Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Attempt to get attribute from null value" error #390

Open
1 task
fatmcgav opened this issue Dec 3, 2024 · 5 comments
Open
1 task

"Attempt to get attribute from null value" error #390

fatmcgav opened this issue Dec 3, 2024 · 5 comments

Comments

@fatmcgav
Copy link

fatmcgav commented Dec 3, 2024
edited
Loading

Description

I am attempting to create a wrapper module around this alb module, and as part of this am defining a listeners var which includes a number of object definitions:

variable "listeners" {
  description = "Listeners to attach to ALB. A http-https-redirect-listener will be created automatically if 'enable_http_https_redirect = true'"
  default     = {}

  type = map(object({
    port     = number
    protocol = optional(string, "HTTP")

    # Default behaviours
    fixed_response = optional(object({
      content_type = optional(string, "text/plain")
      message_body = optional(string)
      status_code  = optional(string)
    }))

    forward = optional(object({
      target_groups = list(object({
        name   = optional(string, null)
        weight = optional(number)
      }))
      stickiness = object({
        duration = optional(number)
        enabled  = optional(bool, false)
      })
    }))

    redirect = optional(object({
      host        = optional(string, "#{host}")
      path        = optional(string, "#{path}")
      port        = optional(string, "#{port}")
      protocol    = optional(string, "#{protocol}")
      query       = optional(string, "#{query}")
      status_code = optional(string, "HTTP_301")
    }))

    # Listener rules
    rules = map(object({
      type = optional(string)
      fixed_response = optional(object({
        content_type = optional(string)
        message_body = optional(string)
        status_code  = optional(string)
      }))

      forward = optional(object({
        target_groups = list(object({
          name   = string
          weight = optional(number)
        }))
        stickiness = object({
          duration = number
          enabled  = optional(bool, false)
        })
      }))

      redirect = optional(object({
        host        = optional(string, "#{host}")
        path        = optional(string, "#{path}")
        port        = optional(string, "#{port}")
        protocol    = optional(string, "#{protocol}")
        query       = optional(string, "#{query}")
        status_code = optional(string, "HTTP_301")
      }))
    }))
  }))

  validation {
    condition = alltrue([
      for listener in var.listeners : contains([80, 443], listener.port)
    ])
    error_message = "listener 'port' value should be '80' or '443'"
  }

  validation {
    condition = alltrue([
      for listener in var.listeners : contains(["HTTP", "HTTPS"], listener.protocol)
    ])
    error_message = "listener 'protocol' value should be 'HTTP' or 'HTTPS'"
  }
}

However the plan is failing with:

╷
│ Error: Attempt to get attribute from null value
│
│   on .terraform/modules/alb/main.tf line 203, in resource "aws_lb_listener" "this":
│  203:         status_code = default_action.value.status_code
│     ├────────────────
│     │ default_action.value is null
│
│ This value is null, so it does not have any attributes.
  • ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

  • Module version [Required]: latest

  • Terraform version: 1.5.7

  • Provider version(s): 5.79.0

Reproduction Code [Required]

https://gist.github.com/fatmcgav/82606b5ceef39b92d08398a0b08ec0a4

Steps to reproduce the behavior:

Expected behavior

ALB should be created

Actual behavior

Terraform plan failed

Terminal Output Screenshot(s)

Additional context

Changes in #389 fix the issue
@fatmcgav fatmcgav mentioned this issue Dec 9, 2024
Closed
3 tasks
@bryantbiggs
Copy link
Member

Cross posting from linked PR

You should change your variables in your wrapper to make it work with the existing implementation. I would start with not using null and instead default to an empty list.

@rruenroengYahara
Copy link

rruenroengYahara commented Dec 16, 2024
edited
Loading

Hi @bryantbiggs,
I'm not totally following your suggestion for @fatmcgav . I am running into the same error when trying to setup this module. I have the following implemented as a first pass at getting things set up.

listeners = {
    http-main-example = {
      port     = 80
      protocol = "HTTP"
      forward = {
        target_group_key = "tg-default"
      }
      rules = {
        auth-rule = {
          priority = 1
          actions = [{
            type             = "forward"
            target_group_key = "auth-tg"
          }]
          conditions = [{
            path_pattern = {
              values = ["/auth/*"]
            }
          }]
        }
        secrets-rule = {
          priority = 2
          actions = [{
            type             = "forward"
            target_group_key = "secrets-tg"
          }]
          conditions = [{
            path_pattern = {
              values = ["/secrets/*"]
            }
          }]
        }
      }
    }
  }

What are you suggesting I provide to the module to get it to work?

