Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws_cloudfront_distribution: IllegalUpdate test #33578

Merged
merged 10 commits into from
Sep 27, 2023

Conversation

YakDriver
Copy link
Member

@YakDriver YakDriver commented Sep 21, 2023

Description

There is a careful delicate dance between a production aws_cloudfront_distribution, an aws_clouldfront_continuous_deployment_policy, and a staging aws_cloudfront_distribution. The AWS Console ("AWS Internal") does a lot for you in this regard. This fix brings in some of this functionality to allow continous deployments to be cleanly created and destroyed using Terraform.

This PR addresses two specific issues, in addition to cleanup and logic clarification:

  1. The API updates a CloudFront resource's etag with every change to the resource. If you're doing multiple changes as part of deleting or updating, you'll get a new etag at each step. It's important to include the latest with each operation or you'll get Precondition Failed (or potentially Invalid MatchIf Version) errors.
  2. When working with staging and production aws_cloudfront_distributions, you need to include the continuous deployment policy ID with each API call or you'll get an IllegalUpdate trying to update.

In order to delete everything associated with a staging aws_cloudfront_distribution linked by an aws_cloudfront_continuous_deployment_policy to a production aws_cloudfront_distribution, you need to do everything very precisely.

The acyclic dependency graph looks something like this:
production distribution ➡️ continuous deployment policy ➡️ staging distribution.

The steps to delete the resources are roughly as follows (order is crucial):

  1. Get the new continuous deployment policy etag
  2. Disable the continuous deployment policy
  3. Get the new production distribution etag
  4. Disable the production distribution
  5. Wait for deployment
  6. Get the new production distribution etag
  7. Delete the production distribution
  8. Get the new continuous deployment policy etag
  9. Delete the continous deployment policy
  10. Get the new staging distribution etag
  11. Disable the staging distribution
  12. Wait for deployment
  13. Get the new staging distribution etag
  14. Delete the staging distribution

