Terraform panics on calculating diffs for route tables containing S3 VPC endpoint routes.

[ojongerius]

Running Terraform in planning mode for route tables with S3 VPC endpoint routes result in a panic.

We started seeing consistent panics after configuring S3 VPC endpoints. Investigation showed that routes tables will contain lack a routes that lack DestinationCidrBlock. -They typically include Origin, Stage, GatewayId and DestinationCidrBlock.

Snippet of logging output during panic:

build   20-May-2015 06:45:26    Error refreshing state: 21 error(s) occurred:
build   20-May-2015 06:45:26    
build   20-May-2015 06:45:26    * 1 error(s) occurred:
build   20-May-2015 06:45:26    
build   20-May-2015 06:45:26    * unexpected EOF
build   20-May-2015 06:45:26    * connection is shut down
build   20-May-2015 06:45:26    * 1 error(s) occurred:
<SNIP>
build   20-May-2015 06:45:26    
build   20-May-2015 06:45:26    panic: interface conversion: interface is nil, not string
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws: 
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws: goroutine 275 [running]:
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws: github.com/hashicorp/terraform/builtin/providers/aws.resourceAwsRouteTableHash(0x86ca80, 0xc20808a5d0, 0x4c0000000040cb89)
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws:     /Users/mitchellh/code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_route_table.go:278 +0xf0
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws: github.com/hashicorp/terraform/helper/schema.(*Set).add(0xc20810b780, 0x86ca80, 0xc20808a5d0, 0xc208381760)
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws:     /Users/mitchellh/code/go/src/github.com/hashicorp/terraform/helper/schema/set.go:125 +0x9a
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws: github.com/hashicorp/terraform/helper/schema.(*Set).Add(0xc20810b780, 0x86ca80, 0xc20808a5d0)
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws:     /Users/mitchellh/code/go/src/github.com/hashicorp/terraform/helper/schema/set.go:32 +0x3c
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws: github.com/hashicorp/terraform/builtin/providers/aws.resourceAwsRouteTableRead(0xc2082cf5c0, 0x846900, 0xc208044dc0, 0x0, 0x0)
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws:     /Users/mitchellh/code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_route_table.go:145 +0x7c6
build   20-May-2015 06:45:26    2015/05/20 06:45:25 terraform-provider-aws: github.com/hashicorp/terraform/helper/schema.(*Resource).Refresh(0xc2080c1680, 0xc2082c30b0, 0x846900, 0xc208044dc0, 0xc2080c74b0, 0x0, 0x0)

An S3 VPC endpoint route (from awscli) shows:

           "Routes": [
            <SNIP>                    
            {
                    "GatewayId": "vpce-b3cd28da",
                    "Origin": "CreateRoute",
                    "State": "active"
                },
            <SNIP> 

[mahileeb]

Which version will this be fixed in? It's still open and not in the changelog but looks like it's been fixed? I'm currently getting the same stacktrace running destroy using 0.5.3

[mitchellh]

Do you have a sample config to trigger this? I'd like to fix it but can't repro it.

[ojongerius]

Missed this comment. I'll see if I can whip up a sample config and reproduce this one tomorrow morning (CET).

[ojongerius]

Example config:

variable "access_key" {}
variable "secret_key" {}
variable "region" { default = "us-east-1" }

variable "vpc" {
  default = {
    id = "vpc-123"
  }
}

provider "aws" {
    access_key = "${var.access_key}"
    secret_key = "${var.secret_key}"
    region = "${var.region}"
}

resource "aws_route_table" "test-rt" {
    vpc_id = "${var.vpc.id}"
}

Reproduce:

• Create the route table with terraform apply
• Create a VPC endpoint via the console or aws-cli
• Configure the route table in the VPC endpoint via console or aws-cli
• Terraform plan will show the intention to remove the VPCE route
• Terraform apply: I've seen Terraform panic (pre 0.6), Terraform 0.6 does not panic, but throws the error shown below.

aws_route_table.test-rt: Modifying...
  route.#:                                    "1" => "0"
  route.3977528567.cidr_block:                "" => ""
  route.3977528567.gateway_id:                "vpce-123" => ""
  route.3977528567.instance_id:               "" => ""
  route.3977528567.network_interface_id:      "" => ""
  route.3977528567.vpc_peering_connection_id: "" => ""
aws_route_table.test-bamboo_private_rt: Error: 1 error(s) occurred:

* InvalidParameterValue: Value () for parameter destinationCidrBlock is invalid. This is not a valid CIDR block.
    status code: 400, request id: []

We run Terraform with PR-2064 which has been working fine for us.

[radeksimko]

#2695 has been just merged. Fix will be part of the next release (0.6.1).

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.