search

akeyless-community / terraform-provider-akeyless

Mozilla Public License 2.0
12 stars 10 forks source link

akeyless_associate_role_auth_method Removing roles causes segmentation errors / violations #21

Closed mrr4cc00n closed 2 years ago

mrr4cc00n commented 2 years ago

Hi over there, we started to use akeyless_associate_role_auth_method to be able to customize some parameters in our method associations (e.g case-sensitive parameter). As we added new associations with this resource everything applied as expected. Due to requirements, we needed to remove some of these roles and the provider plugin crashed with the error listed below:

Stack trace from the terraform-provider-akeyless_v1.0.12 plugin: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0xbcab75] goroutine 70 [running]: github.com/akeylesslabs/terraform-provider-akeyless/akeyless.resourceRoleUpdate(0x0, {0xebf560, 0xc0003d35d0}) github.com/akeylesslabs/terraform-provider-akeyless/akeyless/resource_role.go:244 +0x255 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).update(0xe78b40, {0x1178d18, 0xc0001d3c80}, 0x24, {0xebf560, 0xc0003d35d0}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.7.0/helper/schema/resource.go:352 +0x178 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).Apply(0xc00040b7a0, {0x1178d18, 0xc0001d3c80}, 0xc0003b2700, 0xc00007fd80, {0xebf560, 0xc0003d35d0}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.7.0/helper/schema/resource.go:464 +0x6ba github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(GRPCProviderServer).ApplyResourceChange(0xc000390078, {0x1178d18, 0xc0001d3c80}, 0xc00045cc30) github.com/hashicorp/terraform-plugin-sdk/v2@v2.7.0/helper/schema/grpc_provider.go:955 +0x9aa github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(server).ApplyResourceChange(0xc000388c60, {0x1178dc0, 0xc0005ad890}, 0xc00045c370) github.com/hashicorp/terraform-plugin-go@v0.3.0/tfprotov5/server/server.go:332 +0x6c github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0xf4bca0, 0xc000388c60}, {0x1178dc0, 0xc0005ad890}, 0xc0000a0900, 0x0) github.com/hashicorp/terraform-plugin-go@v0.3.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:380 +0x170 google.golang.org/grpc.(Server).processUnaryRPC(0xc0003a8700, {0x1186288, 0xc00049a300}, 0xc0004f2480, 0xc000482ff0, 0x19c75a0, 0x0) google.golang.org/grpc@v1.37.0/server.go:1217 +0xc8f google.golang.org/grpc.(Server).handleStream(0xc0003a8700, {0x1186288, 0xc00049a300}, 0xc0004f2480, 0x0) google.golang.org/grpc@v1.37.0/server.go:1540 +0xa2a google.golang.org/grpc.(Server).serveStreams.func1.2() google.golang.org/grpc@v1.37.0/server.go:878 +0x98 created by google.golang.org/grpc.(Server).serveStreams.func1 google.golang.org/grpc@v1.37.0/server.go:876 +0x294 Error: The terraform-provider-akeyless_v1.0.12 plugin crashed! This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue.`

Any suggestions or workarounds are more than welcome. Please let me know if you need any other information on our behalf. Provider version: terraform-provider-akeyless_v1.0.12

Here is an example of the plan that causes the error

~ resource "akeyless_role" "role" {
        id                           = "/main/data/management"
        name                         = "/main/data/management"
        # (3 unchanged attributes hidden)
      ~ rules {
          ~ capability = [
              - "create",
              - "delete",
              - "update",
                # (2 unchanged elements hidden)
            ]
          ~ path       = "main/data/development/my-app/*" -> "main/data/development/*"
          ~ rule_type  = "item-rule" -> "role-rule"
        }
      ~ rules {
          ~ rule_type  = "role-rule" -> "item-rule"
            # (2 unchanged attributes hidden)
        }
      ~ rules {
          ~ path       = "main/data/development/*" -> "main/data/app_producer_key"
            # (2 unchanged attributes hidden)
        }
      - rules {
          - capability = [
              - "list",
              - "read",
            ] -> null
          - path       = "main/data/app_producer_key" -> null
          - rule_type  = "item-rule" -> null
        }
    }
renanaAkeyless commented 2 years ago

fix https://github.com/akeyless-community/terraform-provider-akeyless/pull/26 please update to version 1.1.1

mrr4cc00n commented 2 years ago

Hi over there, thanks for getting back to us. I can confirm that the issue is fixed with version 1.1.1 of the provider