search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.5k stars 9.52k forks source link

The terraform show command SEGV's on a plan with changes #23565

Closed gchristidis closed 4 years ago

gchristidis commented 4 years ago

Terraform Version

Terraform v0.12.17
+ provider.aws v2.41.0
+ provider.null v2.1.2
+ provider.random v2.2.1
+ provider.template v2.1.2
+ provider.tls v2.1.1

Terraform Configuration Files

The issue normally happens as expected with the source but it also does happen when running the command on the plan file itself. So to that end rather than supplying the entire source i have attached the plan file at Gist The .terraform plugins configured were

.terraform/plugins/linux_amd64/terraform-provider-random_v2.2.1_x4
.terraform/plugins/linux_amd64/terraform-provider-tls_v2.1.1_x4
.terraform/plugins/linux_amd64/terraform-provider-template_v2.1.2_x4
.terraform/plugins/linux_amd64/terraform-provider-null_v2.1.2_x4
.terraform/plugins/linux_amd64/terraform-provider-aws_v2.41.0_x4

Debug Output

See Gist

Crash Output

See Gist

Expected Behavior

I have run a plan and saved that to a file called plan, the plan command shows the following output

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.bastion.null_resource.update-hosts_file[0] must be replaced
-/+ resource "null_resource" "update-hosts_file" {
      ~ id       = "9057093427806623004" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "all_hosts" = "bastion-1.private.qa-12.qa.eng.vixpulse.com oltp-job-1.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-1.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-2.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-3.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-4.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-5.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-6.private.qa-12.qa.eng.vixpulse.com oltp-oracle-1.private.qa-12.qa.eng.vixpulse.com middleware-java-1.private.qa-12.qa.eng.vixpulse.com middleware-java-2.private.qa-12.qa.eng.vixpulse.com middleware-c-1.private.qa-12.qa.eng.vixpulse.com middleware-enq-1.private.qa-12.qa.eng.vixpulse.com event-streaming-1.private.qa-12.qa.eng.vixpulse.com api-gateway-1.private.qa-12.qa.eng.vixpulse.com api-gateway-2.private.qa-12.qa.eng.vixpulse.com web-1.private.qa-12.qa.eng.vixpulse.com monitoring-1.private.qa-12.qa.eng.vixpulse.com ldap-1.private.qa-12.qa.eng.vixpulse.com opscenter-1.private.qa-12.qa.eng.vixpulse.com" -> "bastion-1.private.qa-12.qa.eng.vixpulse.com oltp-job-1.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-1.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-2.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-3.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-4.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-5.private.qa-12.qa.eng.vixpulse.com oltp-cassandra-6.private.qa-12.qa.eng.vixpulse.com oltp-oracle-1.private.qa-12.qa.eng.vixpulse.com middleware-java-1.private.qa-12.qa.eng.vixpulse.com middleware-java-2.private.qa-12.qa.eng.vixpulse.com middleware-c-1.private.qa-12.qa.eng.vixpulse.com middleware-enq-1.private.qa-12.qa.eng.vixpulse.com event-streaming-1.private.qa-12.qa.eng.vixpulse.com api-gateway-1.private.qa-12.qa.eng.vixpulse.com api-gateway-2.private.qa-12.qa.eng.vixpulse.com web-1.private.qa-12.qa.eng.vixpulse.com chef-1.private.qa-12.qa.eng.vixpulse.com monitoring-1.private.qa-12.qa.eng.vixpulse.com ldap-1.private.qa-12.qa.eng.vixpulse.com opscenter-1.private.qa-12.qa.eng.vixpulse.com"
        }
    }

