The terraform-provider-ibm_v1.68.1 plugin crashed when trying to update Code Engine Secrets

[GesaSchirren]

Terraform Plugin is crashing when trying to update Code Engine Secrets, was working with ibm-cloud/ibm v1.67.1

Terraform CLI and Terraform IBM Provider Version

Running on schematics workspace - ibm-cloud/ibm v1.68.1

Affected Resource(s)

Code Engine Secrets

Debug Output

 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply |   with module.a.ibm_database.a_xxxhiddenxxx,
 2024/08/26 13:02:03 Terraform apply |   on stage/xxxhiddenxxx.tf line 1, in resource "ibm_database" "a_xxxhiddenxxx":
 2024/08/26 13:02:03 Terraform apply |    1: resource "ibm_database" "a_xxxhiddenxxx" {
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | (and one more similar warning elsewhere)
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | Error: Plugin did not respond
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply |   with module.stage.ibm_code_engine_secret.a_secrets,
 2024/08/26 13:02:03 Terraform apply |   on stage/ce-secrets.tf line 151, in resource "ibm_code_engine_secret" "a_secrets":
 2024/08/26 13:02:03 Terraform apply |  151: resource "ibm_code_engine_secret" "a_secrets" {
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | The plugin encountered an error, and failed to respond to the
 2024/08/26 13:02:03 Terraform apply | plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain
 2024/08/26 13:02:03 Terraform apply | more details.
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | Error: Request cancelled
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply |   with module.stage.ibm_code_engine_secret.b_secrets,
 2024/08/26 13:02:03 Terraform apply |   on stage/ce-secrets.tf line 170, in resource "ibm_code_engine_secret" "b_secrets":
 2024/08/26 13:02:03 Terraform apply |  170: resource "ibm_code_engine_secret" "b_secrets" {
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | The plugin.(*GRPCProvider).ApplyResourceChange request was cancelled.
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | Error: Request cancelled
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply |   with module.stage.ibm_code_engine_secret.c_secrets,
 2024/08/26 13:02:03 Terraform apply |   on stage/ce-secrets.tf line 209, in resource "ibm_code_engine_secret" "c_secrets":
 2024/08/26 13:02:03 Terraform apply |  209: resource "ibm_code_engine_secret" "c_secrets" {
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | The plugin.(*GRPCProvider).ApplyResourceChange request was cancelled.
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | Error: Request cancelled
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply |   with module.stage.ibm_code_engine_secret.d_secrets,
 2024/08/26 13:02:03 Terraform apply |   on stage/ce-secrets.tf line 302, in resource "ibm_code_engine_secret" "d_secrets":
 2024/08/26 13:02:03 Terraform apply |  302: resource "ibm_code_engine_secret" "d_secrets" {
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | The plugin.(*GRPCProvider).ApplyResourceChange request was cancelled.
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | Stack trace from the terraform-provider-ibm_v1.68.1 plugin:
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | panic: interface conversion: interface {} is string, not map[string]interface {}
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | goroutine 111 [running]:
 2024/08/26 13:02:03 Terraform apply | github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/codeengine.resourceIbmCodeEngineSecretUpdate({0x57208b0, 0xc0002b22a0}, 0xc00181e880, {0x4c74b80, 0xc0000cd508})
 2024/08/26 13:02:03 Terraform apply |  github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/codeengine/resource_ibm_code_engine_secret.go:453 +0x926
 2024/08/26 13:02:03 Terraform apply | github.com/IBM-Cloud/terraform-provider-ibm/ibm/provider.wrapResource.wrapFunction.func5({0x57208b0?, 0xc0002b22a0?}, 0x1176592e000?, {0x4c74b80?, 0xc0000cd508?})
 2024/08/26 13:02:03 Terraform apply |  github.com/IBM-Cloud/terraform-provider-ibm/ibm/provider/provider.go:1618 +0x2c
 2024/08/26 13:02:03 Terraform apply | github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xc0016dfdc0, {0x5720808, 0xc001820840}, 0xc00181e880, {0x4c74b80, 0xc0000cd508})
 2024/08/26 13:02:03 Terraform apply |  github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:812 +0x119
 2024/08/26 13:02:03 Terraform apply | github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc0016dfdc0, {0x5720808, 0xc001820840}, 0xc001899d40, 0xc00181e700, {0x4c74b80, 0xc0000cd508})
 2024/08/26 13:02:03 Terraform apply |  github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:919 +0x83a
 2024/08/26 13:02:03 Terraform apply | github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc000147f08, {0x5720808?, 0xc001820780?}, 0xc00087e2d0)
 2024/08/26 13:02:03 Terraform apply |  github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/grpc_provider.go:1060 +0xd5c
 2024/08/26 13:02:03 Terraform apply | github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc000606000, {0x5720808?, 0xc001871d40?}, 0xc0005947e0)
 2024/08/26 13:02:03 Terraform apply |  github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/tf5server/server.go:859 +0x56f
 2024/08/26 13:02:03 Terraform apply | github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x4ae5060, 0xc000606000}, {0x5720808, 0xc001871d40}, 0xc000594690, 0x0)
 2024/08/26 13:02:03 Terraform apply |  github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:467 +0x1a6
 2024/08/26 13:02:03 Terraform apply | google.golang.org/grpc.(*Server).processUnaryRPC(0xc00042a780, {0x572c8a0, 0xc001665040}, 0xc001818d80, 0xc0016c85a0, 0x7a10a78, 0x0)
 2024/08/26 13:02:03 Terraform apply |  google.golang.org/grpc@v1.57.1/server.go:1358 +0xde3
 2024/08/26 13:02:03 Terraform apply | google.golang.org/grpc.(*Server).handleStream(0xc00042a780, {0x572c8a0, 0xc001665040}, 0xc001818d80, 0x0)
 2024/08/26 13:02:03 Terraform apply |  google.golang.org/grpc@v1.57.1/server.go:1735 +0x9da
 2024/08/26 13:02:03 Terraform apply | google.golang.org/grpc.(*Server).serveStreams.func1.1()
 2024/08/26 13:02:03 Terraform apply |  google.golang.org/grpc@v1.57.1/server.go:970 +0xbb
 2024/08/26 13:02:03 Terraform apply | created by google.golang.org/grpc.(*Server).serveStreams.func1 in goroutine 67
 2024/08/26 13:02:03 Terraform apply |  google.golang.org/grpc@v1.57.1/server.go:981 +0x136
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | Error: The terraform-provider-ibm_v1.68.1 plugin crashed!
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform apply | This is always indicative of a bug within the plugin. It would be immensely
 2024/08/26 13:02:03 Terraform apply | helpful if you could report the crash with the plugin's maintainers so that it
 2024/08/26 13:02:03 Terraform apply | can be fixed. The output above should help diagnose the issue.
 2024/08/26 13:02:03 Terraform apply | 
 2024/08/26 13:02:03 Terraform APPLY error: Terraform APPLY errorexit status 1
 2024/08/26 13:02:03 Could not execute job: Error : Terraform APPLY errorexit status 1

