-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error during apply of aws_cloudfront_distribution using aws_cloudfront_origin_access_identity #824
Comments
We've been experiencing this issue anytime we rebuild our cloudfront distribution. Is there any work around other then running the same apply again? |
Sorry, what is the original issue? The gist linked here is gone. |
Sorry, the url has changed: |
…ributes for better difference handling References: * #7709 * #5526 * #4338 * #3842 * #3766 * #3256 * #1194 * #824 * #416 The usage of `TypeSet` for single container block attributes can cause unnecessary problems with Terraform's difference logic and makes plan output unnecessarily more difficult to read. Here we adjust these to `TypeList`. Converted the following from `Type: schema.TypeSet` and `MaxItems: 1` to `Type: schema.TypeList`: * `default_cache_behavior` configuration block * `default_cache_behavior` configuration block `forwarded_values` configuration block * `default_cache_behavior` configuration block `forwarded_values` configuration block `cookies` configuration block * `logging_config` configuration block * `origin` configuration block `custom_origin_config` configuration block * `origin` configuration block `s3_origin_config` configuration block * `ordered_cache_behavior` configuration block `forwarded_values` configuration block * `ordered_cache_behavior` configuration block `forwarded_values` configuration block `cookies` configuration block * `restrictions` configuration block * `restrictions` configuration block `geo_restriction` configuration block * `viewer_certificate` configuration block The usage of `TypeList` for arguments where ordering does not matter causes unnecessary hassle for operators to match their configuration to the CloudFront API. Here we replace these with `TypeSet` to ignore ordering. Converted the following from `Type: schema.TypeList` to `Type: schema.TypeSet`: * `default_cache_behavior` configuration block `allowed_methods` argument * `default_cache_behavior` configuration block `cached_methods` argument * `origin` configuration block `custom_origin_config` configuration block `origin_ssl_protocols` argument * `restrictions` configuration block `geo_restriction` configuration block `locations` argument This change was verified with a live configuration outside the acceptance testing framework with Terraform 0.11 as effectively a no-op for the most common use case configurations that do not later reference these attributes. ```console $ terraform apply ... aws_cloudfront_distribution.test: Creating... active_trusted_signers.%: "" => "<computed>" arn: "" => "<computed>" caller_reference: "" => "<computed>" default_cache_behavior.#: "0" => "1" default_cache_behavior.1848826977.allowed_methods.#: "0" => "7" default_cache_behavior.1848826977.allowed_methods.0: "" => "DELETE" default_cache_behavior.1848826977.allowed_methods.1: "" => "GET" default_cache_behavior.1848826977.allowed_methods.2: "" => "HEAD" default_cache_behavior.1848826977.allowed_methods.3: "" => "OPTIONS" default_cache_behavior.1848826977.allowed_methods.4: "" => "PATCH" default_cache_behavior.1848826977.allowed_methods.5: "" => "POST" default_cache_behavior.1848826977.allowed_methods.6: "" => "PUT" default_cache_behavior.1848826977.cached_methods.#: "0" => "2" default_cache_behavior.1848826977.cached_methods.0: "" => "GET" default_cache_behavior.1848826977.cached_methods.1: "" => "HEAD" default_cache_behavior.1848826977.compress: "" => "false" default_cache_behavior.1848826977.default_ttl: "" => "100" default_cache_behavior.1848826977.field_level_encryption_id: "" => "" default_cache_behavior.1848826977.forwarded_values.#: "0" => "1" default_cache_behavior.1848826977.forwarded_values.2510654351.cookies.#: "0" => "1" default_cache_behavior.1848826977.forwarded_values.2510654351.cookies.1870923232.forward: "" => "all" default_cache_behavior.1848826977.forwarded_values.2510654351.cookies.1870923232.whitelisted_names.#: "0" => "0" default_cache_behavior.1848826977.forwarded_values.2510654351.headers.