  # module.management_chef.aws_instance.node[0] will be created
  + resource "aws_instance" "node" {
      + ami                          = "ami-077995c1c4def82d2"
      + arn                          = (known after apply)
      + associate_public_ip_address  = false
      + availability_zone            = (known after apply)
      + cpu_core_count               = (known after apply)
      + cpu_threads_per_core         = (known after apply)
      + ebs_optimized                = false
      + get_password_data            = false
      + host_id                      = (known after apply)
      + id                           = (known after apply)
      + instance_state               = (known after apply)
      + instance_type                = "t3.nano"
      + ipv6_address_count           = (known after apply)
      + ipv6_addresses               = (known after apply)
      + key_name                     = "kp-oregon-pulse-qa"
      + network_interface_id         = (known after apply)
      + password_data                = (known after apply)
      + placement_group              = (known after apply)
      + primary_network_interface_id = (known after apply)
      + private_dns                  = (known after apply)
      + private_ip                   = (known after apply)
      + public_dns                   = (known after apply)
      + public_ip                    = (known after apply)
      + security_groups              = (known after apply)
      + source_dest_check            = true
      + subnet_id                    = "subnet-008b11542556c21b5"
      + tags                         = {
          + "AWS.Creation.User" = "arn:aws:iam::973242600029:user/terraform"
          + "Environment.Type"  = "dv"
          + "Name"              = "pulse.qa-12.chef.1"
          + "Operation.Area"    = "non-production"
          + "Product"           = "Pulse"
          + "Pulse.Environment" = "qa-12.qa.eng.vixpulse.com"
          + "Pulse.Version"     = "rtag-38751"
          + "START_LEVEL"       = "3"
          + "Schedule"          = "perth-auto-stop"
        }
      + tenancy                      = (known after apply)
      + volume_tags                  = {
          + "AWS.Creation.User" = "arn:aws:iam::973242600029:user/terraform"
          + "Environment.Type"  = "dv"
          + "Name"              = "pulse.qa-12.chef.1"
          + "Operation.Area"    = "non-production"
          + "Product"           = "Pulse"
          + "Pulse.Environment" = "qa-12.qa.eng.vixpulse.com"
          + "Pulse.Version"     = "rtag-38751"
        }
      + vpc_security_group_ids       = [
          + "sg-06d10e142cf371c87",
        ]

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_interface_id  = (known after apply)
        }

      + root_block_device {
          + delete_on_termination = true
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = 20
          + volume_type           = "gp2"
        }
    }

  # module.management_chef.null_resource.install_beats[0] will be created
  + resource "null_resource" "install_beats" {
      + id       = (known after apply)
      + triggers = {
          + "beats_states" = "false false"
        }
    }

Plan: 3 to add, 0 to change, 1 to destroy.

Warning: Quoted type constraints are deprecated

  on tag_override.tf line 3, in variable "tags_additional_set_ec2":
   3:   type = "map"

Terraform 0.11 and earlier required type constraints to be given in quotes,
but that form is now deprecated and will be removed in a future version of
Terraform. To silence this warning, remove the quotes around "map" and write
map(string) instead to explicitly indicate that the map elements are strings.

Warning: Interpolation-only expressions are deprecated

  on ../modules/api_gateway/main.tf line 330, in resource "null_resource" "kong_primary_node":
 330:   count = "${var.cluster_size > 0 ? 1 : 0}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Running a terraform show -no-color plan should give me the same value but it SEGV's.

Running an apply on the same plan file works fine.

Actual Behavior

When the terraform show command is run it SEGV's with the following output

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
-/+ destroy and then create replacement

Terraform will perform the following actions:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x720776]

