terraform provider azuredevops version 1.0.1 "invalid memory address or nil pointer dereference"

[hezite]

all i'm trying to do is create a service connection via terraform. i'm running in terraform azuredevops provider 1.0.1 the "azuredevops_serviceendpoint_azurerm" module as follows:

resource "azuredevops_serviceendpoint_azurerm" "serviceendpoint" {
  project_id                             = projectid
  service_endpoint_name                  = serviceconnection_name
  description                            = "Managed by Terraform"
  service_endpoint_authentication_scheme = "WorkloadIdentityFederation"
  credentials {
    serviceprincipalid                   = client_id
  }
  azurerm_spn_tenantid                   = tenant_id
  azurerm_subscription_id                = subscriptionId
  azurerm_subscription_name              = subscription_name
}

but terraform plan keeps failing

│   on .terraform/modules/service_connection/resources.tf line 11, in resource "azuredevops_serviceendpoint_azurerm" "serviceendpoint":
│   11: resource "azuredevops_serviceendpoint_azurerm" "serviceendpoint" {
│ 
│ The plugin encountered an error, and failed to respond to the
│ plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more
│ details.
╵

Stack trace from the terraform-provider-azuredevops_v1.0.1 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0xca202e]

goroutine 32 [running]:
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.resourceServiceEndpointAzureRMRead(0x0?, {0xd61b20?, 0xc000149ce0})
    github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_azurerm.go:230 +0x10e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0x10966a0?, {0x10966a0?, 0xc0004a7140?}, 0xd?, {0xd61b20?, 0xc000149ce0?})
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/resource.go:712 +0x178
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc0004e8380, {0x10966a0, 0xc0004a7140}, 0xc000122f70, {0xd61b20, 0xc000149ce0})
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/resource.go:1015 +0x585
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc00032f4a0, {0x10966a0?, 0xc0004a7020?}, 0xc000389340)
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/grpc_provider.go:613 +0x497
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadResource(0xc000466be0, {0x10966a0?, 0xc0004a6570?}, 0xc00064c960)
    github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/tf5server/server.go:748 +0x49e
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0xedf280?, 0xc000466be0}, {0x10966a0, 0xc0004a6570}, 0xc000256700, 0x0)
    github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:349 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0004bc000, {0x1099400, 0xc0004fbd40}, 0xc0001d9680, 0xc000526bd0, 0x16242d0, 0x0)
    google.golang.org/grpc@v1.56.3/server.go:1335 +0xde3
google.golang.org/grpc.(*Server).handleStream(0xc0004bc000, {0x1099400, 0xc0004fbd40}, 0xc0001d9680, 0x0)
    google.golang.org/grpc@v1.56.3/server.go:1712 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.1()
    google.golang.org/grpc@v1.56.3/server.go:947 +0xca
created by google.golang.org/grpc.(*Server).serveStreams.func1
    google.golang.org/grpc@v1.56.3/server.go:958 +0x15c

Error: The terraform-provider-azuredevops_v1.0.1 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

[cruckens]

I have the same problem, which reproduces when I'm using Workload Identity Federation with User Assigned Managed Identity to create new service connections. However it works with AZDO_PERSONAL_ACCESS_TOKEN.

provider "azuredevops" {
  org_service_url = "https://dev.azure.com/...."
}

resource "azuredevops_serviceendpoint_azurerm" "service_connection" {
  count                                  = var.create_service_connection ? 1 : 0
  project_id                             = data.azuredevops_project.project.id
  ....
}

But is failing with pipeline:

    - task: TerraformCLI@1
      displayName: 'Terraform plan'
      env:
        ARM_USE_OIDC: true
      inputs:
        command: plan
        environmentServiceName: 'Terraform'

The error I get:

│ 
│ The plugin.(*GRPCProvider).ReadResource request was cancelled.
╵

Stack trace from the terraform-provider-azuredevops_v1.1.1 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0xcc0f0e]

goroutine 61 [running]:
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.resourceServiceEndpointAzureRMRead(0x0?, {0xd85520?, 0xc0004a6600})
    github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_azurerm.go:229 +0x10e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0x10c8ca0?, {0x10c8ca0?, 0xc00021ef00?}, 0xd?, {0xd85520?, 0xc0004a6600?})
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/resource.go:712 +0x178
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc0003c97a0, {0x10c8ca0, 0xc00021ef00}, 0xc0003c29c0, {0xd85520, 0xc0004a6600})
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/resource.go:1015 +0x585
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc0003a2d68, {0x10c8ca0?, 0xc00021ede0?}, 0xc000548dc0)
    github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/grpc_provider.go:613 +0x497
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadResource(0xc000363180, {0x10c8ca0?, 0xc000183aa0?}, 0xc000682900)
    github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/tf5server/server.go:748 +0x49e
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0xf0bae0?, 0xc000363180}, {0x10c8ca0, 0xc000183aa0}, 0xc00037ec40, 0x0)
    github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:349 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00027e1e0, {0x10cba40, 0xc00043e820}, 0xc0004b26c0, 0xc0004321b0, 0x166b610, 0x0)
    google.golang.org/grpc@v1.56.3/server.go:1335 +0xde3
google.golang.org/grpc.(*Server).handleStream(0xc00027e1e0, {0x10cba40, 0xc00043e820}, 0xc0004b26c0, 0x0)
    google.golang.org/grpc@v1.56.3/server.go:1712 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.1()
    google.golang.org/grpc@v1.56.3/server.go:947 +0xca
created by google.golang.org/grpc.(*Server).serveStreams.func1
    google.golang.org/grpc@v1.56.3/server.go:958 +0x15c

Error: The terraform-provider-azuredevops_v1.1.1 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

The same error occurs with TerraformCLI task and AzureCLI task with inline script of terraform plan

[cruckens]

UPD: using OIDC token, I was able to fix the issue.

Service Connection had been created with PAT token, though it was in the state. Service Principal had no permissions viewing it, and this is crashed the execution of task.

[cpareek]

I have same issue too - It works using ADO PAT token but doesn't work using Service Principal or Managed identity and throws above errors. I am using version = "1.1.1" of Azure DevOps provider.

[msl0]

It worked for me on the same version of the provider when I used System.AccessToken, then I wanted to recreate the repo and service connection resources in another project to which I did not granted permissions - an error regarding permissions appeared. After adding the required permissions, the mentioned error appeared. I finally noticed that there were Azure DevOps resources left in the state that were no longer there. After removing non-existent resources from the state, I can create resources in a new project without any problems. So there may be a problem with handling state updates in the event of a provider failure

[msl0]

I was unable to reproduce the problem after granting the "Advanced Security: manage settings" permission