import existing prismacloud_org_cloud_account_v2 resource crashes

BrentDorsey commented 5 months ago

Describe the bug

Using the Terraform CLI import command to import our existing Prisma Cloud GCP Cloud Organization configuration using resource prismacloud_org_cloud_account_v2 crashes.

Expected behavior

The Terraform CLI import command below should load our existing Prisma Cloud GCP Cloud Organization into Terraform state so the the resource can be managed by Terraform.

terraform import prismacloud_org_cloud_account_v2.google_cloud_account [GCP_ORGANIZATION_ID];

Current behavior

Executing the Terraform CLI import command crashes with "failed to respond to the plugin.(*GRPCProvider).ReadResource call."

Stack Trace: terraform import prismacloud_org_cloud_account_v2.google_cloud_account [GCP_ORGANIZATION_ID]; data.prismacloud_account_group.gcp_account_group: Reading... data.prismacloud_account_supported_features.gcp_features: Reading... data.prismacloud_account_supported_features.gcp_features: Read complete after 1s [id=organization] data.prismacloud_account_group.gcp_account_group: Read complete after 7s [id=9a30dcbe-3697-4739-b5a8-5be481763aa5] prismacloud_org_cloud_account_v2.google_cloud_account: Importing from ID "[GCP_ORGANIZATION_ID]"... prismacloud_org_cloud_account_v2.google_cloud_account: Import prepared! Prepared prismacloud_org_cloud_account_v2 for import prismacloud_org_cloud_account_v2.google_cloud_account: Refreshing state... [id=[GCP_ORGANIZATION_ID]] ╷ │ Error: Plugin did not respond │ │ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details. ╵

Stack trace from the terraform-provider-prismacloud_v1.5.3 plugin:

panic: runtime error: index out of range [1] with length 1

goroutine 66 [running]: github.com/terraform-providers/terraform-provider-prismacloud/prismacloud.IdToTwoStrings(...) github.com/terraform-providers/terraform-provider-prismacloud/prismacloud/conversions.go:21 github.com/terraform-providers/terraform-provider-prismacloud/prismacloud.readOrgV2CloudAccount({0x10163bb68, 0x14000281500}, 0x14000516900, {0x1015bd5a0, 0x1400057c1e0}) github.com/terraform-providers/terraform-provider-prismacloud/prismacloud/resource_org_cloud_account_v2.go:1074 +0x278 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).read(0x14000469bc0, {0x10163baf8, 0x14000615800}, 0x14000516900, {0x1015bd5a0, 0x1400057c1e0}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.4.3/helper/schema/resource.go:297 +0x17c github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).RefreshWithoutUpgrade(0x14000469bc0, {0x10163baf8, 0x14000615800}, 0x140001c2230, {0x1015bd5a0, 0x1400057c1e0}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.4.3/helper/schema/resource.go:564 +0x388 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(GRPCProviderServer).ReadResource(0x1400013f098, {0x10163baf8, 0x14000615800}, 0x14000615840) github.com/hashicorp/terraform-plugin-sdk/v2@v2.4.3/helper/schema/grpc_provider.go:575 +0x5a8 github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(server).ReadResource(0x14000173f40, {0x10163bba0, 0x140004ac7e0}, 0x14000280fc0) github.com/hashicorp/terraform-plugin-go@v0.2.1/tfprotov5/server/server.go:298 +0x240 github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0x1015ee880, 0x14000173f40}, {0x10163bba0, 0x140004ac7e0}, 0x140001c2070, 0x0) github.com/hashicorp/terraform-plugin-go@v0.2.1/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:344 +0x1c0 google.golang.org/grpc.(Server).processUnaryRPC(0x14000264700, {0x101647538, 0x140004b8680}, 0x14000726120, 0x140004ac300, 0x101abfc70, 0x0) google.golang.org/grpc@v1.48.0/server.go:1295 +0xb50 google.golang.org/grpc.(Server).handleStream(0x14000264700, {0x101647538, 0x140004b8680}, 0x14000726120, 0x0) google.golang.org/grpc@v1.48.0/server.go:1636 +0xa34 google.golang.org/grpc.(Server).serveStreams.func1.2(0x140004a82e0, 0x14000264700, {0x101647538, 0x140004b8680}, 0x14000726120) google.golang.org/grpc@v1.48.0/server.go:932 +0x94 created by google.golang.org/grpc.(Server).serveStreams.func1 google.golang.org/grpc@v1.48.0/server.go:930 +0x1f0

Error: The terraform-provider-prismacloud_v1.5.3 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue.