goroutine 1 [running]:
github.com/zclconf/go-cty/cty/set.Set.Has(0x0, 0x0, 0x0, 0x1d1e620, 0xc0020b5ec0, 0xc00223a0a2)
        /opt/teamcity-agent/work/9e329aa031982669/pkg/mod/github.com/zclconf/go-cty@v1.1.0/cty/set/ops.go:54 +0x26
github.com/zclconf/go-cty/cty.PathSet.Has(...)
        /opt/teamcity-agent/work/9e329aa031982669/pkg/mod/github.com/zclconf/go-cty@v1.1.0/cty/path_set.go:53
github.com/hashicorp/terraform/command/format.(*blockBodyDiffPrinter).pathForcesNewResource(0xc00037f5a8, 0xc0020d3530, 0x1, 0x3, 0x34f6040)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/command/format/diff.go:1036 +0xb9
github.com/hashicorp/terraform/command/format.(*blockBodyDiffPrinter).writeValueDiff(0xc00037f5a8, 0x2358840, 0xc000048480, 0x1aa29c0, 0xc0020f83b0, 0x2358840, 0xc000048480, 0x1b631c0, 0x34f6040, 0x8, ...)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/command/format/diff.go:1005 +0xf9b
github.com/hashicorp/terraform/command/format.(*blockBodyDiffPrinter).writeAttrDiff(0xc00037f5a8, 0xc001a90408, 0x2, 0xc0024d6d20, 0x2358840, 0xc000048480, 0x1aa29c0, 0xc0020f83b0, 0x2358840, 0xc000048480, ...)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/command/format/diff.go:263 +0x4c4
github.com/hashicorp/terraform/command/format.(*blockBodyDiffPrinter).writeBlockBodyDiff(0xc00037f5a8, 0xc0024b4150, 0x2358940, 0xc000450828, 0x1b492a0, 0xc0020d3980, 0x2358940, 0xc000450880, 0x1b492a0, 0xc0020d3a40, ...)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/command/format/diff.go:196 +0x5d5
github.com/hashicorp/terraform/command/format.ResourceChange(0xc00244a400, 0x0, 0xc0024b4150, 0xc001117270, 0x4d, 0xc001d98d70)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/command/format/diff.go:140 +0x5ff
github.com/hashicorp/terraform/backend/local.RenderPlan(0xc00225e310, 0xc000450130, 0xc001879250, 0x236c840, 0xc00056f500, 0xc001117270)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/backend/local/backend_plan.go:288 +0x68c
github.com/hashicorp/terraform/command.(*ShowCommand).Run(0xc00030dba0, 0xc00003a0a0, 0x1, 0x2, 0xc0001127a0)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/command/show.go:165 +0xb04
github.com/mitchellh/cli.(*CLI).Run(0xc0000e0640, 0xc0000e0640, 0xc000525d90, 0x1)
        /opt/teamcity-agent/work/9e329aa031982669/pkg/mod/github.com/mitchellh/cli@v1.0.0/cli.go:255 +0x1f1
main.wrappedMain(0x0)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/main.go:238 +0xc34
main.realMain(0x0)
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/main.go:102 +0xb4
main.main()
        /opt/teamcity-agent/work/9e329aa031982669/src/github.com/hashicorp/terraform/main.go:38 +0x3b

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.

When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.

SECURITY WARNING: the "crash.log" file that was created may contain
sensitive information that must be redacted before it is safe to share
on the issue tracker.

[1]: https://github.com/hashicorp/terraform/issues

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Steps to Reproduce

  1. with no source you need a .terraform/plugins folder populated with the above plugins
  2. terraform show -no-color plan

Additional Context

We encountered this problem with 0.12.16 but i tested with 0.12.17 and the same issue exists. We were previuosly using 0.12.13 and encountered no such issues so its only been introduced since 0.12.13.

This system was created with 0.11.14 and upgraded to 0.12.13 without issues and only when we moved to 0.12.16 we had these SEGV's on the show command. In addition i have run the show command on plan files of systems that were created with 0.12.16 and dont seem to get any SEGV's although i have not done a lot of testing on this. given that this issue may have something to do with systems upgraded from 0.11 to 0.12.

danieldreier commented 4 years ago

@gchristidis thanks for reporting this. This looks like it's probably a legitimate issue, but I do need to reproduce it locally, and I'm not quite comfortable running someone else's binary plan on my local workstation because it's a pretty open-ended security issue. There could be anything in there! However, your issue looks very similar to https://github.com/hashicorp/terraform/issues/23377, which I have reproduced and prioritized on our internal backlog.

Can you take a look at that issue and see whether it looks to you like it's the same as the issue you're hitting?

gchristidis commented 4 years ago

Fair call, I did think of the security issues but figured the show command would be less intrusive. Unfortunately i have not been able to replicate this with a simple example, having a look at 23377 it does seem pretty similar and like this example it never happened with 0.12.13. Happy to wait on that resolution to see if it fixes this issue.

Lirt commented 4 years ago

Possibly also duplicate of https://github.com/hashicorp/terraform/issues/23614

pselle commented 4 years ago

@gchristidis 0.12.18 released earlier today and might fix this issue for you, if you'd try again?

Thanks @Lirt for linking related issues together!

gchristidis commented 4 years ago

I have tried 0.12.18 and that seems to have fixed the issue. Thanks

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.