From de13281ee6b2d1500790a4505e58bf29e1c354f3 Mon Sep 17 00:00:00 2001 From: Paul Hinze Date: Wed, 27 Apr 2016 07:10:40 -0500 Subject: [PATCH] provider/aws: fix potential aws_route crash (#6338) The "find route in table" helper code was not properly handling routes with no destination CIDR block - like vpc_endpoint routes - so if one of those routes would come up before the target route in the loop, we'd get a crash. Fixes #6337 --- builtin/providers/aws/resource_aws_route.go | 2 +- .../providers/aws/resource_aws_route_test.go | 47 +++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/builtin/providers/aws/resource_aws_route.go b/builtin/providers/aws/resource_aws_route.go index da4e3a310..f6e0a8589 100644 --- a/builtin/providers/aws/resource_aws_route.go +++ b/builtin/providers/aws/resource_aws_route.go @@ -375,7 +375,7 @@ func findResourceRoute(conn *ec2.EC2, rtbid string, cidr string) (*ec2.Route, er } for _, route := range (*resp.RouteTables[0]).Routes { - if *route.DestinationCidrBlock == cidr { + if route.DestinationCidrBlock != nil && *route.DestinationCidrBlock == cidr { return route, nil } } diff --git a/builtin/providers/aws/resource_aws_route_test.go b/builtin/providers/aws/resource_aws_route_test.go index a63d91acb..cf0ef0781 100644 --- a/builtin/providers/aws/resource_aws_route_test.go +++ b/builtin/providers/aws/resource_aws_route_test.go @@ -158,6 +158,24 @@ func TestAccAWSRoute_noopdiff(t *testing.T) { }) } +func TestAccAWSRoute_doesNotCrashWithVPCEndpoint(t *testing.T) { + var route ec2.Route + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSRouteDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSRouteWithVPCEndpoint, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSRouteExists("aws_route.bar", &route), + ), + }, + }, + }) +} + // Acceptance test if mixed inline and external routes are implemented /* func TestAccAWSRoute_mix(t *testing.T) { @@ -365,3 +383,32 @@ resource "aws_instance" "nat" { subnet_id = "${aws_subnet.test.id}" } `) + +var testAccAWSRouteWithVPCEndpoint = fmt.Sprint(` +resource "aws_vpc" "foo" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_internet_gateway" "foo" { + vpc_id = "${aws_vpc.foo.id}" +} + +resource "aws_route_table" "foo" { + vpc_id = "${aws_vpc.foo.id}" +} + +resource "aws_route" "bar" { + route_table_id = "${aws_route_table.foo.id}" + destination_cidr_block = "10.3.0.0/16" + gateway_id = "${aws_internet_gateway.foo.id}" + + # Forcing endpoint to create before route - without this the crash is a race. + depends_on = ["aws_vpc_endpoint.baz"] +} + +resource "aws_vpc_endpoint" "baz" { + vpc_id = "${aws_vpc.foo.id}" + service_name = "com.amazonaws.us-west-2.s3" + route_table_ids = ["${aws_route_table.foo.id}"] +} +`)