#: "0" => "0" default_cache_behavior.1848826977.forwarded_values.2510654351.query_string: "" => "false" default_cache_behavior.1848826977.forwarded_values.2510654351.query_string_cache_keys.#: "0" => "0" default_cache_behavior.1848826977.lambda_function_association.#: "0" => "0" default_cache_behavior.1848826977.max_ttl: "" => "100" default_cache_behavior.1848826977.min_ttl: "" => "100" default_cache_behavior.1848826977.smooth_streaming: "" => "true" default_cache_behavior.1848826977.target_origin_id: "" => "myCustomOrigin" default_cache_behavior.1848826977.trusted_signers.#: "0" => "0" default_cache_behavior.1848826977.viewer_protocol_policy: "" => "allow-all" domain_name: "" => "<computed>" enabled: "" => "true" etag: "" => "<computed>" hosted_zone_id: "" => "<computed>" http_version: "" => "http2" in_progress_validation_batches: "" => "<computed>" is_ipv6_enabled: "" => "false" last_modified_time: "" => "<computed>" ordered_cache_behavior.#: "0" => "2" ordered_cache_behavior.0.allowed_methods.#: "0" => "7" ordered_cache_behavior.0.allowed_methods.1012961568: "" => "POST" ordered_cache_behavior.0.allowed_methods.1040875975: "" => "GET" ordered_cache_behavior.0.allowed_methods.1445840968: "" => "HEAD" ordered_cache_behavior.0.allowed_methods.1741119464: "" => "PATCH" ordered_cache_behavior.0.allowed_methods.348445828: "" => "DELETE" ordered_cache_behavior.0.allowed_methods.3982006612: "" => "OPTIONS" ordered_cache_behavior.0.allowed_methods.4024585617: "" => "PUT" ordered_cache_behavior.0.cached_methods.#: "0" => "2" ordered_cache_behavior.0.cached_methods.1040875975: "" => "GET" ordered_cache_behavior.0.cached_methods.1445840968: "" => "HEAD" ordered_cache_behavior.0.compress: "" => "false" ordered_cache_behavior.0.default_ttl: "" => "50" ordered_cache_behavior.0.forwarded_values.#: "0" => "1" ordered_cache_behavior.0.forwarded_values.2555876073.cookies.#: "0" => "1" ordered_cache_behavior.0.forwarded_values.2555876073.cookies.2625240281.forward: "" => "none" ordered_cache_behavior.0.forwarded_values.2555876073.cookies.2625240281.whitelisted_names.#: "0" => "0" ordered_cache_behavior.0.forwarded_values.2555876073.headers.#: "0" => "0" ordered_cache_behavior.0.forwarded_values.2555876073.query_string: "" => "true" ordered_cache_behavior.0.forwarded_values.2555876073.query_string_cache_keys.#: "0" => "0" ordered_cache_behavior.0.max_ttl: "" => "50" ordered_cache_behavior.0.min_ttl: "" => "50" ordered_cache_behavior.0.path_pattern: "" => "images1/*.jpg" ordered_cache_behavior.0.target_origin_id: "" => "myCustomOrigin" ordered_cache_behavior.0.viewer_protocol_policy: "" => "allow-all" ordered_cache_behavior.1.allowed_methods.#: "0" => "7" ordered_cache_behavior.1.allowed_methods.1012961568: "" => "POST" ordered_cache_behavior.1.allowed_methods.1040875975: "" => "GET" ordered_cache_behavior.1.allowed_methods.1445840968: "" => "HEAD" ordered_cache_behavior.1.allowed_methods.1741119464: "" => "PATCH" ordered_cache_behavior.1.allowed_methods.348445828: "" => "DELETE" ordered_cache_behavior.1.allowed_methods.3982006612: "" => "OPTIONS" ordered_cache_behavior.1.allowed_methods.4024585617: "" => "PUT" ordered_cache_behavior.1.cached_methods.#: "0" => "2" ordered_cache_behavior.1.cached_methods.1040875975: "" => "GET" ordered_cache_behavior.1.cached_methods.1445840968: "" => "HEAD" ordered_cache_behavior.1.compress: "" => "false" ordered_cache_behavior.1.default_ttl: "" => "51" ordered_cache_behavior.1.forwarded_values.#: "0" => "1" ordered_cache_behavior.1.forwarded_values.2555876073.cookies.#: "0" => "1" ordered_cache_behavior.1.forwarded_values.2555876073.cookies.2625240281.forward: "" => "none" ordered_cache_behavior.1.forwarded_values.2555876073.cookies.2625240281.whitelisted_names.#: "0" => "0" ordered_cache_behavior.1.forwarded_values.2555876073.headers.#: "0" => "0" ordered_cache_behavior.1.forwarded_values.2555876073.query_string: "" => "true" ordered_cache_behavior.1.forwarded_values.2555876073.query_string_cache_keys.