[BUG]Error: API Error Updating Resource Service Instance (Subaccount)

[ptesny]

Is there an existing issue for this?

• [X] I have searched the existing issues

What version of the Terraform provider are you using?

1.7.0

What version of the Terraform CLI are you using?

1.9.7

What type of issue are you facing

bug report

Describe the bug

Run a tf configuration with a gh action. When trying to update the destination service instance the btp provider always fails: https://github.com/quovadis-btp/btp-automation/blob/main/btp-context/provider-context/modules/sap-hana-cloud/main.tf#L268 This looks like a buffer overflow problem knowing the destination service instance payload is more than 8kB (but way below 256kB json payload limit on BTP CLI server side)

2024-10-10T12:22:54.747Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-10-10T12:22:54.748Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64/terraform-provider-local_v2.5.2_x5 id=1775
2024-10-10T12:22:54.748Z [DEBUG] provider: plugin exited
2024-10-10T12:22:56.508Z [DEBUG] provider.terraform-provider-btp_v1.7.0: 2024/10/10 12:22:56 [DEBUG] Waiting for state to become: [succeeded]
module.provider_context.btp_subaccount_service_instance.dest_provider: Still modifying... [id=c451d956-7dde-4966-a2b6-da1fe2f73fa7, 10s elapsed]
Error: -10T12:23:06.616Z [ERROR] provider.terraform-provider-btp_v1.7.0: Response contains error diagnostic: diagnostic_detail="API error during service instance update - Failed to update the destination service instance with the user provided configuration." diagnostic_severity=ERROR diagnostic_summary="API Error Updating Resource Service Instance (Subaccount)" tf_proto_version=6.6 tf_provider_addr=registry.terraform.io/sap/btp tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.24.0/tfprotov6/internal/diag/diagnostics.go:58 @module=sdk.proto tf_req_id=cdadb48c-e075-612f-69a2-4e9bb1eade69 tf_resource_type=btp_subaccount_service_instance timestamp=2024-10-10T12:23:06.616Z
2024-10-10T12:23:06.617Z [DEBUG] State storage *cloud.State declined to persist a state snapshot
Error: -10T12:23:06.617Z [ERROR] vertex "module.provider_context.btp_subaccount_service_instance.dest_provider" error: API Error Updating Resource Service Instance (Subaccount)
2024-10-10T12:23:06.617Z [DEBUG] cloud/state: state read serial is: 19; serial is: 19
2024-10-10T12:23:06.617Z [DEBUG] cloud/state: state read lineage is: 2c09f9ca-47dc-a37a-ddbb-de32eaf5183b; lineage is: 2c09f9ca-47dc-a37a-ddbb-de32eaf5183b

Error: API Error Updating Resource Service Instance (Subaccount)

  with module.provider_context.btp_subaccount_service_instance.dest_provider,
  on .terraform/modules/provider_context/btp-context/provider-context/modules/sap-hana-cloud/main.tf line 268, in resource "btp_subaccount_service_instance" "dest_provider":
 268: resource "btp_subaccount_service_instance" "dest_provider" {

API error during service instance update - Failed to update the destination
service instance with the user provided configuration.
2024-10-10T12:23:07.186Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-10-10T12:23:07.187Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/sap/btp/1.7.0/linux_amd64/terraform-provider-btp_v1.7.0 id=1789
2024-10-10T12:23:07.188Z [DEBUG] provider: plugin exited
Error: Process completed with exit code 1.

Expected Behavior

The same flow works if started locally in a terminal window

Plan: 1 to add, 1 to change, 1 to destroy.
module.provider_context.local_file.subaccount_id: Destroying... [id=e05b9982c132b237742b1a5436087bc26275e1f7]
module.provider_context.local_file.subaccount_id: Destruction complete after 0s
module.provider_context.local_sensitive_file.provider_sm: Creating...
module.provider_context.local_sensitive_file.provider_sm: Creation complete after 0s [id=b90cfb6519579f264a41c776e8e5488e862a66a7]
module.provider_context.btp_subaccount_service_instance.dest_provider: Modifying... [id=c451d956-7dde-4966-a2b6-da1fe2f73fa7]
module.provider_context.btp_subaccount_service_instance.dest_provider: Still modifying... [id=c451d956-7dde-4966-a2b6-da1fe2f73fa7, 10s elapsed]
module.provider_context.btp_subaccount_service_instance.dest_provider: Modifications complete after 12s [id=c451d956-7dde-4966-a2b6-da1fe2f73fa7]

Apply complete! Resources: 1 added, 1 changed, 1 destroyed.