Relations

Closes #33338
Closes #33575

References

Output from Acceptance Testing

% make t T=TestAccCloudFrontContinuousDeploymentPolicy_ K=cloudfront P=4
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/cloudfront/... -v -count 1 -parallel 4 -run='TestAccCloudFrontContinuousDeploymentPolicy_'  -timeout 360m
=== RUN   TestAccCloudFrontContinuousDeploymentPolicy_basic
=== PAUSE TestAccCloudFrontContinuousDeploymentPolicy_basic
=== RUN   TestAccCloudFrontContinuousDeploymentPolicy_disappears
=== PAUSE TestAccCloudFrontContinuousDeploymentPolicy_disappears
=== RUN   TestAccCloudFrontContinuousDeploymentPolicy_trafficConfig
=== PAUSE TestAccCloudFrontContinuousDeploymentPolicy_trafficConfig
=== RUN   TestAccCloudFrontContinuousDeploymentPolicy_domainChange
=== PAUSE TestAccCloudFrontContinuousDeploymentPolicy_domainChange
=== CONT  TestAccCloudFrontContinuousDeploymentPolicy_basic
=== CONT  TestAccCloudFrontContinuousDeploymentPolicy_trafficConfig
=== CONT  TestAccCloudFrontContinuousDeploymentPolicy_disappears
=== CONT  TestAccCloudFrontContinuousDeploymentPolicy_domainChange
--- PASS: TestAccCloudFrontContinuousDeploymentPolicy_disappears (1297.70s)
--- PASS: TestAccCloudFrontContinuousDeploymentPolicy_basic (2596.16s)
--- PASS: TestAccCloudFrontContinuousDeploymentPolicy_trafficConfig (2639.61s)
--- PASS: TestAccCloudFrontContinuousDeploymentPolicy_domainChange (3017.79s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/cloudfront	3019.747s
% make t T=TestAccCloudFrontDistribution_ K=cloudfront P=8
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/cloudfront/... -v -count 1 -parallel 8 -run='TestAccCloudFrontDistribution_'  -timeout 360m
=== RUN   TestAccCloudFrontDistribution_basic
=== PAUSE TestAccCloudFrontDistribution_basic
=== RUN   TestAccCloudFrontDistribution_disappears
=== PAUSE TestAccCloudFrontDistribution_disappears
=== RUN   TestAccCloudFrontDistribution_tags
=== PAUSE TestAccCloudFrontDistribution_tags
=== RUN   TestAccCloudFrontDistribution_s3Origin
=== PAUSE TestAccCloudFrontDistribution_s3Origin
=== RUN   TestAccCloudFrontDistribution_customOrigin
=== PAUSE TestAccCloudFrontDistribution_customOrigin
=== RUN   TestAccCloudFrontDistribution_originPolicyDefault
=== PAUSE TestAccCloudFrontDistribution_originPolicyDefault
=== RUN   TestAccCloudFrontDistribution_originPolicyOrdered
=== PAUSE TestAccCloudFrontDistribution_originPolicyOrdered
=== RUN   TestAccCloudFrontDistribution_multiOrigin
=== PAUSE TestAccCloudFrontDistribution_multiOrigin
=== RUN   TestAccCloudFrontDistribution_orderedCacheBehavior
=== PAUSE TestAccCloudFrontDistribution_orderedCacheBehavior
=== RUN   TestAccCloudFrontDistribution_orderedCacheBehaviorCachePolicy
=== PAUSE TestAccCloudFrontDistribution_orderedCacheBehaviorCachePolicy
=== RUN   TestAccCloudFrontDistribution_orderedCacheBehaviorResponseHeadersPolicy
=== PAUSE TestAccCloudFrontDistribution_orderedCacheBehaviorResponseHeadersPolicy
=== RUN   TestAccCloudFrontDistribution_forwardedValuesToCachePolicy
=== PAUSE TestAccCloudFrontDistribution_forwardedValuesToCachePolicy
=== RUN   TestAccCloudFrontDistribution_Origin_emptyDomainName
=== PAUSE TestAccCloudFrontDistribution_Origin_emptyDomainName
=== RUN   TestAccCloudFrontDistribution_Origin_emptyOriginID
=== PAUSE TestAccCloudFrontDistribution_Origin_emptyOriginID
=== RUN   TestAccCloudFrontDistribution_Origin_connectionAttempts
=== PAUSE TestAccCloudFrontDistribution_Origin_connectionAttempts
=== RUN   TestAccCloudFrontDistribution_Origin_connectionTimeout
=== PAUSE TestAccCloudFrontDistribution_Origin_connectionTimeout
=== RUN   TestAccCloudFrontDistribution_Origin_originShield
=== PAUSE TestAccCloudFrontDistribution_Origin_originShield
=== RUN   TestAccCloudFrontDistribution_Origin_originAccessControl
=== PAUSE TestAccCloudFrontDistribution_Origin_originAccessControl
=== RUN   TestAccCloudFrontDistribution_noOptionalItems
=== PAUSE TestAccCloudFrontDistribution_noOptionalItems
=== RUN   TestAccCloudFrontDistribution_http11
=== PAUSE TestAccCloudFrontDistribution_http11
=== RUN   TestAccCloudFrontDistribution_isIPV6Enabled
=== PAUSE TestAccCloudFrontDistribution_isIPV6Enabled
=== RUN   TestAccCloudFrontDistribution_noCustomErrorResponse
=== PAUSE TestAccCloudFrontDistribution_noCustomErrorResponse
=== RUN   TestAccCloudFrontDistribution_DefaultCacheBehaviorForwardedValuesCookies_whitelistedNames
=== PAUSE TestAccCloudFrontDistribution_DefaultCacheBehaviorForwardedValuesCookies_whitelistedNames
=== RUN   TestAccCloudFrontDistribution_DefaultCacheBehaviorForwardedValues_headers
=== PAUSE TestAccCloudFrontDistribution_DefaultCacheBehaviorForwardedValues_headers
=== RUN   TestAccCloudFrontDistribution_DefaultCacheBehavior_trustedKeyGroups
=== PAUSE TestAccCloudFrontDistribution_DefaultCacheBehavior_trustedKeyGroups
=== RUN   TestAccCloudFrontDistribution_DefaultCacheBehavior_trustedSigners
=== PAUSE TestAccCloudFrontDistribution_DefaultCacheBehavior_trustedSigners
=== RUN   TestAccCloudFrontDistribution_DefaultCacheBehavior_realtimeLogARN
=== PAUSE TestAccCloudFrontDistribution_DefaultCacheBehavior_realtimeLogARN
=== RUN   TestAccCloudFrontDistribution_OrderedCacheBehavior_realtimeLogARN
=== PAUSE TestAccCloudFrontDistribution_OrderedCacheBehavior_realtimeLogARN
=== RUN   TestAccCloudFrontDistribution_enabled
=== PAUSE TestAccCloudFrontDistribution_enabled
=== RUN   TestAccCloudFrontDistribution_retainOnDelete
=== PAUSE TestAccCloudFrontDistribution_retainOnDelete
=== RUN   TestAccCloudFrontDistribution_OrderedCacheBehaviorForwardedValuesCookies_whitelistedNames
=== PAUSE TestAccCloudFrontDistribution_OrderedCacheBehaviorForwardedValuesCookies_whitelistedNames
=== RUN   TestAccCloudFrontDistribution_OrderedCacheBehaviorForwardedValues_headers
=== PAUSE TestAccCloudFrontDistribution_OrderedCacheBehaviorForwardedValues_headers
=== RUN   TestAccCloudFrontDistribution_ViewerCertificate_acmCertificateARN
=== PAUSE TestAccCloudFrontDistribution_ViewerCertificate_acmCertificateARN
