.comment}"
  default_root_object = "${var.default_root_object}"
  price_class         = "${var.price_class}"
  depends_on          = ["aws_s3_bucket.origin"]

  logging_config = {
    include_cookies = "${var.log_include_cookies}"
    bucket          = "${aws_s3_bucket.logs.bucket_domain_name}"
    prefix          = "${var.log_prefix}"
  }

  origin {
    domain_name = "${null_resource.default.triggers.bucket_domain_name}"
    origin_id   = "${var.env}.${var.name}.ui"
    origin_path = "${var.origin_path}"

    s3_origin_config {
      origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
    }
  }

  viewer_certificate {
    acm_certificate_arn            = "${var.acm_certificate_arn}"
    ssl_support_method             = "sni-only"
    minimum_protocol_version       = "TLSv1"
    cloudfront_default_certificate = "${var.acm_certificate_arn == "" ? true : false}"
  }

  default_cache_behavior {
    allowed_methods  = "${var.allowed_methods}"
    cached_methods   = "${var.cached_methods}"
    target_origin_id = "${var.env}.${var.name}.ui"
    compress         = "${var.compress}"

    forwarded_values {
      query_string = "${var.forward_query_string}"

      cookies {
        forward = "${var.forward_cookies}"
      }
    }

    lambda_function_association {
      event_type = "viewer-response"
      lambda_arn = "${var.lambda_arn}"
    }

    viewer_protocol_policy = "${var.viewer_protocol_policy}"
    default_ttl            = "${var.default_ttl}"
    min_ttl                = "${var.min_ttl}"
    max_ttl                = "${var.max_ttl}"
  }

  restrictions {
    geo_restriction {
      restriction_type = "${var.geo_restriction_type}"
      locations        = "${var.geo_restriction_locations}"
    }
  }
  # If there is a 404, return index.html with a HTTP 200 Response
  custom_error_response {
      error_caching_min_ttl = 3000
      error_code = 404
      response_code = 200
      response_page_path = "/index.html"
  }

  tags = "${var.tags}"
}

[... snip ...]

resource "aws_lambda_function" "source" {
  filename         = "${path.module}/data.zip"
  source_code_hash = "${data.archive_file.source.output_base64sha256}"
  function_name    = "ui-security-headers"
  role             = "${aws_iam_role.lambda.arn}"
  handler          = "lambda.handler"
  runtime          = "nodejs8.10"
  publish          = true
  timeout          = 5
  tags             = "${var.tags}"

  lifecycle {
    ignore_changes = ["source_code_hash"]
  }
}

[... snip ...]

module "ui" {
  source = "../../modules/ui"
  name = "${var.name}"
  env = "${var.env}"
  acm_certificate_arn = "${var.acm_certificate_arn}"
  lambda_arn = "${module.uiLambda.arn}"
  tags {
    Name = "${var.namespace}"
    Infra = "${var.name}"
    Environment = "${var.env}"
    Terraformed = true
  }
}

module "uiLambda" {
  source = "../../modules/uiLambda"
  tld = "${var.tld}"
  tags {
    Name = "${var.namespace}"
    Infra = "${var.name}"
    Environment = "${var.env}"
    Terraformed = true
  }
  providers = {
    aws = "aws.lambdaAtEdge"
  }
}

Debug Output

Expected Behavior

Applying a CloudFormation with a Lambda@Edge cach behavior should succeed

Actual Behavior

❤ applying terraform module.uiLambda.data.archive_file.source: Refreshing state...

Error: Error applying plan:

1 error(s) occurred:

Please include the following information in your report:

Terraform Version: 0.11.7
Resource ID: aws_cloudfront_distribution.default
Mismatch reason: attribute mismatch: default_cache_behavior.3342391770.allowed_methods.#
Diff One (usually from plan): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{"default_cache_behavior.3342391770.forwarded_values.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.min_ttl":*terraform.ResourceAttrDiff{Old:"", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.allowed_methods.4":*terraform.ResourceAttrDiff{Old:"OPTIONS", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.cached_methods.#":*terraform.ResourceAttrDiff{Old:"2", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.allowed_methods.5":*terraform.ResourceAttrDiff{Old:"", New:"POST", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.allowed_methods.5":*terraform.ResourceAttrDiff{Old:"PUT", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.trusted_signers.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.allowed_methods.3":*terraform.ResourceAttrDiff{Old:"GET", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.allowed_methods.0":*terraform.ResourceAttrDiff{Old:"", New:"DELETE", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.allowed_methods.3":*terraform.ResourceAttrDiff{Old:"", New:"OPTIONS", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.forwarded_values.2759845635.cookies.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.allowed_methods.6":*terraform.ResourceAttrDiff{Old:"", New:"PUT", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.viewer_protocol_policy":*terraform.ResourceAttrDiff{Old:"", New:"https-only", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.forwarded_values.2759845635.headers.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.allowed_methods.2":*terraform.ResourceAttrDiff{Old:"", New:"HEAD", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.max_ttl":*terraform.ResourceAttrDiff{Old:"31536000", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.field_level_encryption_id":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.allowed_methods.2":*terraform.ResourceAttrDiff{Old:"POST", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.field_level_encryption_id":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.forwarded_values.2759845635.cookies.2625240281.whitelisted_names.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.viewer_protocol_policy":*terraform.ResourceAttrDiff{Old:"https-only", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.target_origin_id":*terraform.ResourceAttrDiff{Old:"prod.ciitizen.ui", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.forwarded_values.2759845635.headers.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.forwarded_values.2759845635.cookies.2625240281.forward":*terraform.ResourceAttrDiff{Old:"", New:"none", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.forwarded_values.2759845635.cookies.2625240281.whitelisted_names.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.forwarded_values.2759845635.query_string_cache_keys.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.smooth_streaming":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.allowed_methods.0":*terraform.ResourceAttrDiff{Old:"HEAD", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.forwarded_values.2759845635.cookies.#":*terraform.ResourceAttrDiff{Old:"0", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.allowed_methods.4":*terraform.ResourceAttrDiff{Old:"", New:"PATCH", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.lambda_function_association.3038776619.lambda_arn":*terraform.ResourceAttrDiff{Old:"arn:aws:lambda:us-east-1:793115840241:function:ui-security-headers:6", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.default_ttl":*terraform.ResourceAttrDiff{Old:"", New:"60", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.allowed_methods.#":*terraform.ResourceAttrDiff{Old:"0", New:"7", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.forwarded_values.2759845635.query_string":*terraform.ResourceAttrDiff{Old:"", New:"false", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.cached_methods.0":*terraform.ResourceAttrDiff{Old:"", New:"GET", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.lambda_function_association.~555803187.lambda_arn":*terraform.ResourceAttrDiff{Old:"", New:"${var.lambda_arn}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.cached_methods.0":*terraform.ResourceAttrDiff{Old:"HEAD", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.forwarded_values.#":*terraform.ResourceAttrDiff{Old:"0", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.allowed_methods.1":*terraform.ResourceAttrDiff{Old:"", New:"GET", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.allowed_methods.#":*terraform.ResourceAttrDiff{Old:"7", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.max_ttl":*terraform.ResourceAttrDiff{Old:"", New:"31536000", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.cached_methods.1":*terraform.ResourceAttrDiff{Old:"", New:"HEAD", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.compress":*terraform.ResourceAttrDiff{Old:"", New:"true", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.allowed_methods.1":*terraform.ResourceAttrDiff{Old:"DELETE", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.compress":*terraform.ResourceAttrDiff{Old:"true", New:"false", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.smooth_streaming":*terraform.ResourceAttrDiff{Old:"false", New:"false", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.cached_methods.1":*terraform.ResourceAttrDiff{Old:"GET", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.lambda_function_association.3038776619.event_type":*terraform.ResourceAttrDiff{Old:"viewer-response", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.default_ttl":*terraform.ResourceAttrDiff{Old:"60", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.trusted_signers.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.forwarded_values.2759845635.cookies.2625240281.forward":*terraform.ResourceAttrDiff{Old:"none", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.lambda_function_association.~555803187.event_type":*terraform.ResourceAttrDiff{Old:"", New:"viewer-response", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.lambda_function_association.#":*terraform.ResourceAttrDiff{Old:"0", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.min_ttl":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.lambda_function_association.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.forwarded_values.2759845635.query_string_cache_keys.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.cached_methods.#":*terraform.ResourceAttrDiff{Old:"0", New:"2", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.~1387385551.target_origin_id":*terraform.ResourceAttrDiff{Old:"", New:"prod.ciitizen.ui", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.forwarded_values.2759845635.query_string":*terraform.ResourceAttrDiff{Old:"false", New:"false", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "default_cache_behavior.3342391770.allowed_methods.6":*terraform.ResourceAttrDiff{Old:"PATCH", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}
Diff Two (usually from apply): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff(nil), Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}

Also include as much context as you can about your config, state, and the steps you performed to trigger this error.

Terraform does not automatically rollback in the face of errors. Instead, your Terraform state file has been partially updated with any resources that successfully completed. Please address the error above and apply again to incrementally change your infrastructure.

✗ applying terraform - FAIL

Steps to Reproduce

  1. terraform init -backend-config="path=${DIR_OUT}/terraform.tfstate" ${DIR_OUT}
  2. terraform validate -var-file=${DIR_OUT}/vars.tfvars ${DIR_OUT}
  3. terraform plan -var-file=${DIR_OUT}/vars.tfvars -out ${DIR_OUT}/terraform.tfplan ${DIR_OUT}
  4. terraform apply ${DIR_OUT}/terraform.tfplan
gcallaghan commented 6 years ago

looks like a duplicate of https://github.com/hashicorp/terraform/issues/17637

nutellinoit commented 5 years ago

I had the same problem and I solved inserting lambda inside an ordered_cache_behavior using path pattern *

ordered_cache_behaviour has priority over default behaviour

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.