Steps To Reproduce

https://github.com/quovadis-btp/btp-boosters/actions/runs/11273909018/workflow

User's Role Collections

Global account admin

Add screenshots to help explain your problem

Additional context

No response

[lechnerc77]

@ptesny Can you please give access to the GH Action you are using? The link to the actions run mentioned above gives me a 404 (private repo?)

If the flow works locally, I do not see how the provider could fix this when being executed in a GH Action, as it is the same binary that gets executed

[ptesny]

Can you please give access to the GH Action you are using? The link to the actions run mentioned above gives me a 404 (private repo?)

done

[ptesny]

If the flow works locally, I do not see how the provider could fix this when being executed in a GH Action, as it is the same binary that gets executed

I do not have explanation why. The local terminal is on MacOS - arm64, the gh action runs on ubuntu amd64 linux...that's the only real difference....

When the remote workflow fails the failed destination service instance update is also reflected on BTP side with the following error message I copied from the BTP cockpit:

Failed update instance request context: map[crm_customer_id: env_type:sapcp global_account_id:d9d2dd55-8f25-4f6f-9175-f620d8ed8412 instance_name:dest_provider license_type:TRIAL origin:sapcp platform:sapcp region:cf-us10 service_instance_id:c451d956-7dde-4966-a2b6-da1fe2f73fa7 signature:RZqOKNSENb9c83nzunCTv5nTwadh84WZy6f7GLSNSwvjrpKqbTJdgB3vQF7lJPMbrIzqoeT0vWku1ilmKtLK3tEWeninlRqGjE8ZIj20aQNLpOltjIonExdEIk8s+1IKfCXZr+ZF73HJjCqM+8qN3A+SkG/xT4x3HAejAQLuC7zIHOyy3wpUFY9pHaw8H28Z46b8gEdW10xQ+TBiXkHbx+JkJ729W8OG0T0cJHl17tDcUNTT26J8qnve5TdFdAgpCOsQII9QPN1Yfki+ea/UGFfuVV80LiIsPaGRHnhJkXy8PFWZ8u8khCBgB6x3I9XVYkGKD5oT0AXgUg8q99S84QT/7OR1JpI2Uy7nK5sAaILsRLox+kfPHczM00zosQaM/FQvnL0AnfdpAPurKiSfyuqJciOAqVGtz25Xi4ssD4SU3l3cCnv/NX0i7rRlk1ngLL2R64ObywVsmEAvbh7jymBShWhcNen2NiqW+m7Nz3KNJoZButLUEHQdBOocfM6mGCyEzC7KQ2T/e3IImOSPIAfewtLsj/zRVgYxigvcHCyCBT5BNlDVwlUXIhpCD4XWghcEwqlaCycDn9UB5QP37nIQO0F7pBRT5sDBWOr78FwvpEJLKQslF0H0jYyDjT/zlvDeQDHVv8+tY+qaAevL+328S8MXdQS96aTF7QTdopM= subaccount_id:805d64ce-2732-40e4-bea4-940ceca48f02 subdomain:btp-provider-quovadis-31341397 zone_id:805d64ce-2732-40e4-bea4-940ceca48f02], instanceID: c451d956-7dde-4966-a2b6-da1fe2f73fa7, planID: b3440416-15f9-11e7-bdac-02667c123456, serviceID: a8683418-15f9-11e7-873e-02667c123456, acceptsIncomplete: true: Status: 500; ErrorMessage: <nil>; Description: Failed to update the destination service instance with the user provided configuration.; ResponseError: <nil>

Then if I rerun the configuration locally this fixes the failed update...

[ptesny]

@lechnerc77

For a test, I switched the runner to macos-latest and bingo the flow works.... Feel free to change the runner back to ubuntu-latest to reproduce the bug....