=== RUN   TestAccCloudFrontDistribution_ViewerCertificateACMCertificateARN_conflictsWithCloudFrontDefaultCertificate
=== PAUSE TestAccCloudFrontDistribution_ViewerCertificateACMCertificateARN_conflictsWithCloudFrontDefaultCertificate
=== RUN   TestAccCloudFrontDistribution_waitForDeployment
=== PAUSE TestAccCloudFrontDistribution_waitForDeployment
=== RUN   TestAccCloudFrontDistribution_preconditionFailed
=== PAUSE TestAccCloudFrontDistribution_preconditionFailed
=== RUN   TestAccCloudFrontDistribution_originGroups
=== PAUSE TestAccCloudFrontDistribution_originGroups
=== CONT  TestAccCloudFrontDistribution_basic
=== CONT  TestAccCloudFrontDistribution_http11
=== CONT  TestAccCloudFrontDistribution_orderedCacheBehaviorResponseHeadersPolicy
=== CONT  TestAccCloudFrontDistribution_originPolicyDefault
=== CONT  TestAccCloudFrontDistribution_s3Origin
=== CONT  TestAccCloudFrontDistribution_enabled
=== CONT  TestAccCloudFrontDistribution_OrderedCacheBehavior_realtimeLogARN
=== CONT  TestAccCloudFrontDistribution_customOrigin
--- PASS: TestAccCloudFrontDistribution_OrderedCacheBehavior_realtimeLogARN (658.70s)
=== CONT  TestAccCloudFrontDistribution_DefaultCacheBehavior_realtimeLogARN
--- PASS: TestAccCloudFrontDistribution_basic (691.38s)
=== CONT  TestAccCloudFrontDistribution_DefaultCacheBehavior_trustedSigners
--- PASS: TestAccCloudFrontDistribution_http11 (1253.58s)
=== CONT  TestAccCloudFrontDistribution_DefaultCacheBehavior_trustedKeyGroups
--- PASS: TestAccCloudFrontDistribution_customOrigin (1255.49s)
=== CONT  TestAccCloudFrontDistribution_DefaultCacheBehaviorForwardedValues_headers
--- PASS: TestAccCloudFrontDistribution_orderedCacheBehaviorResponseHeadersPolicy (1285.92s)
=== CONT  TestAccCloudFrontDistribution_DefaultCacheBehaviorForwardedValuesCookies_whitelistedNames
--- PASS: TestAccCloudFrontDistribution_originPolicyDefault (1332.40s)
=== CONT  TestAccCloudFrontDistribution_noCustomErrorResponse
--- PASS: TestAccCloudFrontDistribution_DefaultCacheBehavior_trustedSigners (641.53s)
=== CONT  TestAccCloudFrontDistribution_isIPV6Enabled
--- PASS: TestAccCloudFrontDistribution_s3Origin (1334.20s)
=== CONT  TestAccCloudFrontDistribution_Origin_emptyOriginID
--- PASS: TestAccCloudFrontDistribution_Origin_emptyOriginID (1.55s)
=== CONT  TestAccCloudFrontDistribution_Origin_connectionAttempts
--- PASS: TestAccCloudFrontDistribution_DefaultCacheBehavior_realtimeLogARN (684.14s)
=== CONT  TestAccCloudFrontDistribution_Origin_emptyDomainName
--- PASS: TestAccCloudFrontDistribution_Origin_emptyDomainName (1.39s)
=== CONT  TestAccCloudFrontDistribution_tags
--- PASS: TestAccCloudFrontDistribution_enabled (1827.21s)
=== CONT  TestAccCloudFrontDistribution_forwardedValuesToCachePolicy
--- PASS: TestAccCloudFrontDistribution_DefaultCacheBehavior_trustedKeyGroups (640.86s)
=== CONT  TestAccCloudFrontDistribution_Origin_originAccessControl
--- PASS: TestAccCloudFrontDistribution_DefaultCacheBehaviorForwardedValues_headers (688.92s)
=== CONT  TestAccCloudFrontDistribution_Origin_originShield
--- PASS: TestAccCloudFrontDistribution_DefaultCacheBehaviorForwardedValuesCookies_whitelistedNames (667.53s)
=== CONT  TestAccCloudFrontDistribution_noOptionalItems
--- PASS: TestAccCloudFrontDistribution_tags (774.26s)
=== CONT  TestAccCloudFrontDistribution_ViewerCertificateACMCertificateARN_conflictsWithCloudFrontDefaultCertificate
--- PASS: TestAccCloudFrontDistribution_noCustomErrorResponse (1152.26s)
=== CONT  TestAccCloudFrontDistribution_Origin_connectionTimeout
--- PASS: TestAccCloudFrontDistribution_isIPV6Enabled (1154.24s)
=== CONT  TestAccCloudFrontDistribution_orderedCacheBehavior
--- PASS: TestAccCloudFrontDistribution_Origin_connectionAttempts (1209.45s)
=== CONT  TestAccCloudFrontDistribution_preconditionFailed
--- PASS: TestAccCloudFrontDistribution_ViewerCertificateACMCertificateARN_conflictsWithCloudFrontDefaultCertificate (584.73s)
=== CONT  TestAccCloudFrontDistribution_disappears
--- PASS: TestAccCloudFrontDistribution_noOptionalItems (1043.16s)
=== CONT  TestAccCloudFrontDistribution_originGroups
--- PASS: TestAccCloudFrontDistribution_Origin_originShield (1111.23s)
=== CONT  TestAccCloudFrontDistribution_waitForDeployment
--- PASS: TestAccCloudFrontDistribution_disappears (583.00s)
=== CONT  TestAccCloudFrontDistribution_orderedCacheBehaviorCachePolicy
--- PASS: TestAccCloudFrontDistribution_forwardedValuesToCachePolicy (1636.86s)
=== CONT  TestAccCloudFrontDistribution_originPolicyOrdered
--- PASS: TestAccCloudFrontDistribution_Origin_originAccessControl (1674.69s)
=== CONT  TestAccCloudFrontDistribution_OrderedCacheBehaviorForwardedValues_headers
--- PASS: TestAccCloudFrontDistribution_orderedCacheBehavior (1141.04s)
=== CONT  TestAccCloudFrontDistribution_OrderedCacheBehaviorForwardedValuesCookies_whitelistedNames
--- PASS: TestAccCloudFrontDistribution_Origin_connectionTimeout (1146.76s)
=== CONT  TestAccCloudFrontDistribution_ViewerCertificate_acmCertificateARN
--- PASS: TestAccCloudFrontDistribution_OrderedCacheBehaviorForwardedValues_headers (668.66s)
=== CONT  TestAccCloudFrontDistribution_retainOnDelete
--- PASS: TestAccCloudFrontDistribution_waitForDeployment (1247.34s)
=== CONT  TestAccCloudFrontDistribution_multiOrigin
--- PASS: TestAccCloudFrontDistribution_originGroups (1364.38s)
--- PASS: TestAccCloudFrontDistribution_OrderedCacheBehaviorForwardedValuesCookies_whitelistedNames (736.06s)
--- PASS: TestAccCloudFrontDistribution_preconditionFailed (1820.71s)
--- PASS: TestAccCloudFrontDistribution_ViewerCertificate_acmCertificateARN (739.10s)
--- PASS: TestAccCloudFrontDistribution_orderedCacheBehaviorCachePolicy (1197.15s)
--- PASS: TestAccCloudFrontDistribution_originPolicyOrdered (1203.28s)
--- PASS: TestAccCloudFrontDistribution_retainOnDelete (1220.12s)
--- PASS: TestAccCloudFrontDistribution_multiOrigin (1212.59s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/cloudfront	5517.950s