#: "0" => "0" ordered_cache_behavior.1.max_ttl: "" => "51" ordered_cache_behavior.1.min_ttl: "" => "51" ordered_cache_behavior.1.path_pattern: "" => "images2/*.jpg" ordered_cache_behavior.1.target_origin_id: "" => "myCustomOrigin" ordered_cache_behavior.1.viewer_protocol_policy: "" => "allow-all" origin.#: "0" => "1" origin.1857972443.custom_header.#: "0" => "0" origin.1857972443.custom_origin_config.#: "0" => "1" origin.1857972443.custom_origin_config.3832794885.http_port: "" => "80" origin.1857972443.custom_origin_config.3832794885.https_port: "" => "443" origin.1857972443.custom_origin_config.3832794885.origin_keepalive_timeout: "" => "5" origin.1857972443.custom_origin_config.3832794885.origin_protocol_policy: "" => "http-only" origin.1857972443.custom_origin_config.3832794885.origin_read_timeout: "" => "30" origin.1857972443.custom_origin_config.3832794885.origin_ssl_protocols.#: "0" => "2" origin.1857972443.custom_origin_config.3832794885.origin_ssl_protocols.0: "" => "SSLv3" origin.1857972443.custom_origin_config.3832794885.origin_ssl_protocols.1: "" => "TLSv1" origin.1857972443.domain_name: "" => "www.example.com" origin.1857972443.origin_id: "" => "myCustomOrigin" origin.1857972443.origin_path: "" => "" origin.1857972443.s3_origin_config.#: "0" => "0" price_class: "" => "PriceClass_All" restrictions.#: "0" => "1" restrictions.811065190.geo_restriction.#: "0" => "1" restrictions.811065190.geo_restriction.1303118592.locations.#: "0" => "4" restrictions.811065190.geo_restriction.1303118592.locations.0: "" => "US" restrictions.811065190.geo_restriction.1303118592.locations.1: "" => "CA" restrictions.811065190.geo_restriction.1303118592.locations.2: "" => "GB" restrictions.811065190.geo_restriction.1303118592.locations.3: "" => "DE" restrictions.811065190.geo_restriction.1303118592.restriction_type: "" => "whitelist" retain_on_delete: "" => "false" status: "" => "<computed>" viewer_certificate.#: "0" => "1" viewer_certificate.69840937.acm_certificate_arn: "" => "" viewer_certificate.69840937.cloudfront_default_certificate: "" => "true" viewer_certificate.69840937.iam_certificate_id: "" => "" viewer_certificate.69840937.minimum_protocol_version: "" => "TLSv1" viewer_certificate.69840937.ssl_support_method: "" => "" aws_cloudfront_distribution.test: Creation complete after 0s (ID: E3K1GJF3SSNJRN) Apply complete! Resources: 1 added, 0 changed, 0 destroyed. $ cp ~/go/bin/terraform-provider-aws .terraform/plugins/darwin_amd64/terraform-provider-aws_v1.60.0_x4; terraform init # this binary is an updated Terraform AWS Provider built with these changes $ terraform apply # Here we see no state migration required aws_cloudfront_distribution.test: Refreshing state... (ID: E3K1GJF3SSNJRN) Apply complete! Resources: 0 added, 0 changed, 0 destroyed. $ terraform state show aws_cloudfront_distribution.test # Here we see a successful state refresh with the new layout id = E3K1GJF3SSNJRN active_trusted_signers.% = 2 active_trusted_signers.enabled = false active_trusted_signers.items.# = 0 aliases.# = 0 arn = arn:aws:cloudfront::187416307283:distribution/E3K1GJF3SSNJRN caller_reference = 2019-02-25T14:51:42.674464-05:00 custom_error_response.# = 0 default_cache_behavior.# = 1 default_cache_behavior.0.allowed_methods.# = 7 default_cache_behavior.0.allowed_methods.1012961568 = POST default_cache_behavior.0.allowed_methods.1040875975 = GET default_cache_behavior.0.allowed_methods.1445840968 = HEAD default_cache_behavior.0.allowed_methods.1741119464 = PATCH default_cache_behavior.0.allowed_methods.348445828 = DELETE default_cache_behavior.0.allowed_methods.3982006612 = OPTIONS default_cache_behavior.0.allowed_methods.4024585617 = PUT default_cache_behavior.0.cached_methods.# = 2 default_cache_behavior.0.cached_methods.1040875975 = GET default_cache_behavior.0.cached_methods.1445840968 = HEAD default_cache_behavior.0.compress = false default_cache_behavior.0.default_ttl = 100 default_cache_behavior.0.field_level_encryption_id = default_cache_behavior.0.forwarded_values.# = 1 default_cache_behavior.0.forwarded_values.0.cookies.