2024-10-10T17:25:32.183Z [INFO]  Starting apply for module.provider_context.btp_subaccount_service_instance.dest_provider
2024-10-10T17:25:32.183Z [DEBUG] skipping FixUpBlockAttrs
2024-10-10T17:25:32.184Z [DEBUG] module.provider_context.btp_subaccount_service_instance.dest_provider: applying the planned Update change
module.provider_context.btp_subaccount_service_instance.dest_provider: Modifying... [id=c451d956-7dde-4966-a2b6-da1fe2f73fa7]
2024-10-10T17:25:34.199Z [DEBUG] provider.terraform-provider-btp_v1.7.0: 2024/10/10 17:25:34 [DEBUG] Waiting for state to become: [succeeded]
module.provider_context.btp_subaccount_service_instance.dest_provider: Still modifying... [id=c451d956-7dde-4966-a2b6-da1fe2f73fa7, 10s elapsed]
2024-10-10T17:25:44.396Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_attribute_path=subaccount_id tf_provider_addr=registry.terraform.io/sap/btp tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 tf_resource_type=btp_subaccount_service_instance tf_rpc=ApplyResourceChange timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.396Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_provider_addr=registry.terraform.io/sap/btp tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=serviceplan_id tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 tf_resource_type=btp_subaccount_service_instance timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.396Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_attribute_path=parameters tf_provider_addr=registry.terraform.io/sap/btp tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 tf_resource_type=btp_subaccount_service_instance timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.396Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_provider_addr=registry.terraform.io/sap/btp tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=id tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 tf_resource_type=btp_subaccount_service_instance timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.396Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 tf_attribute_path=name tf_provider_addr=registry.terraform.io/sap/btp tf_resource_type=btp_subaccount_service_instance timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.396Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 tf_resource_type=btp_subaccount_service_instance tf_attribute_path=timeouts.delete tf_provider_addr=registry.terraform.io/sap/btp tf_rpc=ApplyResourceChange timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.396Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_attribute_path=timeouts.update tf_provider_addr=registry.terraform.io/sap/btp tf_resource_type=btp_subaccount_service_instance tf_rpc=ApplyResourceChange timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.397Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_resource_type=btp_subaccount_service_instance tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=timeouts.create tf_provider_addr=registry.terraform.io/sap/btp tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.397Z [DEBUG] provider.terraform-provider-btp_v1.7.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_resource_type=btp_subaccount_service_instance @caller=github.com/hashicorp/terraform-plugin-framework@v1.12.0/internal/fwschemadata/value_semantic_equality.go:91 tf_provider_addr=registry.terraform.io/sap/btp tf_req_id=6568b79a-4017-e9d8-792e-11443b190598 tf_rpc=ApplyResourceChange tf_attribute_path=timeouts timestamp=2024-10-10T17:25:44.396Z
2024-10-10T17:25:44.399Z [DEBUG] State storage *cloud.State declined to persist a state snapshot
2024-10-10T17:25:44.400Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-10-10T17:25:44.401Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/sap/btp/1.7.0/darwin_arm64/terraform-provider-btp_v1.7.0 id=2489
2024-10-10T17:25:44.401Z [DEBUG] provider: plugin exited
2024-10-10T17:25:44.402Z [DEBUG] cloud/state: state read serial is: 21; serial is: 21
2024-10-10T17:25:44.402Z [DEBUG] cloud/state: state read lineage is: 2c09f9ca-47dc-a37a-ddbb-de32eaf5183b; lineage is: 2c09f9ca-47dc-a37a-ddbb-de32eaf5183b
module.provider_context.btp_subaccount_service_instance.dest_provider: Modifications complete after 12s [id=c451d956-7dde-4966-a2b6-da1fe2f73fa7]
Apply complete! Resources: 1 added, 1 changed, 0 destroyed.

[lechnerc77]

@ptesny The error you are referring to is stating that the API could not work with parameters you provide. It seems like some encoding of the parameters is done differently on MacOS vs. Linux. This means that the provisioning in the configuration is causing the trouble

First thing that might cause the trouble is that you use colons instead of "=" when assigning the values in the configuration . The official documentation uses the "=", see https://developer.hashicorp.com/terraform/language/functions/jsonencode#examples. Maybe exchanging this might already help

If this doesn't do the trick I would recommend to trim down you destination to less entries to see which change in the entries leads to the invalid JSON that is reported by the API.

[ptesny]

@lechnerc77 I found the root cause of the problem, namely behaviour of base64 in order to encode a p12 keystore into a string.... Having said that I have not found yet a generic solution but can run the configuration on ubuntu w/o errors

PS. https://unix.stackexchange.com/questions/569570/encode-file-content-and-echo-it-as-one-line

[lechnerc77]

That was a tricky one, but good to know