@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added size/L Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/cloudfront Issues and PRs that pertain to the cloudfront service. labels Sep 21, 2023
@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Sep 21, 2023
@YakDriver YakDriver force-pushed the b-cloudfront-distribution-illegalupdate branch from 599fc87 to be621af Compare September 27, 2023 01:16
@github-actions github-actions bot added sweeper Pertains to changes to or issues with the sweeper. size/XL Managed by automation to categorize the size of a PR. and removed size/L Managed by automation to categorize the size of a PR. labels Sep 27, 2023
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

@github-actions github-actions bot added the documentation Introduces or discusses updates to documentation. label Sep 27, 2023
@YakDriver YakDriver merged commit 0b98841 into main Sep 27, 2023
67 checks passed
@YakDriver YakDriver deleted the b-cloudfront-distribution-illegalupdate branch September 27, 2023 18:34
@github-actions github-actions bot added this to the v5.19.0 milestone Sep 27, 2023
@github-actions
Copy link

This functionality has been released in v5.19.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 29, 2023
@justinretzolk justinretzolk added the bug Addresses a defect in current functionality. label Feb 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. documentation Introduces or discusses updates to documentation. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. service/cloudfront Issues and PRs that pertain to the cloudfront service. size/XL Managed by automation to categorize the size of a PR. sweeper Pertains to changes to or issues with the sweeper. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
3 participants