# = 1 default_cache_behavior.0.forwarded_values.0.cookies.0.forward = all default_cache_behavior.0.forwarded_values.0.cookies.0.whitelisted_names.# = 0 default_cache_behavior.0.forwarded_values.0.headers.# = 0 default_cache_behavior.0.forwarded_values.0.query_string = false default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.# = 0 default_cache_behavior.0.lambda_function_association.# = 0 default_cache_behavior.0.max_ttl = 100 default_cache_behavior.0.min_ttl = 100 default_cache_behavior.0.smooth_streaming = true default_cache_behavior.0.target_origin_id = myCustomOrigin default_cache_behavior.0.trusted_signers.# = 0 default_cache_behavior.0.viewer_protocol_policy = allow-all default_root_object = domain_name = dot6h04nf0cmx.cloudfront.net enabled = true etag = E33ZADXZHBHVXT hosted_zone_id = Z2FDTNDATAQYW2 http_version = http2 in_progress_validation_batches = 0 is_ipv6_enabled = false last_modified_time = 2019-02-26 02:22:40.558 +0000 UTC logging_config.# = 0 ordered_cache_behavior.# = 2 ordered_cache_behavior.0.allowed_methods.# = 7 ordered_cache_behavior.0.allowed_methods.1012961568 = POST ordered_cache_behavior.0.allowed_methods.1040875975 = GET ordered_cache_behavior.0.allowed_methods.1445840968 = HEAD ordered_cache_behavior.0.allowed_methods.1741119464 = PATCH ordered_cache_behavior.0.allowed_methods.348445828 = DELETE ordered_cache_behavior.0.allowed_methods.3982006612 = OPTIONS ordered_cache_behavior.0.allowed_methods.4024585617 = PUT ordered_cache_behavior.0.cached_methods.# = 2 ordered_cache_behavior.0.cached_methods.1040875975 = GET ordered_cache_behavior.0.cached_methods.1445840968 = HEAD ordered_cache_behavior.0.compress = false ordered_cache_behavior.0.default_ttl = 50 ordered_cache_behavior.0.field_level_encryption_id = ordered_cache_behavior.0.forwarded_values.# = 1 ordered_cache_behavior.0.forwarded_values.0.cookies.# = 1 ordered_cache_behavior.0.forwarded_values.0.cookies.0.forward = none ordered_cache_behavior.0.forwarded_values.0.cookies.0.whitelisted_names.# = 0 ordered_cache_behavior.0.forwarded_values.0.headers.# = 0 ordered_cache_behavior.0.forwarded_values.0.query_string = true ordered_cache_behavior.0.forwarded_values.0.query_string_cache_keys.# = 0 ordered_cache_behavior.0.lambda_function_association.# = 0 ordered_cache_behavior.0.max_ttl = 50 ordered_cache_behavior.0.min_ttl = 50 ordered_cache_behavior.0.path_pattern = images1/*.jpg ordered_cache_behavior.0.smooth_streaming = false ordered_cache_behavior.0.target_origin_id = myCustomOrigin ordered_cache_behavior.0.trusted_signers.# = 0 ordered_cache_behavior.0.viewer_protocol_policy = allow-all ordered_cache_behavior.1.allowed_methods.# = 7 ordered_cache_behavior.1.allowed_methods.1012961568 = POST ordered_cache_behavior.1.allowed_methods.1040875975 = GET ordered_cache_behavior.1.allowed_methods.1445840968 = HEAD ordered_cache_behavior.1.allowed_methods.1741119464 = PATCH ordered_cache_behavior.1.allowed_methods.348445828 = DELETE ordered_cache_behavior.1.allowed_methods.3982006612 = OPTIONS ordered_cache_behavior.1.allowed_methods.4024585617 = PUT ordered_cache_behavior.1.cached_methods.# = 2 ordered_cache_behavior.1.cached_methods.1040875975 = GET ordered_cache_behavior.1.cached_methods.1445840968 = HEAD ordered_cache_behavior.1.compress = false ordered_cache_behavior.1.default_ttl = 51 ordered_cache_behavior.1.field_level_encryption_id = ordered_cache_behavior.1.forwarded_values.# = 1 ordered_cache_behavior.1.forwarded_values.0.cookies.# = 1 ordered_cache_behavior.1.forwarded_values.0.cookies.0.forward = none ordered_cache_behavior.1.forwarded_values.0.cookies.0.whitelisted_names.# = 0 ordered_cache_behavior.1.forwarded_values.0.headers.# = 0 ordered_cache_behavior.1.forwarded_values.0.query_string = true ordered_cache_behavior.1.forwarded_values.0.query_string_cache_keys.# = 0 ordered_cache_behavior.1.lambda_function_association.# = 0 ordered_cache_behavior.1.max_ttl = 51 ordered_cache_behavior.1.min_ttl = 51 ordered_cache_behavior.1.path_pattern = images2/*.jpg ordered_cache_behavior.1.smooth_streaming = false ordered_cache_behavior.1.target_origin_id = myCustomOrigin ordered_cache_behavior.1.trusted_signers.