CodeSOD: The Load Balancer Got Terned Off

Ilsa's organization uses Terraform to handle provisioning their infrastructure. This mostly works fine for the organization, but one day it started deleting their load balancer off of AWS for no good reason.

Ilsa investigated, but wasn't exactly sure about why that was happening. What she did find, however, was this particular ternary expression.

resource "aws_lb_listener" "this" { count = var.internal == true || var.provision == true ? length(var.listener) : 0 && var.internal == false || var.provision == true ? length(var.listener) : 0...}

As mentioned yesterday, variable == true in a conditional expression is one of my pet peeves, though I suppose I don't know HCL that well- it may be the case that there may be truthy values that are not true, so this might be necessary (or at least caused by bad choices elsewhere in the system).

In the end, I think this highlights the problem with complicated, nested ternaries. I suspect the reason this misbehaves is the second ternary, which has the condition 0 && var.internal == false || var.provision == true. Because of the first condition, we know provision is false, and anything && 0 is false. This is probably a typo that got munged until it was syntactically valid, and when the person writing it ran their tests, it probably worked just fine with the testing parameters they used.

And then they realased this accident into actual usage and started breaking production.

[Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!