search

Azure / ALZ-PowerShell-Module

The Azure Landing Zones Accelerators PowerShell module
https://www.powershellgallery.com/packages/ALZ/
MIT License
79 stars 39 forks source link

Bug: ALZ-PowerShell-Module Crashes with Terraform terraform-provider-azapi_v2.0.1.exe plugin when Processing Region Data #230

Closed marckean closed 1 month ago

marckean commented 1 month ago

Is there an existing issue for this?

Infrastructure as Code Type? (Required)

bicep

PowerShell Module Version (Optional)

4.0.3

Bootstrap Module Version (Optional)

4.0.7

Starter Module? (Required)

bicep - complete

Starter Module Version (Optional)

No response

Input arguments of the ALZ-PowerShell-Module (Optional)

No response

Debug Output/Panic Output (Optional)

No response

Expected Behaviour (Required)

The Terraform azapi provider should correctly process the region data from the Microsoft.Resources/subscriptions@2022-12-01 API without crashing, regardless of whether float values are present in the API response.

Environment:

Actual Behaviour (Required)

I’m encountering a crash in the ALZ-PowerShell-Module when using Terraform code with the azapi provider (terraform-provider-azapi_v2.0.1.exe plugin) to retrieve region data from the Microsoft.Resources/subscriptions@2022-12-01 API. The issue appears to be related to how region information is processed, potentially due to floating-point numbers in the API response.

Despite trying different versions of the azapi provider (by editing the version in Get-AzureRegionData.ps1 in the ALZ-PowerShell-Module), the crash persists, indicating that this might be an issue with how the module or Terraform handles the response from the API. I have attempted to hardcode region data to work around the issue, but the crash still occurs when using the dynamic API response.

Steps to Reproduce (Optional)

  1. Use the following Terraform code:

`terraform { required_providers { azapi = { source = "azure/azapi" version = "~> 2.0.1" } } }

data "azapi_client_config" "current" {}

data "azapi_resource_action" "locations" { type = "Microsoft.Resources/subscriptions@2022-12-01" action = "locations" method = "GET" resource_id = "/subscriptions/${data.azapi_client_config.current.subscription_id}" response_export_values = ["value"] }

locals { regions = { for region in jsondecode(data.azapi_resource_action.locations.output).value : region.name => { display_name = region.displayName zones = try([ for zone in region.availabilityZoneMappings : zone.logicalZone ], []) } if region.metadata.regionType == "Physical" } }

output "regions_and_zones" { value = local.regions } `

  1. Run terraform apply.

  2. The crash occurs with an error message indicating an invalid memory address or null pointer dereference, which seems related to floats in the API response.

Important Factoids (Optional)

No response

References (Optional)

The following error message appears in the crash log:

`│ Error: Plugin did not respond │ │ The plugin encountered an error, and failed to respond to the plugin6.(*GRPCProvider).ReadDataSource call. The plugin logs may contain more details. ╵

Stack trace from the terraform-provider-azapi_v2.0.1.exe plugin:

panic: runtime error: invalid memory address or nil pointer dereference [signal 0xc0000005 code=0x0 addr=0x0 pc=0x8b4599]

goroutine 51 [running]: github.com/Azure/terraform-provider-azapi/internal/clients.(ResourceManagerAccount).GetTenantId(0xc000206d70) github.com/Azure/terraform-provider-azapi/internal/clients/account.go:44 +0x139 github.com/Azure/terraform-provider-azapi/internal/services.(ClientConfigDataSource).Read(0xc0005fe010, {0xfaeb218, 0xc001706990}, {{{{0xfaf06c0, 0xc001707260}, {0xd465c0, 0xc0017071d0}}, {0xfaf32a0, 0xc00167c9c0}}, {{{0x0, ...}, ...}, ...}, ...}, ...) github.com/Azure/terraform-provider-azapi/internal/services/azapi_client_config_data_source.go:79 +0x385 github.com/hashicorp/terraform-plugin-framework/internal/fwserver.(Server).ReadDataSource(0xc0002621e0, {0xfaeb218, 0xc001706990}, 0xc0005f0380, 0xc0018176d8) github.com/hashicorp/terraform-plugin-framework@v1.11.0/internal/fwserver/server_readdatasource.go:103 +0x771 github.com/hashicorp/terraform-plugin-framework/internal/proto6server.(Server).ReadDataSource(0xc0002621e0, {0xfaeb218?, 0xc001706810?}, 0xc001706780) github.com/hashicorp/terraform-plugin-framework@v1.11.0/internal/proto6server/server_readdatasource.go:55 +0x3fc github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(server).ReadDataSource(0xc000265220, {0xfaeb218?, 0xc001535b00?}, 0xc0003a61e0) github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov6/tf6server/server.go:688 +0x290 github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ReadDataSource_Handler({0xe4c020?, 0xc000265220}, {0xfaeb218, 0xc001535b00}, 0xc0005f6000, 0x0) github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:572 +0x169 google.golang.org/grpc.(Server).processUnaryRPC(0xc000195000, {0xfaeb218, 0xc001535a10}, {0xfaf1438, 0xc000174000}, 0xc0005f2000, 0xc00036ad50, 0x10151cc0, 0x0) google.golang.org/grpc@v1.65.0/server.go:1379 +0xe23 google.golang.org/grpc.(Server).handleStream(0xc000195000, {0xfaf1438, 0xc000174000}, 0xc0005f2000) google.golang.org/grpc@v1.65.0/server.go:1790 +0x1016 google.golang.org/grpc.(Server).serveStreams.func2.1() google.golang.org/grpc@v1.65.0/server.go:1029 +0x8b created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 36 google.golang.org/grpc@v1.65.0/server.go:1040 +0x135

