plugin fails on second run

[mkyc]

Describe the bug When running terraform apply second time I get error presented later.

To Reproduce terraform script (more or less what I have):

resource "helm_release" "this" {
  repository = "https://sonatype.github.io/helm3-charts"
  chart      = "nexus-repository-manager"
  name       = "nexus-repository-manager"
  version    = "37.3.2"
  namespace  = kubernetes_namespace_v1.this.metadata.0.name

  values = [
    <<EOF
nexus:
  docker:
    enabled: true
    registries:
      - port: 5000
  properties:
    override: true
    data:
      nexus.scripts.allowCreation: true
      nexus.security.randompassword: false
service:
  type: NodePort
ingress:
  enabled: false
EOF
  ]
}

provider "nexus" {
  alias = "initial"

  insecure = false
  password = "admin123"
  url      = "https://${local.nexus_domain}"
  username = "admin"
}

data "nexus_security_role" "nx_admin" {
  provider = nexus.initial

  roleid = "nx-admin"

  depends_on = [helm_release.this, kubernetes_ingress_v1.this]
}
resource "nexus_security_user" "admin" {
  provider = nexus.initial

  userid    = local.admin.username
  firstname = "Administrator"
  lastname  = "User"
  email     = "noone@example.com"
  password  = local.admin.password
  roles     = [data.nexus_security_role.nx_admin.roleid]
  status    = "active"

  depends_on = [helm_release.this, kubernetes_ingress_v1.this]
}

On second run I get:

╷
│ Error: Plugin did not respond
│ 
│   with module.nexus_tools.data.nexus_security_role.nx_admin,
│   on ../../../terraform/modules/nexus/v01/main.tf line 260, in data "nexus_security_role" "nx_admin":
│  260: data "nexus_security_role" "nx_admin" {
│ 
│ The plugin encountered an error, and failed to respond to the
│ plugin.(*GRPCProvider).ReadDataSource call. The plugin logs may contain
│ more details.
╵

Stack trace from the terraform-provider-nexus_v1.18.0 plugin:

panic: Invalid diagnostic: empty summary. This is always a bug in the provider implementation

goroutine 15 [running]:
github.com/hashicorp/terraform-plugin-sdk/v2/internal/plugin/convert.DiagsToProto({0x14000046080, 0x1, 0x1})
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.10.1/internal/plugin/convert/diagnostics.go:72 +0x2d4
github.com/hashicorp/terraform-plugin-sdk/v2/internal/plugin/convert.AppendProtoDiag({0x0, 0x0, 0x0}, {0x1031ea640, 0x1400041c078})
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.10.1/internal/plugin/convert/diagnostics.go:25 +0x70
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadDataSource(0x140000bb2f0, {0x1032da038, 0x14000046400}, 0x140000789c0)
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.10.1/helper/schema/grpc_provider.go:1134 +0x49c
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadDataSource(0x14000128d80, {0x1032da0e0, 0x1400054c000}, 0x140000c6050)
    github.com/hashicorp/terraform-plugin-go@v0.5.0/tfprotov5/tf5server/server.go:478 +0x37c
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadDataSource_Handler({0x103293740, 0x14000128d80}, {0x1032da0e0, 0x1400054c000}, 0x140004627e0, 0x0)
    github.com/hashicorp/terraform-plugin-go@v0.5.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:416 +0x1c0
google.golang.org/grpc.(*Server).processUnaryRPC(0x1400023aa80, {0x1032e7738, 0x140004121a0}, 0x1400000bc20, 0x140003e2000, 0x10378b630, 0x0)
    google.golang.org/grpc@v1.43.0/server.go:1282 +0xc60
google.golang.org/grpc.(*Server).handleStream(0x1400023aa80, {0x1032e7738, 0x140004121a0}, 0x1400000bc20, 0x0)
    google.golang.org/grpc@v1.43.0/server.go:1616 +0xa34
google.golang.org/grpc.(*Server).serveStreams.func1.2(0x14000422520, 0x1400023aa80, {0x1032e7738, 0x140004121a0}, 0x1400000bc20)
    google.golang.org/grpc@v1.43.0/server.go:921 +0x94
created by google.golang.org/grpc.(*Server).serveStreams.func1
    google.golang.org/grpc@v1.43.0/server.go:919 +0x1f0

Error: The terraform-provider-nexus_v1.18.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected behavior work :)

[mkyc]

Hah, it's even better. I separated nexus setup with helm from nexus resources creation. Provider makes nexus unaccessible somehow.

Steps: 1) create nexus 2) login to nexus 3) create second admin user 4) check that I can login with default and second admin users into nexus 5) run script with just:

   resource "nexus_security_realms" "docker_token" {
     active = ["DockerToken"]
   }

it fails with:

   Error: could not read active realms: HTTP: 401, <nil>
   │ 
   │   with module.nexus_tools_resources.nexus_security_realms.docker_token,
   │   on ../../../terraform/modules/nexus-resources/v01/main.tf line 61, in resource "nexus_security_realms" "docker_token":
   │   61: resource "nexus_security_realms" "docker_token" {

6) check and now I cannot login with none of admin users.

I use provider 1.18.0.

[anmoel]

hi @mkyc,

you must set al list of all active security realms. With this following example you deactivate all realms except DockerToken:

resource "nexus_security_realms" "docker_token" {
  active = ["DockerToken"]
}

I hope this explains the behavior.

regards André

[anmoel]

please use this example.

resource "nexus_security_realms" "active" {
  active =. [
    "NexusAuthenticatingRealm",
    "NexusAuthorizingRealm",
    "DockerTocken",
  ]
}

We will improve the documentation.

[mkyc]

@anmoel thanks for this! That was exactly the case! And - yes - documentation note about required realms would be huge help here. Feel free to close this issue if you want.

[anmoel]

the documentation will improved in the next release