Gone from our sight, but never from our hearts.
– Unknown
Embracing the Messiness in Search of Epic Solutions
– Unknown
Given the following output
block:-
output "subnet_uc1" { description = "Subnets in `us-central1` region for all 3 products" value = { artifactory = module.subnet_uc1_artifactory.subnets.name xray = module.subnet_uc1_xray.subnets.name mc = module.subnet_uc1_mc.subnets.name } }
Sometimes, during an apply
or destroy
, we may get this error:-
Error: Attempt to get attribute from null value on outputs.tf line 40, in output "subnet_uc1": 40: artifactory = module.subnet_uc1_artifactory.subnets.name |---------------- | module.subnet_uc1_artifactory.subnets is null This value is null, so it does not have any attributes. Error: Attempt to get attribute from null value on outputs.tf line 41, in output "subnet_uc1": 41: xray = module.subnet_uc1_xray.subnets.name |---------------- | module.subnet_uc1_xray.subnets is null This value is null, so it does not have any attributes. Error: Attempt to get attribute from null value on outputs.tf line 42, in output "subnet_uc1": 42: mc = module.subnet_uc1_mc.subnets.name |---------------- | module.subnet_uc1_mc.subnets is null This value is null, so it does not have any attributes.
One way to fix this is to do conditional expressions like this, but it’s not pretty:-
output "subnet_uc1" { description = "Subnets in `us-central1` region for all 3 products" value = { artifactory = module.subnet_uc1_artifactory.subnets != null ? module.subnet_uc1_artifactory.subnets.name: "" xray = module.subnet_uc1_xray.subnets != null ?module.subnet_uc1_xray.subnets.name: "" mc = module.subnet_uc1_mc.subnets != null ? module.subnet_uc1_mc.subnets.name: "" } }
Since Terraform v0.12.20, we can solve this with try
and achieve the same outcome:-
output "subnet_uc1" { description = "Subnets in `us-central1` region for all 3 products" value = { artifactory = try(module.subnet_uc1_artifactory.subnets.name, "") xray = try(module.subnet_uc1_xray.subnets.name, "") mc = try(module.subnet_uc1_mc.subnets.name, "") } }
Forcefully evict a random entity from the system due to overcapacity problem caused by own fault. Then, spend countless of hours cleaning up the mess.
Let’s assume your system has heap size problems and it is about to run out of memory because you implemented endless recursions or have too many running threads.
Only use this design pattern when building any software systems for United Airlines.
When attempting to decrypt the SAML response from IdP, the following exception occurs:-
org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size Original Exception was java.security.InvalidKeyException: Illegal key size at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1822) at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:596) at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:795) at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:535) at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:453) at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:414) at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:199) at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
When inspecting the SAML response payload below, the data is encrypted with AES-256:-
<?xml version="1.0" encoding="UTF-8"?> <samlp:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://server/my-app/saml/SSO" ID="_370d6ba5-177c-494b-9147-2eafd9ecb6c9" InResponseTo="a5c5dja1i5fgb2bf2e66f6g9g5398gj" IssueInstant="2016-02-18T15:28:43.473Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs-server/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </e:EncryptionMethod> <KeyInfo> <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509IssuerSerial> <ds:X509IssuerName>CN=server</ds:X509IssuerName> <ds:X509SerialNumber>1822784706</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </KeyInfo> <e:CipherData> <e:CipherValue>isG83fVk50fJRIcg...</e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue>+b2o6HNxaxsse7rkB...</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </EncryptedAssertion> </samlp:Response>
By default, Java’s keysize is limited to 128-bit key due to US export laws and a few countries’ import laws.
To fix this…
Bruce had me up to three miles a day, really at a good pace. We’d run the three miles in twenty-one or twenty-two minutes. Just under eight minutes a mile [Note: when running on his own in 1968, Lee would get his time down to six-and-a-half minutes per mile].
So this morning he said to me “We’re going to go five.”
I said, “Bruce, I can’t go five. I’m a helluva lot older than you are, and I can’t do five.”
He said, “When we get to three, we’ll shift gears and it’s only two more and you’ll do it.”
I said “Okay, hell, I’ll go for it.”
So we get to three, we go into the fourth mile and I’m okay for three or four minutes, and then I really begin to give out.
I’m tired, my heart’s pounding, I can’t go any more and so I say to him, “Bruce if I run any more,” — and we’re still running — “if I run any more I’m liable to have a heart attack and die.” He said, “Then die.” It made me so mad that I went the full five miles.
Afterward I went to the shower and then I wanted to talk to him about it. I said, you know, “Why did you say that?” He said, “Because you might as well be dead. Seriously, if you always put limits on what you can do, physical or anything else, it’ll spread over into the rest of your life. It’ll spread into your work, into your morality, into your entire being. There are no limits. There are plateaus, but you must not stay there, you must go beyond them. If it kills you, it kills you. A man must constantly exceed his level.”