Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

provider/heroku: Fix heroku_cert update of ssl cert #14240

Merged
merged 9 commits into from
May 10, 2017

Conversation

wchrisjohnson
Copy link
Contributor

This change fixes #5930
Also:

  • slight refactor of the update method for the sake of logging.
  • beefed up tests around SSL endpoint
  • broke out tests to differentiate EU vs US endpoints.

@bernerdschaefer

@wchrisjohnson wchrisjohnson changed the title Fix heroku_cert update of ssl cert provider/heroku Fix heroku_cert update of ssl cert May 5, 2017
@wchrisjohnson wchrisjohnson changed the title provider/heroku Fix heroku_cert update of ssl cert provider/heroku: Fix heroku_cert update of ssl cert May 5, 2017
if err != nil {
return err
return fmt.Errorf("Error updating SSL endpoint: %s", err)
}

// Store the new ID
d.SetId(ad.ID)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this line isn't changing here, but it caught our eye. Is the ID of the SSL Cert changing? If so, either the private_key or certificate_chain attribute (or both?) should have ForceNew specified and instruct terraform to do a complete destroy and recreate. Updating ID here could result in unexpected behavior (dangling resources), or just undefined behavior, depending on the provider.

The client methods being called, and the underlying PATCH API call, suggests to me the ID is not actually changing and we should remove this line while we are here, if you could.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, that's great feedback. This is my first PR against Terraform, and I'm still learning how it works. I will do some testing and handle this, or come back with additional questions...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@catsby I just verified that the ID is NOT changing between the create and the update, so I will remove this line.

@catsby catsby added the waiting-response An issue/pull request is waiting for a response from the community label May 5, 2017
@wchrisjohnson wchrisjohnson force-pushed the cj-fix-ssl-cert-update branch from c5d78ad to 00d0061 Compare May 6, 2017 01:04
@catsby catsby removed the waiting-response An issue/pull request is waiting for a response from the community label May 8, 2017
@wchrisjohnson
Copy link
Contributor Author

Could someone provide feedback on what, if anything, remaining to be done in order to get this merged?

@catsby
Copy link
Contributor

catsby commented May 9, 2017

Hey @wchrisjohnson – I ran the tests and got the following error:

[pr-14240]$ make testacc TEST=./builtin/providers/heroku TESTARGS="-run=TestAccHerokuCert"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/09 11:20:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/heroku -v -run=TestAccHerokuCert -timeout 120m
=== RUN   TestAccHerokuCert_EU
--- FAIL: TestAccHerokuCert_EU (18.65s)
        testing.go:280: Step 0 error: Error applying: 1 error(s) occurred:

                * heroku_cert.ssl_certificate: 1 error(s) occurred:

                * heroku_cert.ssl_certificate: Error creating SSL endpoint: Post https://api.heroku.com/apps/tftest-jtvdruccq7/ssl-endpoints: Conflict
=== RUN   TestAccHerokuCert_US
--- PASS: TestAccHerokuCert_US (32.36s)
FAIL
exit status 1
FAIL    github.com/hashicorp/terraform/builtin/providers/heroku 51.030s
make: *** [testacc] Error 1

Is that a limitation of my test account?

@catsby catsby added the waiting-response An issue/pull request is waiting for a response from the community label May 9, 2017
@wchrisjohnson
Copy link
Contributor Author

@catsby It works on my end. Try the following:

$ HEROKU_API_KEY=<REDACTED> make testacc TEST=./builtin/providers/heroku TESTARGS="-run=TestAccHerokuCert"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/09 12:55:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/heroku -v -run=TestAccHerokuCert -timeout 120m
=== RUN   TestAccHerokuCert_EU
--- PASS: TestAccHerokuCert_EU (23.20s)
=== RUN   TestAccHerokuCert_US
--- PASS: TestAccHerokuCert_US (20.11s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/heroku	43.333s

@catsby
Copy link
Contributor

catsby commented May 9, 2017

I have all the Heroku things I should need in the environment:

HEROKU_ORGANIZATION=terraform
HEROKU_EMAIL=terraform@...
HEROKU_API_KEY=abc123-redacted

I ran the tests again, strangely I'm getting a different error now, this time with the US SSL, not the EU one:

[pr-14240](4)$ make testacc TEST=./builtin/providers/heroku TESTARGS="-run=TestAccHerokuCert"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/09 16:20:30 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/heroku -v -run=TestAccHerokuCert -timeout 120m
=== RUN   TestAccHerokuCert_EU
--- PASS: TestAccHerokuCert_EU (22.25s)
=== RUN   TestAccHerokuCert_US
--- FAIL: TestAccHerokuCert_US (13.14s)
        testing.go:280: Step 1 error: Error applying: 1 error(s) occurred:

                * heroku_cert.ssl_certificate: 1 error(s) occurred:

                * heroku_cert.ssl_certificate: Error updating SSL endpoint: Patch https://api.heroku.com/apps/tftest-yf43o3l4ph/ssl-endpoints/9609ba7d-9d82-4426-8cf9-fdbbd9464ec5: Could not complete the action. Please try again later.
FAIL
exit status 1
FAIL    github.com/hashicorp/terraform/builtin/providers/heroku 35.422s
make: *** [testacc] Error 1

@catsby
Copy link
Contributor

catsby commented May 9, 2017

I did manage to get them to pass, but the inconsistency is troubling, do you have any thoughts there?

@wchrisjohnson
Copy link
Contributor Author

yeah @catsby I have seen that specific error crop up periodically in my running of the test suite as well. It feels like some sort of race condition, as it doesn't occur consistently. Let me dig into this on my end a bit more.

@catsby
Copy link
Contributor

catsby commented May 10, 2017

@wchrisjohnson thanks! Feel free to ping me if/when you find out 😄

@wchrisjohnson
Copy link
Contributor Author

@catsby I've been talking to some other engineers here at Heroku; there are some upstream conditions where rapid create/update of addon and SSL endpoints can fail, but can safely be retried. We're diagnosing the issue but believe it's unrelated to the changes in the PR.

@catsby catsby removed the waiting-response An issue/pull request is waiting for a response from the community label May 10, 2017
@catsby
Copy link
Contributor

catsby commented May 10, 2017

OK, sounds good 👍

Copy link
Contributor

@catsby catsby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@catsby catsby merged commit d1b5eac into hashicorp:master May 10, 2017
vanstee pushed a commit to vanstee/terraform that referenced this pull request Sep 28, 2017
* Attempt to write a new test for cert update

Trying to surface this bug with a test:
hashicorp#5930

* Fix the error

* Fix the test for the update operation

* Break apart tests for EU vs US to cleanse test run

* Refactor Update to more closely match create, increase debug logging

* Reflect differences of EU and US regions via separate tests

* Add comment re: why of test breakout

* Removed the “SetId” as it was unnecessary

* Ensure the SSL Addon has been provisioned
@ghost
Copy link

ghost commented Apr 12, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Resource heroku_cert - unexpected EOF
3 participants