Possible solution

None that I'm aware of, applying the Terraform plan without first importing the existing resource will result in Terraform deleting the existing resource.

Steps to reproduce

terraform init -backend=true -backend-config=config.gcs.tfbackend -get=true -input=false -reconfigure -upgrade;
terraform plan -out=terraform.tfplan -input=false;
terraform import prismacloud_org_cloud_account_v2.google_cloud_account [GCP_ORGANIZATION_ID];

Screenshots

prismacloud_org_cloud_account_v2-resource-config

Context

We are unable to automate service account credentials rotation for our Prisma Cloud GCP Cloud Organization.

Your Environment

Version used: Terraform v1.7.1 with provider registry.terraform.io/paloaltonetworks/prismacloud v1.5.3 I've also tested with the previous versions below which also crashed with similar stack trace 1.5.2 1.5.1 1.5.0 1.4.0
Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Not sure what you're asking here?
Operating System and version (desktop or mobile): desktop - macOS Sonoma 14.3.1 darwin_arm64
Link to your project: project is private.

asbjorn-wiik commented 4 months ago

This failes when trying to import Azure Account aswell.

Stack trace from the terraform-provider-prismacloud_v1.5.4 plugin:

panic: runtime error: index out of range [1] with length 1

goroutine 29 [running]:
github.com/terraform-providers/terraform-provider-prismacloud/prismacloud.IdToTwoStrings(...)
        github.com/terraform-providers/terraform-provider-prismacloud/prismacloud/conversions.go:21
github.com/terraform-providers/terraform-provider-prismacloud/prismacloud.readOrgV2CloudAccount({0xd1f2d8, 0xc000546e40}, 0xc000313880, {0xbaea00, 0xc00041ca50})
        github.com/terraform-providers/terraform-provider-prismacloud/prismacloud/resource_org_cloud_account_v2.go:1074 +0x1ff
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc00045ba40, {0xd1f2d8, 0xc000546e40}, 0x24, {0xbaea00, 0xc00041ca50})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.4.3/helper/schema/resource.go:297 +0x1a3
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc00045ba40, {0xd1f2d8, 0xc000546e40}, 0xc0002b0e00, {0xbaea00, 0xc00041ca50})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.4.3/helper/schema/resource.go:564 +0x35b
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc000296510, {0xd1f2d8, 0xc000546e40}, 0xc000546e80)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.4.3/helper/schema/grpc_provider.go:575 +0x4bd
github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(*server).ReadResource(0xc0002899c0, {0xd1f380, 0xc0004d5da0}, 0xc000531560)
        github.com/hashicorp/terraform-plugin-go@v0.2.1/tfprotov5/server/server.go:298 +0x1fb
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0xbe0b00, 0xc0002899c0}, {0xd1f380, 0xc0004d5da0}, 0xc0002b0d20, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.2.1/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:344 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0002f6540, {0xd2c338, 0xc0000b9ba0}, 0xc0001f6ea0, 0xc0004a6ed0, 0x11cbcd0, 0x0)
        google.golang.org/grpc@v1.48.0/server.go:1295 +0xb03
google.golang.org/grpc.(*Server).handleStream(0xc0002f6540, {0xd2c338, 0xc0000b9ba0}, 0xc0001f6ea0, 0x0)
        google.golang.org/grpc@v1.48.0/server.go:1636 +0xa2a
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/grpc@v1.48.0/server.go:932 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/grpc@v1.48.0/server.go:930 +0x294

Error: The terraform-provider-prismacloud_v1.5.4 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Operation failed: failed running terraform plan (exit 1)

dewingok commented 2 months ago

Was running into this issue when, thought figured out to import, but then get a different error when trying to apply the sate. Not sure if the issue is related.

I was able to import Azure tenant and GCP organization existing in Primsa Cloud without runtime error by formatting the id as <cloud>:<account_id> (eg: terraform import 'prismacloud_org_cloud_account_v2.google_cloud_account' gcp:123467890).
When I terraform apply to apply state, I get different errors for GCP and Azure.
- GCP: 400/https://api.prismacloud.io/cas/v1/gcp_account Error(msg:bad_request severity:error subject:)
- Azure: Error: 405 error without the "X-Redlock-Status" header - returned HTML:
Terraform thinks the state matches the configuration, but they are out of sync. If change change the configuration, I get the same 400 error for GCP or 405 error for Azure.

Version used:

'terraform-provider-prismacloud': v1.5.6 and v1.5.4

Environment name and version:

Terraform 1.7.5

PaloAltoNetworks / terraform-provider-prismacloud