provider/aws: Fixes terraform crash when lambda VpcId is nil

[Bowbaq]

@vincer @radeksimko @jen20 apparently, with existing lambdas (created before VPC support), VpcId can be nil, which causes terraform to panic.

Extract from crash.log

2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: panic: runtime error: invalid memory address or nil pointer dereference
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: [signal 0xb code=0x1 addr=0x0 pc=0x249c26]
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: 
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: goroutine 775 [running]:
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: github.com/hashicorp/terraform/builtin/providers/aws.flattenLambdaVpcConfigResponse(0xc8203de7c0, 0x0, 0x0, 0x0)
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /Users/bowbaq/Dropbox/Dev/go/src/github.com/hashicorp/terraform/builtin/providers/aws/structure.go:693 +0x336
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: github.com/hashicorp/terraform/builtin/providers/aws.resourceAwsLambdaFunctionRead(0xc8207d6540, 0xa30a80, 0xc820416000, 0x0, 0x0)
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /Users/bowbaq/Dropbox/Dev/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_lambda_function.go:264 +0x596
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: github.com/hashicorp/terraform/helper/schema.(*Resource).Refresh(0xc82059b600, 0xc8207e8990, 0xa30a80, 0xc820416000, 0xc820079d88, 0x0, 0x0)
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /Users/bowbaq/Dropbox/Dev/go/src/github.com/hashicorp/terraform/helper/schema/resource.go:209 +0x430
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: github.com/hashicorp/terraform/helper/schema.(*Provider).Refresh(0xc820425a40, 0xc820693580, 0xc8207e8990, 0x201, 0x0, 0x0)
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /Users/bowbaq/Dropbox/Dev/go/src/github.com/hashicorp/terraform/helper/schema/provider.go:187 +0x1da
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: github.com/hashicorp/terraform/rpc.(*ResourceProviderServer).Refresh(0xc820578be0, 0xc82058e340, 0xc82058e910, 0x0, 0x0)
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /Users/bowbaq/Dropbox/Dev/go/src/github.com/hashicorp/terraform/rpc/resource_provider.go:345 +0x6a
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: reflect.Value.call(0xc6cfc0, 0xf33000, 0x13, 0xfd98f0, 0x4, 0xc820391ee8, 0x3, 0x3, 0x0, 0x0, ...)
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /usr/local/Cellar/go/1.5.3/libexec/src/reflect/value.go:432 +0x120a
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: reflect.Value.Call(0xc6cfc0, 0xf33000, 0x13, 0xc820391ee8, 0x3, 0x3, 0x0, 0x0, 0x0)
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /usr/local/Cellar/go/1.5.3/libexec/src/reflect/value.go:300 +0xb1
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: net/rpc.(*service).call(0xc820562d00, 0xc820562cc0, 0xc820594840, 0xc820242200, 0xc8203562e0, 0xa31bc0, 0xc82058e340, 0x16, 0xa31c20, 0xc82058e910, ...)
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /usr/local/Cellar/go/1.5.3/libexec/src/net/rpc/server.go:383 +0x1c1
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws: created by net/rpc.(*Server).ServeCodec
2016/02/17 19:47:26 [DEBUG] terraform-provider-aws:     /usr/local/Cellar/go/1.5.3/libexec/src/net/rpc/server.go:477 +0x4ac

[Bowbaq]

Turns out the problem is more general that I originally thought. It seems that the VPC config can be in three different states: non-existent, empty, or set. It transitions from non-existent to empty if somebody fiddles with it in the console afaict. For our purposes, empty is equivalent to non-existent.

[radeksimko]

Thanks for finding this!

The test failure in Travis is unrelated to this PR.

Is there any possible way we can test this bugfix? (i.e. add an acceptance test for it)

[Bowbaq]

Quick update on this:

• I can't figure out how to recreate this behavior using the api, but given an existing lambda with a VPC configuration, resetting to "No VPC" in the console triggers this

• resourceAwsLambdaFunctionUpdate doesn't do anything, is that expected?

• is there a recommended way to validate Sets? Right now it's possible to specify a vpc_config like so:

  resource "aws_lambda_function" "lambda_function_test" {
  filename = "test-fixtures/lambdatest.zip"
  function_name = "example_lambda_name"
  role = "${aws_iam_role.iam_for_lambda.arn}"
  handler = "exports.example"
  
  vpc_config = {
      subnet_ids = []
      security_group_ids = []
  }
  }
  

  This crashes terraform. How do we catch this?

[Bowbaq]

Well, I tried to harden this as best I could. There is still a failure case if the vpc_config gets changed from something valid to something invalid, it only fails during apply.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.