Terraform-provider-aws: aws_codebuild_webhook fails if branch_filter is not set

Created on 6 Mar 2019 · 10Comments · Source: hashicorp/terraform-provider-aws

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.11
+ provider.aws v2.0.0
+ provider.github v1.3.0

Affected Resource(s)

aws_codebuild_webhook

Terraform Configuration Files

resource "aws_codebuild_webhook" "test-hook" {
  project_name = "${aws_codebuild_project.test-project.name}"
}

Debug Output

2019-03-06T19:47:24.266+0100 [DEBUG] plugin.terraform-provider-aws_v1.59.0_x4: 2019/03/06 19:47:24 [DEBUG] [aws-sdk-go] {"__type":"ValidationException","message":"1 validation error detected: Value '' at 'newProjectVersion.webhook.branches' failed to satisfy constraint: Member must have length greater than or equal to 1"}
2019-03-06T19:47:24.266+0100 [DEBUG] plugin.terraform-provider-aws_v1.59.0_x4: 2019/03/06 19:47:24 [DEBUG] [aws-sdk-go] DEBUG: Validate Response codebuild/CreateWebhook failed, not retrying, error ValidationException: 1 validation error detected: Value '' at 'newProjectVersion.webhook.branches' failed to satisfy constraint: Member must have length greater than or equal to 1

Expected Behavior

the webhook is created and all branches are built per default (as documented, see https://www.terraform.io/docs/providers/aws/r/codebuild_webhook.html#argument-reference)

Actual Behavior

creation fails, because newProjectVersion.webhook.branches is empty

Steps to Reproduce

terraform apply

Important Factoids

adding the branch_filter attribute with a wildcard (.*) will match all branches and the webhook will be created:

resource "aws_codebuild_webhook" "test-hook" {
  project_name = "${aws_codebuild_project.test-project.name}"
  branch_filter = ".*"
}

References

the issue/fix is described on stackoverflow
https://stackoverflow.com/questions/55021577/terraform-aws-codebuild-validation-issue-webhook-branches

serviccodebuild upstream

Source

hex2a

👍6

Most helpful comment

If we get confirmation (e.g. from AWS Support) that the CodeBuild behavior did change to now require branch filter to have a regular expression if specified, this pull request should handle the change: #7841

bflad on 6 Mar 2019

👍2 🎉1

All 10 comments

Hmm. We haven't changed the implementation of this resource since June 2018: https://github.com/terraform-providers/terraform-provider-aws/commits/master/aws/resource_aws_codebuild_webhook.go

AWS Go SDK v1.16.32 (February 11, 2019) includes changes to support customized webhook filters, but it doesn't appear they are required at first glance: https://github.com/aws/aws-sdk-go/compare/v1.16.31...v1.16.32#diff-5a543e8f789eacfd6a71409fccaa305c

AWS Go SDK v1.17.3 (February 21, 2019) includes changes to support features outside webhooks: https://github.com/aws/aws-sdk-go/compare/v1.17.2...v1.17.3#diff-5a543e8f789eacfd6a71409fccaa305c

It'd be helpful if folks could include their Terraform AWS Provider versions (including or outside v2.0.0) to narrow down if this is a change in behavior was caused by our code or something within CodeBuild itself like a service update.

bflad on 6 Mar 2019

As of current writing the CodeBuild CreateWebhook API documentation still shows the previous behavior for the branchFilter parameter:

branchFilter
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.

bflad on 6 Mar 2019

👍2 🎉1

this also occurs with v1.59.0 of the aws provider.

is there an AWS support case yet?

hex2a on 6 Mar 2019

Facing similar issues. This is from the TE console

`
Error: Error applying plan:

5 error(s) occurred:

module.code_build_em_iam.aws_codebuild_webhook.bitbucket_webhook: 1 error(s) occurred:
aws_codebuild_webhook.bitbucket_webhook: ValidationException: 1 validation error detected: Value '' at 'newProjectVersion.webhook.branches' failed to satisfy constraint: Member must have length greater than or equal to 1
status code: 400, request id: 4e3ae515-404e-11e9-9342-2ba04e021188
module.code_build_em_tenant_lookup_service.aws_codebuild_webhook.bitbucket_webhook: 1 error(s) occurred:
aws_codebuild_webhook.bitbucket_webhook: ValidationException: 1 validation error detected: Value '' at 'newProjectVersion.webhook.branches' failed to satisfy constraint: Member must have length greater than or equal to 1
status code: 400, request id: 4e3a96e7-404e-11e9-9591-114c62f18c8a
module.code_build_example_service_best_node.aws_codebuild_webhook.bitbucket_webhook: 1 error(s) occurred:
aws_codebuild_webhook.bitbucket_webhook: ValidationException: 1 validation error detected: Value '' at 'newProjectVersion.webhook.branches' failed to satisfy constraint: Member must have length greater than or equal to 1
status code: 400, request id: 4e3c4481-404e-11e9-8f13-7f2bbf2bc2b0
module.code_build_greenville-ui.aws_codebuild_webhook.bitbucket_webhook: 1 error(s) occurred:
aws_codebuild_webhook.bitbucket_webhook: ValidationException: 1 validation error detected: Value '' at 'newProjectVersion.webhook.branches' failed to satisfy constraint: Member must have length greater than or equal to 1
status code: 400, request id: 4e353f80-404e-11e9-a49d-c9d632f91331
module.code_build_shared_services.aws_codebuild_webhook.bitbucket_webhook: 1 error(s) occurred:
aws_codebuild_webhook.bitbucket_webhook: ValidationException: 1 validation error detected: Value '' at 'newProjectVersion.webhook.branches' failed to satisfy constraint: Member must have length greater than or equal to 1
status code: 400, request id: 4e3b8151-404e-11e9-83f0-9d34c07e64b2
`
This is happening with any new Codebuild Projects being created. The old projects are still connected via the webhook with no issues. We are using Bitbucket webhook.

vibhuyadav on 7 Mar 2019

https://docs.aws.amazon.com/codebuild/latest/userguide/sample-bitbucket-pull-request.html#sample-bitbucket-pull-request-filter-webhook-events

vibhuyadav on 7 Mar 2019

@bflad @hex2a I did the following to make it work -

resource "aws_codebuild_webhook" "bitbucket_webhook" {
  project_name = "${aws_codebuild_project.codebuild.name}"
  depends_on   = ["aws_codebuild_project.codebuild"]
  branch_filter = ".*"
}

Seems branch filter is not optional anymore even though it says on the console.

vibhuyadav on 7 Mar 2019

@bflad - This is a bug. We are reverting the change that introduced it, which should fix this issue. Thanks for bringing it to our attention.

subinataws on 11 Mar 2019

🚀1 🎉1

This was fixed upstream, but we also just merged the change to only pass the branch filter configuration if its actually configured within Terraform. This should prevent this issue in the future should the same problem occur upstream again or the field is completely deprecated. That code update will release with version 2.2.0 of the Terraform AWS Provider, likely later today.

bflad on 14 Mar 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!