Closed cassandracomar closed 2 months ago
@cassandracomar Thanks for the report! I've added this to our sprint.
@cassandracomar I haven't been able to reproduce the seg fault yet. Can you share the rest of the configuration, as I suspect the crash is from something else other than the provider configuration?
Hi,
I'm also experiencing segmentation fault error.
In my case the terraform project is used to set up the platform instance access by managing ip allowlist through myjfrog APIs.
Interestingly, when the access is closed - the ip allowlist does not include the ip address of the host where terraform is executed, the platform provider is not initialized correctly - the configuration stops after failed attempt of getting the version of Artifactory and execution ends there (link to code), after raising a warning - myjfrogclient is not set up at all in this case, causing the problem in my case.
Once, I have manually restored the access, the provider got initialized correctly and segmentation fault is not there anymore.
For my particular use case, I don't see a need for neither:
I haven't check the usage of the Artifactory version, my assumption is that it is being used for logging purposes only - I might be wrong here.
I would suggest to:
@dlorych
Your original issue of provider not initialized correctly when version check fails is a bug and it is scheduled to be fixed soon.
@alexhung the original comment was placed wrongly, it should have been put here - I opened this issue earlier today, haven't seen the comment and added the duplicate above.
Regarding the access token, just to be 100% clear, yes both need access token, but there are two types of REST APIs supported by the platform:
My expectation was that when I manage MyJFrog resources only (or vice-versa) I don't need another token. Anyway, removing the license check, and allowing getting version to fail during initialization, should do the trick.
@dlorych See PR jfrog/terraform-provider-platform#97
@dlorych Please also see the new MyJFrog provider per suggestion in #99.
Describe the bug
we get the following when artifactory is down or inaccessible
``` Warning: Error getting Artifactory version with provider["registry.terraform.io/jfrog/platform"], on providers.tf line 31, in provider "platform": 31: provider "platform" { The provider functionality might be affected by the absence of Artifactory version in the context. failed to get Artifactory version.503 Service Temporarily Unavailable
this error condition should be handled more gracefully -- segfaults should not occur because of normal errors during the course of operation.
terraform provider configuration
``` terraform { required_providers { platform = { source = "jfrog/platform" version = "1.7.4" } } } provider "platform" { # artifactory is sitting behind an ngnix vhost so the http request yields a 503 url = "https://foo.bar.com" check_license = false } ```versions
``` artifactory version: 7.77.11 terraform version: 1.6.6 terraform provider version: tested 1.6.0 and 1.7.4 -- same results ```Requirements for and issue
curl
it at$host/artifactory/api/system/version
we did not observe state corruption but someone should check that it's actually not possible.
Expected behavior graceful error reporting and termination of the terraform plan command instead of a segfault. even if this issue is determined to not be harmful vis a vis terraform's state, memory safety violations should be fixed because they can result in security vulnerabilities.
Additional context as I have not tested a simply bogus/non-existent artifactory URL at the various levels (DNS record missing, DNS pointing to a server that isn't up, etc.), and because our artifactory hosts are not available outside our network, I've used a fake hostname here.