@bryantbiggs
Copy link
Member

this variable for listeners https://gist.github.com/fatmcgav/82606b5ceef39b92d08398a0b08ec0a4#file-variables-tf-L1-L80

does not match our variable for listeners

terraform-aws-alb/variables.tf

Lines 195 to 199 in 5121d71

variable "listeners" {
description = "Map of listener configurations to create"
type = any
default = {}
}

If you are running into an issue, I would suggest opening a separate issue with steps to reproduce and any error messages/details

@fatmcgav
Copy link
Author

fatmcgav commented Jan 3, 2025

Hey @bryantbiggs

So using an object() was intentional so that we can leverage Terraform's built-in validation, rather than relying on the underlying API requests which will only fail at apply time...

@fatmcgav
Copy link
Author

fatmcgav commented Jan 3, 2025
edited
Loading

OK, so have spent a bit more time experimenting today, and with a typed object variable, I simply can't get the existing code logic to work.

I assert that this is due to try()'s behavior of treating null values as "valid" as they don't throw an error:

try evaluates all of its argument expressions in turn and returns the result of the first one that does not produce any errors.

The above example Gist gives the following output for the var.listeners value:

  + listeners = {
      + http = {
          + fixed_response = {
              + content_type = "text/plain"
              + message_body = null
              + status_code  = "404"
            }
          + forward        = null
          + port           = 80
          + protocol       = "HTTP"
          + redirect       = null
          + rules          = {}
        }
    }

As you can see, forward is null, so rationally I wouldn't expect this code to trigger:

terraform-aws-alb/main.tf

Lines 152 to 160 in 46ec742

dynamic "default_action" {
for_each = try([each.value.forward], [])
content {
order = try(default_action.value.order, null)
target_group_arn = length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null)
type = "forward"
}
}

However it does trigger, and results in the following error:

│ Error: Invalid Attribute Combination
│
│ Either "default_action[1].target_group_arn" or "default_action[1].forward" must be specified when "default_action[1].type" is "forward".
│ default_action[1].type
│
│   with module.alb.aws_lb_listener.this["http"],
│   on .terraform/modules/alb/main.tf line 88, in resource "aws_lb_listener" "this":88: resource "aws_lb_listener" "this" {
│
╵

Note that it's index 1 in the default_action dynamic block, as the fixed_response default_action is populated before -

terraform-aws-alb/main.tf

Lines 137 to 150 in 46ec742

dynamic "default_action" {
for_each = try([each.value.fixed_response], [])
content {
fixed_response {
content_type = default_action.value.content_type
message_body = try(default_action.value.message_body, null)
status_code = try(default_action.value.status_code, null)
}
order = try(default_action.value.order, null)
type = "fixed-response"
}
}

I also tried setting up "default" values for the fields within the forward default_action block, but that still fails with the above error...

Changes to Outputs:
  + listeners = {
      + http = {
          + fixed_response = {
              + content_type = "text/plain"
              + message_body = null
              + status_code  = "404"
            }
          + forward        = {
              + stickiness    = {
                  + duration = null
                  + enabled  = false
                }
              + target_groups = []
            }
          + port           = 80
          + protocol       = "HTTP"
          + redirect       = {
              + host        = "#{host}"
              + path        = "#{path}"
              + port        = "#{port}"
              + protocol    = "#{protocol}"
              + query       = "#{query}"
              + status_code = "HTTP_301"
            }
          + rules          = {}
        }
    }
╷
│ Error: Invalid Attribute Combination
│
│ Either "default_action[1].target_group_arn" or "default_action[1].forward" must be specified when "default_action[1].type" is "forward".
│ default_action[1].type
│
│   with module.alb.aws_lb_listener.this["http"],
│   on .terraform/modules/alb/main.tf line 88, in resource "aws_lb_listener" "this":88: resource "aws_lb_listener" "this" {
│

If I switch to the changes proposed in #389 , then the plan succeeds, and the following ALB resources would be created:

  # module.alb.aws_lb.this[0] will be created
  + resource "aws_lb" "this" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = (known after apply)
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "alb-null-error"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                                                     = {
          + "terraform-aws-modules" = "alb"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + timeouts {}
    }

  # module.alb.aws_lb_listener.this["http"] will be created
  + resource "aws_lb_listener" "this" {
      + arn                      = (known after apply)
      + id                       = (known after apply)
      + load_balancer_arn        = (known after apply)
      + port                     = 80
      + protocol                 = "HTTP"
      + ssl_policy               = (known after apply)
      + tags                     = {
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                 = {
          + "terraform-aws-modules" = "alb"
        }
      + tcp_idle_timeout_seconds = (known after apply)

      + default_action {
          + order = (known after apply)
          + type  = "fixed-response"

          + fixed_response {
              + content_type = "text/plain"
              + status_code  = "404"
            }
        }
    }

As you can see, the correct singular default_action is being applied.

Based on the above, I would ask you to reconsider your stance on the changes from #389 as I believe they are a safe and useful improvement to the current behaviour.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Replace try() with can(coalesce()) to better handle null values fatmcgav/terraform-aws-alb
3 participants
@fatmcgav @bryantbiggs @rruenroengYahara