Error: The terraform-provider-azapi_v2.0.1.exe plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue. `

jaredfholgate commented 1 month ago

Hi @marckean. I am unable to replicate this issue.

The error is indicating the issue is in the azapi_client_config data source when retrieving the tenant id. Can you run that data source in isolation and see if you still get the same issue?

Some thoughts:

I have tested with az cli and using a Service Principal with env vars and both are working for me with both versions of AzAPI.

Aside from that:

I am not sure why you would be seeing the issue with AzAPI v2.0.1, since we have a version constraint targeting v1 in the code: https://github.com/Azure/ALZ-PowerShell-Module/blob/main/src/ALZ/Private/Config-Helpers/Get-AzureRegionData.ps1

The code doesn't work with AzAPI v2.0.1 due to the jsondecode function. It needs to be changed to:

terraform {
  required_providers {
    azapi = {
        source  = "azure/azapi"
        version = "~> 2.0.1"
    }
  }
}

data "azapi_client_config" "current" {}

data "azapi_resource_action" "locations" {
  type                   = "Microsoft.Resources/subscriptions@2022-12-01"
  action                 = "locations"
  method                 = "GET"
  resource_id            = "/subscriptions/${data.azapi_client_config.current.subscription_id}"
  response_export_values = ["value"]
}

locals {
  regions = { for region in data.azapi_resource_action.locations.output.value : region.name => {
      display_name = region.displayName
      zones = try([ for zone in region.availabilityZoneMappings : zone.logicalZone ], [])
    } if region.metadata.regionType == "Physical"
  }
}

output "regions_and_zones" {
  value = local.regions
}

However that does not account for the provider exception you are seeing.

marckean commented 1 month ago

Apols, not following about the data source thing, and isolation - what do you mean by this exactly?

Everything is driven from PowerShell 7 Core as per the doc, and Azure is signed, I can see VMs etc Get-AZVM for example. So def, correct tenant & subscription. Also, from within this PowerShell 7 Core, I can run AZ commands, and I can run az account show verify that I am logged into the correct tenant/sub.

As for AzAPI v2.0.1,- as i mentioned above, I manually edited one of the files in the module during troubleshooting, this file Get-AzureRegionData.ps1 has the version in there with the Terraform language - but this made no difference.

jaredfholgate commented 1 month ago

Apols, not following about the data source thing, and isolation - what do you mean by this exactly?

Everything is driven from PowerShell 7 Core as per the doc, and Azure is signed, I can see VMs etc Get-AZVM for example. So def, correct tenant & subscription. Also, from within this PowerShell 7 Core, I can run AZ commands, and I can run az account show verify that I am logged into the correct tenant/sub.

As for AzAPI v2.0.1,- as i mentioned above, I manually edited one of the files in the module during troubleshooting, this file Get-AzureRegionData.ps1 has the version in there with the Terraform language - but this made no difference.

For the running in isolation. Try running this and see if you still get the issue:

terraform {
  required_providers {
    azapi = {
        source  = "azure/azapi"
        version = "~> 2.0.1"
    }
  }
}

data "azapi_client_config" "current" {}

output "test" {
  value = data.azapi_client_config.current
}
jaredfholgate commented 1 month ago

@marckean I was eventually able to replicate the error you see. The only way I can get the error to show is by running az logout and then running the PowerShell module. When I login again, the error goes away.

jaredfholgate commented 1 month ago

I'll raise an issue to check that there are some active Azure creds before running the module.

marckean commented 1 month ago

Ok, def login related. Running PowerShell Core 7 within VS Code has issues with the Azure CLI. Changing this to the PowerShell extension, this uses PowerShell Core 7 and also works with the Azure CLI as well. I am further than I was before.

jaredfholgate commented 1 month ago

I am closing this issue for now since it appears to be caused by something external to the ALZ PowerShell module. I have raised an issue to provide better feedback in this scenario.