# = 0 ordered_cache_behavior.1.viewer_protocol_policy = allow-all origin.# = 1 origin.1857972443.custom_header.# = 0 origin.1857972443.custom_origin_config.# = 1 origin.1857972443.custom_origin_config.0.http_port = 80 origin.1857972443.custom_origin_config.0.https_port = 443 origin.1857972443.custom_origin_config.0.origin_keepalive_timeout = 5 origin.1857972443.custom_origin_config.0.origin_protocol_policy = http-only origin.1857972443.custom_origin_config.0.origin_read_timeout = 30 origin.1857972443.custom_origin_config.0.origin_ssl_protocols.# = 2 origin.1857972443.custom_origin_config.0.origin_ssl_protocols.1162609714 = TLSv1 origin.1857972443.custom_origin_config.0.origin_ssl_protocols.2159350162 = SSLv3 origin.1857972443.domain_name = www.example.com origin.1857972443.origin_id = myCustomOrigin origin.1857972443.origin_path = origin.1857972443.s3_origin_config.# = 0 price_class = PriceClass_All restrictions.# = 1 restrictions.0.geo_restriction.# = 1 restrictions.0.geo_restriction.0.locations.# = 4 restrictions.0.geo_restriction.0.locations.3034033770 = DE restrictions.0.geo_restriction.0.locations.3047936762 = US restrictions.0.geo_restriction.0.locations.3589570027 = CA restrictions.0.geo_restriction.0.locations.4191192820 = GB restrictions.0.geo_restriction.0.restriction_type = whitelist retain_on_delete = false status = Deployed tags.% = 0 viewer_certificate.# = 1 viewer_certificate.0.acm_certificate_arn = viewer_certificate.0.cloudfront_default_certificate = true viewer_certificate.0.iam_certificate_id = viewer_certificate.0.minimum_protocol_version = TLSv1 viewer_certificate.0.ssl_support_method = web_acl_id = ``` Output from acceptance testing: ``` --- PASS: TestAccAWSCloudFrontDistribution_Origin_EmptyOriginID (1.04s) --- PASS: TestAccAWSCloudFrontDistribution_Origin_EmptyDomainName (1.12s) --- PASS: TestAccAWSCloudFrontDistribution_orderedCacheBehavior (1082.43s) --- PASS: TestAccAWSCloudFrontDistribution_HTTP11Config (1082.47s) --- PASS: TestAccAWSCloudFrontDistribution_noCustomErrorResponseConfig (1083.16s) --- PASS: TestAccAWSCloudFrontDistribution_noOptionalItemsConfig (1083.56s) --- PASS: TestAccAWSCloudFrontDistribution_S3OriginWithTags (1084.20s) --- PASS: TestAccAWSCloudFrontDistribution_IsIPV6EnabledConfig (1089.11s) --- PASS: TestAccAWSCloudFrontDistribution_S3Origin (1090.38s) --- PASS: TestAccAWSCloudFrontDistribution_customOrigin (1092.54s) --- PASS: TestAccAWSCloudFrontDistribution_multiOrigin (1093.67s) ```
Hi folks 👋 Sorry for the trouble with the The configuration block simplifications and fixes were applied to the resource logic in version 2.0.0 of the Terraform AWS Provider, which will be releasing very shortly. Existing configurations should mostly work as they did previously, but We encourage everyone to file a new GitHub issue once upgraded to version 2.0.0 of the Terraform AWS Provider, should there be any further problems, so we can appropriately triage them. Thanks for your understanding and hope the upgrade is helpful. 😄 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
This issue was originally opened by @billyboingo as hashicorp/terraform#15028. It was migrated here as part of the provider split. The original body of the issue is below.
Terraform Version
0.9.6
Affected Resource(s)
If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
Debug Output
https://gist.github.com/billyboingo/73982918f56eba123fd389113cff4455
Panic Output
Remain calm and carry on.
Expected Behavior
A new cloudfront distribution should have been created with restricted access to an S3 bucket via the origin access identity.
Actual Behavior
It blows up with the provided output.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
Important Factoids
This looks like it could be a regression of the issue referenced below...
References
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:
The text was updated successfully, but these errors were encountered: