Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resource/aws_lambda_function: Ignore the VPC configuration if it is empty #1341

Merged
merged 1 commit into from
Sep 6, 2018
Merged

resource/aws_lambda_function: Ignore the VPC configuration if it is empty #1341

merged 1 commit into from
Sep 6, 2018

Conversation

joshuaspence
Copy link
Contributor

@joshuaspence joshuaspence commented Aug 4, 2017

I have a lambda_function module, which supports both EC2 classic and VPC. The problem I have, however, is that there is no way to specify a null configuration for vpc_config. This pull request changes the behavior so that the following Terraform configuration is //ignored//, instead of failing with an error (the current behavior):

resource "aws_lambda_function" "test" {
  # ...

  vpc_config {
    security_group_ids = []
    subnet_ids         = []
  }
}

See also #1187 and #1190.
Fixes #443

@joshuaspence
Copy link
Contributor Author

make testacc TESTARGS='-run=TestAccAWSLambdaFunction_EmptyVpcConfig'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAWSLambdaFunction_EmptyVpcConfig -timeout 120m
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccAWSLambdaFunction_EmptyVpcConfig
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (78.56s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	78.618s

@radeksimko radeksimko added the bug Addresses a defect in current functionality. label Aug 4, 2017
@Ninir Ninir requested a review from radeksimko September 7, 2017 21:00
@johnjelinek
Copy link

ETA on this merge?

@queeno
Copy link

queeno commented Oct 4, 2017

+1

@radeksimko radeksimko added the upstream-terraform Addresses functionality related to the Terraform core binary. label Oct 16, 2017
@radeksimko
Copy link
Member

Hi @joshuaspence
sorry for the delay in reviewing this.

There's an ongoing effort in the core of Terraform to improve the language so we don't need to fix such things on resource-level and can specify nil in the syntax anywhere. This will take time to ship, but I thought it's something that should be mentioned.

I'm ok with patching this locally for the time being, but there's one particular use case which is already broken and needs to be fixed first before we consider this patch. See my example below.

resource "aws_vpc" "main" {
  cidr_block = "10.10.0.0/16"
}

resource "aws_subnet" "test" {
  cidr_block = "10.10.0.0/24"
  vpc_id = "${aws_vpc.main.id}"
}

resource "aws_security_group" "test" {
  vpc_id = "${aws_vpc.main.id}"
  name = "radek-test"
}

resource "aws_lambda_function" "test" {
    filename      = "lambda.zip"
    function_name = "radek-test"
    role          = "${aws_iam_role.iam_for_lambda.arn}"
    handler       = "exports.example"
    runtime       = "nodejs4.3"

    vpc_config {
        subnet_ids         = ["${aws_subnet.test.id}"]
        security_group_ids = ["${aws_security_group.test.id}"]
    }
}

resource "aws_iam_role_policy" "iam_policy_for_lambda" {
    name = "iam_policy_for_lambda_radek"
    role = "${aws_iam_role.iam_for_lambda.id}"
    policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "arn:aws:logs:*:*:*"
        },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CreateNetworkInterface",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DeleteNetworkInterface"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
EOF
}
resource "aws_iam_role" "iam_for_lambda" {
    name = "iam_for_lambda_radek"
    assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

now remove the VPC configuration:

...
    vpc_config {
        subnet_ids         = []
        security_group_ids = []
    }
...

and try terraform apply && terraform plan - it's impossible to remove the VPC configuration.

This is a valid use-case we need to support.

While it wasn't caused by this PR, your PR is likely touching the same codepath and also needs to take this into consideration.

I hope it makes sense.

@radeksimko radeksimko added the waiting-response Maintainers are waiting on response from community or contributor. label Oct 16, 2017
@radeksimko radeksimko removed their request for review October 16, 2017 09:32
@radeksimko radeksimko added the size/M Managed by automation to categorize the size of a PR. label Nov 15, 2017
@mataneine
Copy link

any updates on this? or any workaround?

@grahamlyons
Copy link

grahamlyons commented Dec 20, 2017

@radeksimko, I'm not sure why we need to consider the other bug when merging this pull request. There is an existing bug and it's impossible to remove the VPC config but - as you say - it wasn't caused by this PR.

This config breaks if it is run twice:

resource "aws_lambda_function" "test" {                                            
    filename      = "lambda.zip"                                                   
    function_name = "radek-test"                                                   
    role          = "${aws_iam_role.iam_for_lambda.arn}"                           
    handler       = "index.example"                                                
    runtime       = "nodejs4.3"                                                    
                                                                                   
    vpc_config {                                                                   
        subnet_ids         = []                                                    
        security_group_ids = []                                                    
    }                                                                              
}                                                                                  
                                                                                   
resource "aws_iam_role" "iam_for_lambda" {                                         
    name = "iam_for_lambda_radek"                                                  
    assume_role_policy = <<EOF                                                     
{                                                                                  
  "Version": "2012-10-17",                                                         
  "Statement": [                                                                   
    {                                                                              
      "Action": "sts:AssumeRole",                                                  
      "Principal": {                                                               
        "Service": "lambda.amazonaws.com"                                          
      },                                                                           
      "Effect": "Allow",                                                           
      "Sid": ""                                                                    
    }                                                                              
  ]                                                                                
}                                                                                  
EOF                                                                                
}

Like so:

echo 'exports.example = (event, context)=>(null)' > index.js && zip lambda.zip index.js
terraform apply -auto-approve && terraform apply -auto-approve
...
aws_lambda_function.test: Modifying... (ID: radek-test)
  vpc_config.#: "0" => "1"

Error: Error applying plan:

1 error(s) occurred:

* aws_lambda_function.test: 1 error(s) occurred:

* aws_lambda_function.test: vpc_config is <nil>

Could you explain why this prevents us from merging this pull request?

Edit: I understand now; this pull request now makes the removal failure of the VPC config silent if the lists are empty. I think I'd actually prefer that as it does at least fix the re-running problem.

It doesn't seem like it's possible to remove the VPC config anyway - with the existing provider I get the following error:

aws_security_group.test: Refreshing state... (ID: sg-123456)
aws_iam_role.iam_for_lambda: Refreshing state... (ID: iam_for_lambda_radek)
aws_iam_role_policy.iam_policy_for_lambda: Refreshing state... (ID: iam_for_lambda_radek:iam_policy_for_lambda_radek)
aws_lambda_function.test: Creating...
  arn:                 "" => "<computed>"
  filename:            "" => "lambda.zip"
  function_name:       "" => "radek-test"
  handler:             "" => "index.example"
  invoke_arn:          "" => "<computed>"
  last_modified:       "" => "<computed>"
  memory_size:         "" => "128"
  publish:             "" => "false"
  qualified_arn:       "" => "<computed>"
  role:                "" => "arn:aws:iam::<account_id>:role/iam_for_lambda_radek"
  runtime:             "" => "nodejs4.3"
  source_code_hash:    "" => "<computed>"
  timeout:             "" => "3"
  tracing_config.#:    "" => "<computed>"
  version:             "" => "<computed>"
  vpc_config.#:        "" => "1"
  vpc_config.0.vpc_id: "" => "<computed>"

Error: Error applying plan:

1 error(s) occurred:

* aws_lambda_function.test: 1 error(s) occurred:

* aws_lambda_function.test: Error creating Lambda function: ResourceConflictException: Function already exist: radek-test
        status code: 409, request id: fdab11bb-e648-11e7-9372-ebede17f9d35

Removing the vpc_config block altogether causes a panic in Terraform:

aws_security_group.test: Refreshing state... (ID: sg-123456)
aws_iam_role.iam_for_lambda: Refreshing state... (ID: iam_for_lambda_radek)
aws_lambda_function.test: Refreshing state... (ID: radek-test)
aws_iam_role_policy.iam_policy_for_lambda: Refreshing state... (ID: iam_for_lambda_radek:iam_policy_for_lambda_radek)
aws_lambda_function.test: Modifying... (ID: radek-test)
  vpc_config.#:                             "1" => "0"
  vpc_config.0.security_group_ids.#:        "1" => "0"
  vpc_config.0.security_group_ids.23335267: "sg-123456" => ""
  vpc_config.0.subnet_ids.#:                "1" => "0"
  vpc_config.0.subnet_ids.3928636147:       "subnet-64321" => ""

Error: Error applying plan:

1 error(s) occurred:

* aws_lambda_function.test: 1 error(s) occurred:

* aws_lambda_function.test: unexpected EOF

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.


panic: runtime error: index out of range
2017-12-21T12:21:13.719Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: 
2017-12-21T12:21:13.719Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: goroutine 232 [running]:
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: github.com/terraform-providers/terraform-provider-aws/aws.resourceAwsLambdaFunctionUpdate(0xc420e420e0, 0x2380a00, 0xc4201d3200, 0x0, 0x0)
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4:       /opt/teamcity-agent/work/222ea50a1b4f75f4/src/github.com/terraform-providers/terraform-provider-aws/aws/resource_aws_lambda_function.go:588 +0x3120
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/helper/schema.(*Resource).Apply(0xc420918fc0, 0xc420ab3040, 0xc420afa7c0, 0x2380a00, 0xc4201d3200, 0x1, 0xc420e3a720, 0xc420b4b1d0)
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4:       /opt/teamcity-agent/work/222ea50a1b4f75f4/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/helper/schema/resource.go:233 +0x2ab
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/helper/schema.(*Provider).Apply(0xc4208f2850, 0xc420ab2ff0, 0xc420ab3040, 0xc420afa7c0, 0x7fbe7180e6c8, 0x0, 0x18)
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4:       /opt/teamcity-agent/work/222ea50a1b4f75f4/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/helper/schema/provider.go:283 +0xa4
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/plugin.(*ResourceProviderServer).Apply(0xc420a5bba0, 0xc420afa340, 0xc420662d90, 0x0, 0x0)
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4:       /opt/teamcity-agent/work/222ea50a1b4f75f4/src/github.com/terraform-providers/terraform-provider-aws/vendor/github.com/hashicorp/terraform/plugin/resource_provider.go:527 +0x57
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: reflect.Value.call(0xc4201185a0, 0xc420071218, 0x13, 0x27421dc, 0x4, 0xc420b5df20, 0x3, 0x3, 0x0, 0x0, ...)
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4:       /usr/local/go/src/reflect/value.go:434 +0x906
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: reflect.Value.Call(0xc4201185a0, 0xc420071218, 0x13, 0xc420027f20, 0x3, 0x3, 0xc420b6f7a0, 0xc420027f28, 0xc420499f80)
2017-12-21T12:21:13.720Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4:       /usr/local/go/src/reflect/value.go:302 +0xa4
2017-12-21T12:21:13.721Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: net/rpc.(*service).call(0xc420ae6500, 0xc42016d1d0, 0xc420a46568, 0xc420173b80, 0xc420a740c0, 0x1f362c0, 0xc420afa340, 0x16, 0x1f36300, 0xc420662d90, ...)
2017-12-21T12:21:13.721Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4:       /usr/local/go/src/net/rpc/server.go:381 +0x142
2017-12-21T12:21:13.721Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4: created by net/rpc.(*Server).ServeCodec
2017-12-21T12:21:13.721Z [DEBUG] plugin.terraform-provider-aws_v1.6.0_x4:       /usr/local/go/src/net/rpc/server.go:475 +0x36b
2017/12/21 12:21:13 [TRACE] root: eval: *terraform.EvalWriteState
2017/12/21 12:21:13 [TRACE] root: eval: *terraform.EvalApplyProvisioners
2017/12/21 12:21:13 [TRACE] root: eval: *terraform.EvalIf
2017/12/21 12:21:13 [TRACE] root: eval: *terraform.EvalWriteState
2017/12/21 12:21:13 [TRACE] root: eval: *terraform.EvalWriteDiff
2017/12/21 12:21:13 [TRACE] root: eval: *terraform.EvalApplyPost
2017/12/21 12:21:13 [ERROR] root: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:

* aws_lambda_function.test: unexpected EOF
2017/12/21 12:21:13 [ERROR] root: eval: *terraform.EvalSequence, err: 1 error(s) occurred:

* aws_lambda_function.test: unexpected EOF
2017/12/21 12:21:13 [TRACE] [walkApply] Exiting eval tree: aws_lambda_function.test
2017/12/21 12:21:13 [TRACE] dag/walk: upstream errored, not walking "meta.count-boundary (count boundary fixup)"
2017/12/21 12:21:13 [TRACE] dag/walk: upstream errored, not walking "provider.aws (close)"
2017/12/21 12:21:13 [TRACE] dag/walk: upstream errored, not walking "root"
2017-12-21T12:21:13.724Z [DEBUG] plugin: plugin process exited: path=/home/vagrant/workspace/acuris/tflambdabug/.terraform/plugins/linux_amd64/terraform-provider-aws_v1.6.0_x4
2017/12/21 12:21:13 [TRACE] Preserving existing state lineage "39213a94-8666-4c37-95be-5cc9f3ed183d"
2017/12/21 12:21:13 [TRACE] Preserving existing state lineage "39213a94-8666-4c37-95be-5cc9f3ed183d"
2017/12/21 12:21:13 [TRACE] Preserving existing state lineage "39213a94-8666-4c37-95be-5cc9f3ed183d"
2017/12/21 12:21:13 [TRACE] Preserving existing state lineage "39213a94-8666-4c37-95be-5cc9f3ed183d"
2017/12/21 12:21:13 [DEBUG] plugin: waiting for all plugin processes to complete...
2017-12-21T12:21:13.730Z [WARN ] plugin: error closing client during Kill: err="connection is shut down"



!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.

When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.

[1]: https://github.com/hashicorp/terraform/issues

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

This is already reported in #2509

@radeksimko radeksimko added the service/lambda Issues and PRs that pertain to the lambda service. label Jan 12, 2018
@radeksimko radeksimko changed the title Ignore the VPC configuration for a Lambda function if it is empty resource/aws_lambda_function: Ignore the VPC configuration if it is empty Jan 16, 2018
@mdlavin
Copy link
Contributor

mdlavin commented Jan 19, 2018

We've been using this patch for our terraform deployments at work and it'd very useful. But, today we hit a case of the panic: runtime error: index out of range when trying to remove a Lambda function VPC configuration. Today, I'm going to take this work, rebase it onto master, add a testcase for the VPC removal and then try fixing it.

@mdlavin
Copy link
Contributor

mdlavin commented Jan 22, 2018

I've updated the branch in this PR as described in my last comment and I think I've addressed all the issues. I've added some testcases that used to trigger the panic and fixed that failure. I also made sure that the old non-VPC related tests pass (because they failed after rebasing on master).

My branch is https://github.com/mdlavin/terraform-provider-aws/tree/lambda-empty_vpc_config

@grahamlyons if you want to update your PR branch with my changes, then this PR will get the updates
@radeksimko if you have the ability to change which branch this PR points at that could work too

@bflad bflad removed the waiting-response Maintainers are waiting on response from community or contributor. label Jan 22, 2018
@mdlavin
Copy link
Contributor

mdlavin commented Feb 19, 2018

Is there anything I can do to help this PR get merged? This PR is showing as having merge conflicts, by the branch that I pointed at in the comment from a month ago does not seem to be conflicting. I think that either the original PR owner @grahamlyons or a admin can update the branch on this PR

@grahamlyons
Copy link

@mdlavin, the original owner of this is actually @joshuaspence but I'm flattered that you thought it was me 😊

Perhaps rebasing the upstream master against your branch, @joshuaspence, will resolve the conflicts.

@radeksimko, will that be sufficient to get this merged?

@jarro2783
Copy link

@joshuaspence can you update your PR?

@joshuaspence
Copy link
Contributor Author

Sorry about the silence here, I keep forgetting to come back to this. I'll rebase it now.

I have a `lambda_function` module, which supports both EC2 classic and VPC. The problem I have, however, is that there is no way to specify a null configuration for `vpc_config`. This pull request changes the behavior so that the following Terraform configuration is //ignored//, instead of failing with an error (the current behavior):

```
resource "aws_lambda_function" "test" {
  # ...

  vpc_config {
    security_group_ids = []
    subnet_ids         = []
  }
}
```

See also #1187 and #1190.
@ghost ghost added the size/M Managed by automation to categorize the size of a PR. label Mar 1, 2018
@loivis loivis mentioned this pull request Mar 14, 2018
@loivis
Copy link
Contributor

loivis commented Mar 14, 2018

The issue mentioned by @radeksimko is in PR #3473. We should be able to move forward with both.

@mdlavin
Copy link
Contributor

mdlavin commented Mar 21, 2018

@loivis the changes in this PR address the crash as well, so if this merges then nothing else should be needed.

@radeksimko a fix for this problem has been available for a long time, I've been testing with it since I submitted my branch. Is there any hope of getting it merged in so we can avoid more rebasing?

@cdimitroulas
Copy link

Just commenting here to say that it would be much appreciated if these fixes could get merged and released in the next version as it would be great not to have to use two different modules for VPC and non-VPC lambda functions!

@entropiae
Copy link

Hi there,
sorry to bother, there's an ETA to get this PR merged?

Thx!
Riccardo

@ricoli
Copy link

ricoli commented May 22, 2018

just stumbled into the same issue - anything preventing this from being merged @radeksimko?

@ricoli
Copy link

ricoli commented May 24, 2018

Maybe @bflad?

@ricoli
Copy link

ricoli commented May 30, 2018

sorry to be a pain, but this is a huge must have for a lot of folks, and has been ready for a very long time... ping @bflad

@mdlavin
Copy link
Contributor

mdlavin commented May 31, 2018

To make merging as easy as possible, I've updated my branch to be rebased on master. The branch with fixes is https://github.com/mdlavin/terraform-provider-aws/tree/lambda-empty_vpc_config.

That branch includes both the original fixes and a fix for the problem in #1341 (comment) above too

@joshuaspence
Copy link
Contributor Author

I don't mind rebasing this, I just haven't bothered doing so because it seems that the upstream is not interested in this change.

@mdlavin
Copy link
Contributor

mdlavin commented Jun 1, 2018

I've been disappointed about the lack of interest in this and other PRs in this project too. My attempt at providing a rebased version was only to make it as easy as possible for the change to be accepted. I didn't mean it as a criticism of your work.

One difference between our branches is that yours does not include a fix for #1341 (comment) which was initially listed as a reason not to merge the code. Feel free to cherry pick the fix for that off my branch if you want. If you want to switch this PR to point at my branch instead, I'm happy to pick up the torch of trying to get this merged.

@mdlavin
Copy link
Contributor

mdlavin commented Jun 1, 2018

If anybody is interested in testing out this feature in a patched v1.21.0 version, I've made some Alpine Linux x64 binaries available here: https://github.com/lifeomic/terraform-provider-aws/releases/tag/v1.21.0_patched_5f7d0def

@giuliocalzolari
Copy link

any ETA on merge?
Thanks to @mdlavin I tried the patch! but will be awesome to have in the official repo

@bflad
Copy link
Contributor

bflad commented Sep 5, 2018

The fixes for properly handling aws_lambda_function resource vpc_config removal has been merged into master and will be released with version 1.35.0 of the AWS provider, likely later today. With that out of the way, we can now focus on just this specific issue.

Given that the empty list configuration for security_group_ids and subnet_ids is actually what is required to remove VPC configuration from an existing Lambda function, it seems like we should pull this in as it not only provides the workaround for supporting one module for both VPC and non-VPC functions, but also is a valid configuration.

I'm reviewing this pull request right now and will likely merge this in with one panic prevention fix in a followup commit, which I'll note in my review.

@bflad bflad removed the upstream-terraform Addresses functionality related to the Terraform core binary. label Sep 5, 2018
DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
if v, ok := d.GetOk("vpc_config"); ok {
configs := v.([]interface{})
config, ok := configs[0].(map[string]interface{})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @joshuaspence for submitting this with an acceptance test! This was definitely on the right track.

One note here: to prevent potential panics, we should ensure the length of configs before trying to reference the first element, e.g.

if v, ok := d.GetOk("vpc_config"); ok && len(v.([]interface{})) > 0 {

Style nitpick: Also, we can remove the nesting if return early:

if old != "0" && new != "1" {
  return false
}
v, ok := d.GetOk("vpc_config")
if !ok || len(v.([]interface{})) == 0 {
  return false
}
// other logic :)

I'll be rebasing this PR and applying a followup commit so we can get this released today, rather then making you do any additional work or having this linger further. 👍

@bflad bflad added this to the v1.35.0 milestone Sep 6, 2018
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It turns out there are some very particular nuances when trying to work with DiffSuppressFunc in this complex manner, that was causing failures with the other existing acceptance tests. Landed on this:

				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
					if d.Id() == "" || old == "1" || new == "0" {
						return false
					}

					if d.HasChange("vpc_config.0.security_group_ids") || d.HasChange("vpc_config.0.subnet_ids") {
						return false
					}

					return true
				},

Which passes the new test as well as everything existing. 👍

32 tests passed (all tests)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (15.56s)
--- PASS: TestAccAWSLambdaFunction_importS3 (16.88s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (29.75s)
--- PASS: TestAccAWSLambdaFunction_versioned (34.90s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (34.93s)
--- PASS: TestAccAWSLambdaFunction_s3 (23.64s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile (41.79s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_noRuntime (0.49s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (47.44s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (48.33s)
--- PASS: TestAccAWSLambdaFunction_concurrency (51.13s)
--- PASS: TestAccAWSLambdaFunction_VPC (53.15s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (54.28s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (56.19s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (58.60s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (30.32s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (29.58s)
--- PASS: TestAccAWSLambdaFunction_updateRuntime (69.71s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_nodeJs43 (27.51s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (54.81s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (31.47s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (37.98s)
--- PASS: TestAccAWSLambdaFunction_envVariables (82.18s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python27 (37.28s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (85.83s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python36 (33.66s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java8 (39.17s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (91.22s)
--- PASS: TestAccAWSLambdaFunction_basic (91.89s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (94.38s)
--- PASS: TestAccAWSLambdaFunction_tags (45.34s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (99.08s)

@bflad bflad merged commit b614fc6 into hashicorp:master Sep 6, 2018
bflad added a commit that referenced this pull request Sep 6, 2018
@bflad
Copy link
Contributor

bflad commented Sep 6, 2018

This has been released in version 1.35.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link

ghost commented Apr 3, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. service/lambda Issues and PRs that pertain to the lambda service. size/M Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

aws_lambda_function.vpc_config always detects a change when empty