[hkantare]

@michael-magrian can some one from team look into the issue

[michael-magrian]

Hey @GesaSchirren, can you please provide the Terraform specification that lead to this issue?

[GesaSchirren]

I will try, we just implemented a more automated secret rotation, so there might be bugs in our specification, as far as i know, it was working with 1.67.1 and we just updated to 1.68.1 last week. I also don't want to expose all of our specification.

code-engine-secrets.tf

resource "ibm_code_engine_secret" "a_secrets" {
  project_id = ibm_code_engine_project.stage_project.project_id
  name       = "a-secrets"
  format     = "generic"
  data = {
    PGHOST     = data.ibm_database_connection.pg_connection.postgres[0].hosts[0].hostname
    PGPASSWORD = postgresql_role.pg_roles[var.pg_a_user].password
    PGPORT     = data.ibm_database_connection.pg_connection.postgres[0].hosts[0].port
    PGUSER     = var.pg_a_user
  }

}

postgres_roles.tf

resource "postgresql_role" "pg_roles" {
  for_each        = toset(var.pg_roles)
  name            = each.value
  login           = true
  create_database = true
  password        = ibm_sm_username_password_secret.pg_role_credentials[each.key].password
}

postgres_secrets.tf

resource "ibm_sm_username_password_secret" "pg_role_credentials" {
  for_each    = toset(var.pg_roles)
  instance_id = var.secrets_manager.guid
  region      = "eu-de"
  password_generation_policy {
    length            = 32
    include_digits    = true
    include_symbols   = true
    include_uppercase = true
  }
  rotation {
    auto_rotate = true
    interval    = 42
    unit        = "day"
  }
  secret_group_id = var.stage_secret_group_id
  name            = replace("${var.pg_prefix}-pg-${each.value}", "_", "-")
  username        = each.value

So we have a secret in the secrets manager that rotates and sets a new password for the database and then the password in the code engine secret gets updated.

[michael-magrian]

Thank for for the added definitions. I don't really see any changes in the provider between the versions 1.67.1 and 168.1 on that specific resource type, but I'll try to trigger the error on our side with a similar setup. I'll get back to you.

[michael-magrian]

Alright, I can confirm that this is a regression in the ibm_code_engine_secret update operation. I suggest you revert back to version 1.67.1 for this resource and we'll work on providing a fix as soon as we can. Sorry for the inconvenience.

[GesaSchirren]

Alright, thanks for looking into it so quickly!

[michael-magrian]

Opened a PR to fix the reported issue: https://github.com/IBM-Cloud/terraform-provider-ibm/pull/5584

@hkantare would you be able to review the small change?