action.fixed_response.message_body in aws_lb_listener_rule is validated not by length, but by bytes #19846
Closed as not planned
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform CLI and Terraform AWS Provider Version
Terraform v0.14.6
aws provider 3.45.0
Affected Resource(s)
- aws_alb_listener_rule
Terraform Configuration Files
resource "aws_lb_listener_rule" "restriction_per_domain_deny" {
listener_arn = aws_lb_listener.https.arn
count = length(var.company_domains_and_ips)
priority = local.priority_starts_at + 2 * count.index + 1
condition {
host_header {
values = [element(var.company_domains_and_ips, count.index)["domain"]]
}
}
action {
type = "fixed-response"
fixed_response {
content_type = "text/html"
message_body = file("${path.module}/html/source_ip_not_allowed.html")
status_code = "403"
}
}
}source_ip_not_allowed.html
<!DOCTYPE html>
<html>
<head>
<title>アクセスが拒否されました</title>
<meta charset="UTF-8"/>
<style type="text/css">
body, html {
background-color: #fff;
color: #3a3d40;
font-family: -apple-system, BlinkMacSystemFont, "ヒラギノ角ゴ Pro W3", "Hiragino Kaku Gothic Pro", Osaka, "メイリオ", Meiryo, "MS Pゴシック", "MS P Gothic", Verdana, "Helvetica Neue", Helvetica, Arial, sans-serif;
-webkit-font-smoothing: antialiased;
font-size: 14px;
line-height: 1.7;
margin: 0;
}
</style>
</head>
<body>
<div style="margin: 100px auto 20px; max-width: 600px; padding: 0 10px; text-align: center;">
<h1 style="font-size: 28px;margin-top: 40px">アクセスが拒否されました</h1>
<p>いつもご利用いただきありがとうございます。<br>許可されていないIPアドレスからアクセスされているためサービスを表示できません。<br>接続しているネットワークを確認の上、再度アクセスしてください。
</div>
</body>
</html>Debug Output
Panic Output
none
Expected Behavior
terraform plan succeeds without validation error
Actual Behavior
$ terraform plan
Error: expected length of action.0.fixed_response.0.message_body to be in the range (0 - 1024), got <!DOCTYPE html>
<html>
<head>
<title>アクセスが拒否されました</title>
<meta charset="UTF-8"/>
<style type="text/css">
body, html {
background-color: #fff;
color: #3a3d40;
font-family: -apple-system, BlinkMacSystemFont, "ヒラギノ角ゴ Pro W3", "Hiragino Kaku Gothic Pro", Osaka, "メイリオ", Meiryo, "MS Pゴシック", "MS P Gothic", Verdana, "Helvetica Neue", Helvetica, Arial, sans-serif;
-webkit-font-smoothing: antialiased;
font-size: 14px;
line-height: 1.7;
margin: 0;
}
</style>
</head>
<body>
<div style="margin: 100px auto 20px; max-width: 600px; padding: 0 10px; text-align: center;">
<h1 style="font-size: 28px;margin-top: 40px">アクセスが拒否されました</h1>
<p>いつもご利用いただきありがとうございます。<br>許可されていないIPアドレスからアクセスされているためサービスを表示できません。<br>接続しているネットワークを確認の上、再度アクセスしてください。
</div>
</body>
</html>
on ../modules/foobar/lb.tf line 120, in resource "aws_lb_listener_rule" "ip_restriction_per_domain_deny":
120: message_body = file("${path.module}/html/source_ip_not_allowed.html")
Steps to Reproduce
terraform plan
Important Factoids
$ wc -c terraform/modules/foobar/html/source_ip_not_allowed.html
1096 terraform/modules/teamup/html/source_ip_not_allowed.html
$ wc -m terraform/modules/foobar/html/source_ip_not_allowed.html
834 terraform/modules/teamup/html/source_ip_not_allowed.html
References
- r/lb_listener_rule - add validations + tagging support #19285
StringLenBetween()validates not by string length, but by byte length https://github.com/hashicorp/terraform-plugin-sdk/blob/112e2164c381d80e8ada3170dac9a8a5db01079a/helper/validation/strings.go#L79