resource/aws_cloudfront_distribution: Remove viewer_certificate configuration block argument ConflictsWith usage and fix various related issues with deployment timing
#7794
Commits on Mar 3, 2019
-
resource/aws_cloudfront_distribution: Remove
viewer_certificatecon……figuration block argument `ConflictsWith` usage and fix various related issues with deployment timing References: * #7773 * #3077 * #1074 * #260 Here we remove the problematic `viewer_certificate` argument `ConflictsWith` schema configuration as it interferes with Terraform Module usage until Terraform 0.12 is more prevalent. More details: #7773 (comment) When writing acceptance testing to cover setting both the `viewer_certificate` configuration block `acm_certificate_arn` and `cloudfront_default_certificate` arguments being defined, the below error was consistently happening when the test configuration included `enabled = false`: ``` --- FAIL: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn (1935.57s) testing.go:599: Error destroying resource! WARNING: Dangling resources may exist. The full state and error is shown below. Error: Error applying: 1 error occurred: * aws_cloudfront_distribution.test (destroy): 1 error occurred: * aws_cloudfront_distribution.test: CloudFront Distribution E3GDAPNU6UPO0O cannot be deleted: PreconditionFailed: The request failed because it didn't meet the preconditions in one or more request-header fields. status code: 412, request id: 4e73a086-3c33-11e9-832f-7732257f45e8 ``` While debugging this the following further issues were encountered: * The resource did not wait for deployment to complete on creation and updates so in the acceptance testing the deletion function was always handling `InProgress` operations. * Disabled distributions would always update the distribution on deletion to disable them without checking if it was necessary, causing unnecessary delays. * The `PreconditionFailed` error seemed to be related to some eventual consistency issue within CloudFront right after disabling the distribution, which was always done. Retrying was a sufficient workaround for the error. * The deletion process did not ignore `NoSuchDistribution` errors such as the below: ``` --- FAIL: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn (1835.97s) testing.go:599: Error destroying resource! WARNING: Dangling resources may exist. The full state and error is shown below. Error: Error applying: 1 error occurred: * aws_cloudfront_distribution.test (destroy): 1 error occurred: * aws_cloudfront_distribution.test: CloudFront Distribution E2HQM77NFHV9T cannot be deleted: NoSuchDistribution: The specified distribution does not exist. ``` This changeset bundles all these fixes together as they are related. Previous output for `ConflictsWith` acceptance testing: ``` --- FAIL: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn_ConflictsWithCloudFrontDefaultCertificate (1.64s) testing.go:538: Step 0 error: config is invalid: 2 problems: - aws_cloudfront_distribution.test: "viewer_certificate.0.acm_certificate_arn": conflicts with viewer_certificate.0.cloudfront_default_certificate - aws_cloudfront_distribution.test: "viewer_certificate.0.cloudfront_default_certificate": conflicts with viewer_certificate.0.acm_certificate_arn ``` Output from acceptance testing: ``` --- PASS: TestAccAWSCloudFrontDistribution_Origin_EmptyDomainName (2.15s) --- PASS: TestAccAWSCloudFrontDistribution_Origin_EmptyOriginID (2.19s) --- PASS: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn_ConflictsWithCloudFrontDefaultCertificate (1915.48s) --- PASS: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn (1958.08s) --- PASS: TestAccAWSCloudFrontDistribution_noCustomErrorResponseConfig (2121.58s) --- PASS: TestAccAWSCloudFrontDistribution_HTTP11Config (2123.60s) --- PASS: TestAccAWSCloudFrontDistribution_orderedCacheBehavior (2126.73s) --- PASS: TestAccAWSCloudFrontDistribution_noOptionalItemsConfig (2126.82s) --- PASS: TestAccAWSCloudFrontDistribution_IsIPV6EnabledConfig (2176.09s) --- PASS: TestAccAWSCloudFrontDistribution_customOrigin (2178.92s) --- PASS: TestAccAWSCloudFrontDistribution_S3Origin (2178.98s) --- PASS: TestAccAWSCloudFrontDistribution_multiOrigin (2179.08s) --- PASS: TestAccAWSCloudFrontDistribution_S3OriginWithTags (3251.14s) ```
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.