Set default branch then apply: get a validation error

[rodlogic]

Create a new code-commit reporistory in terraform without specifying the default branch:

resource "aws_codecommit_repository" "OPS-GLOBAL" {
  repository_name = "ops-global"
  description = "System Operations | Global resources"
}

Now clone the empty repo, create 1 commit, set the default branch and push.

Run apply again and you will get the following error:

* aws_codecommit_repository.OPS-INFRASTRUCTURE: Error Updating Default Branch for CodeCommit Repository: InvalidParameter: 1 validation errors:
- field too short, minimum length 1: DefaultBranchName

It seems to be trying to update the default branch when it shouldn't since my .tf file never sets one.

[keymon]

I was about to open the same issue and found this one! :)

I paste my notes for further information:

First issue: Failure trying to set default branch when default_branch is not set.

default_branch is meant to be optional, but if not set terraform tries to set it to "empty string" "".

Error description:

Given this definition, with default branch commented:

provider "aws" {
  region = "us-east-1"
}

variable "git_rsa_id_pub" {
  description = "Public SSH key for the git user"
}

resource "aws_codecommit_repository" "myrepo" {
  provider = "aws"
  repository_name = "concourse-pool-hector3"
  description = "Test default_branch bug"
  # default_branch = "master"
}

resource "aws_iam_user" "mygituser" {
  name = "mygituser"
}

resource "aws_iam_user_ssh_key" "mygituser" {
  username = "${aws_iam_user.mygituser.name}"
  encoding = "PEM"
  public_key = "${var.git_rsa_id_pub}"
}

resource "aws_iam_policy_attachment" "manage_ec2" {
  name = "ManageEC2"
  users = ["${aws_iam_user.mygituser.name}"]
  policy_arn = "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess"
}


output "myrepo_url" {
    value = "${aws_codecommit_repository.myrepo.clone_url_ssh}"
}
output "mygituser_ssh_id" {
    value = "${aws_iam_user_ssh_key.mygituser.ssh_public_key_id}"
}

output "myrepo_fullurl" {
  # convert the ssh:// url to a scp like connect string and add the git user
  value = "ssh://${aws_iam_user_ssh_key.mygituser.ssh_public_key_id}@${replace(aws_codecommit_repository.myrepo.clone_url_ssh, "/^ssh://([^/]+)//", "$1/")}"
}

First execution works, but commiting and pushing a branch:

git clone ssh://[email protected]/v1/repos/myrepo
(cd myrepo && git commit -m "first commit" --allow-empty && git push )

It will make crash next runs:

$ terraform apply -var git_rsa_id_pub="$(< ~/.ssh/id_rsa.pub)"
aws_codecommit_repository.myrepo: Refreshing state... (ID: myrepo)
aws_iam_user.mygituser: Refreshing state... (ID: mygituser)
aws_iam_policy_attachment.manage_ec2: Refreshing state... (ID: ManageEC2)
aws_iam_user_ssh_key.mygituser: Refreshing state... (ID: APKAIMHVLUGM3PKKQG7Q)
aws_codecommit_repository.myrepo: Modifying...
  default_branch: "master" => ""
Error applying plan:

1 error(s) occurred:

* aws_codecommit_repository.myrepo: Error Updating Default Branch for CodeCommit Repository: InvalidParameter: 1 validation errors:
- field too short, minimum length 1: DefaultBranchName

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Expected result

Terraform should not try to update the default branch, or query it and keep the same value.

Workaround.

One can pass the default branch as a variable. You can read it using awscli, passing an empty string on creation or if there are no branches and the default branch if it is.

See an example in alphagov/paas-cf#177

First issue: specify default_branch in a new repository will fail

Not sure if that is expected, but probably it is not as you cannot specify repositories that already exist.

Error

Given this resource:

resource "aws_codecommit_repository" "myrepo" {
  provider = "aws"
  repository_name = "myrepo"
  description = "Test default_branch bug"
  default_branch = "master"
}

will fail with this error, as the branch does indeed does not exist.

* aws_codecommit_repository.myrepo: Error Updating Default Branch for CodeCommit Repository: BranchDoesNotExistException: refs/heads/master does not exist
    status code: 400, request id: 602207c9-f5ca-11e5-8fee-192d1195a91f

Expected behaviour

It should detect that the repository has no branches and skip setting the default branch in that case.

[keymon]

PR a patch in #5904.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.