v0.1.4 crashes when running terraform plan ("invalid memory address or nil pointer dereference")

flobeier commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Terraform 0.15.1 Azure DevOps Provider 0.1.4

Affected Resource(s)

data "azuredevops_project"
resource "azuredevops_serviceendpoint_azurerm"

Terraform Configuration Files

data "azuredevops_project" "devops_project" {
  name = var.azure_devops_project
}

resource "azuredevops_serviceendpoint_azurerm" "service_principals" {
  for_each              = local.environments
  project_id            = data.azuredevops_project.devops_project.id
  service_endpoint_name = "azurerm-${var.application}-${each.key}"

  credentials {
    serviceprincipalid  = module.service_principals[each.key].aad_service_principal.application_id
    serviceprincipalkey = module.service_principals[each.key].service_principal_secret
  }

  azurerm_spn_tenantid      = local.subscriptions[each.key].tenant_id
  azurerm_subscription_id   = local.subscriptions[each.key].subscription_id
  azurerm_subscription_name = local.subscriptions[each.key].display_name
}

Debug Output

Panic Output

Stack trace from the terraform-provider-azuredevops_v0.1.4 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0xd954e0]

goroutine 56 [running]:
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.doBaseFlattening(0xc0005ea150, 0xc000692480, 0xc0000f8400)
        github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/commons.go:112 +0x1a0
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.flattenServiceEndpointAzureRM(0xc0005ea150, 0xc000692480, 0xc0000f8400)
        github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_azurerm.go:127 +0x5a
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.genServiceEndpointReadFunc.func1(0xc0005ea150, 0xe356c0, 0xc000016400, 0xc0005ea150, 0x0)
        github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/commons.go:207 +0x278
github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc000183440, 0xc000298370, 0xe356c0, 0xc000016400, 0xc00028e500, 0x0, 0x0)
        github.com/hashicorp/terraform-plugin-sdk@v1.13.1/helper/schema/resource.go:460 +0x12e
github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).ReadResource(0xc00028e540, 0x118b610, 0xc0003d31a0, 0xc0001f63c0, 0xc00028e540, 0xc0003d31a0, 0xc00039cb80)
        github.com/hashicorp/terraform-plugin-sdk@v1.13.1/internal/helper/plugin/grpc_provider.go:525 +0x3dd
github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_ReadResource_Handler(0xfb4f60, 0xc00028e540, 0x118b610, 0xc0003d31a0, 0xc0001f6360, 0x0, 0x118b610, 0xc0003d31a0, 0xc000390000, 0x278)
        github.com/hashicorp/terraform-plugin-sdk@v1.13.1/internal/tfplugin5/tfplugin5.pb.go:3269 +0x214
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000102f00, 0x1197778, 0xc0001b9680, 0xc0002f0300, 0xc0001da930, 0x16a49b0, 0x0, 0x0, 0x0)
        google.golang.org/grpc@v1.27.1/server.go:1024 +0x522
google.golang.org/grpc.(*Server).handleStream(0xc000102f00, 0x1197778, 0xc0001b9680, 0xc0002f0300, 0x0)
        google.golang.org/grpc@v1.27.1/server.go:1313 +0xd2c
google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0002021a0, 0xc000102f00, 0x1197778, 0xc0001b9680, 0xc0002f0300)
        google.golang.org/grpc@v1.27.1/server.go:722 +0xab
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/grpc@v1.27.1/server.go:720 +0xa5

Error: The terraform-provider-azuredevops_v0.1.4 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected Behavior

Plugin doesn't crash when running terraform plan.

Actual Behavior

Plugin crashes when running terraform plan.

Steps to Reproduce

?

Important Factoids

References

xuzhang3 commented 3 years ago

Hi @flobeier I cannot reproduce your. This error happened when the authorization or scheme is null, normally the service will return the service connection's authorization.scheme

Another questions is can you make sure this is the correct log when you execute terraform plan? Though the log, provider was crashed when the Terraform try set values, this usually happened in terraform apply phase.

flobeier commented 3 years ago

@xuzhang3 usually a pipeline deploys the resources and doesn't crash. Running terraform plan (yes, plan, not apply) locally triggers this crash. It might be relevant to the issue that I'm lacking the permissions to read Azure AD objects like users and see related errors due to that because of other resources. However, none of the errors point to the file that contains the Azure DevOps resource.

xuzhang3 commented 3 years ago

@flobeier terraform plan will do the read operation and compare the response with .tfstate file then generate an execution plan. You can check the service connection response with API (service connection get)[https://docs.microsoft.com/en-us/rest/api/azure/devops/serviceendpoint/endpoints/get?view=azure-devops-rest-5.1], if you does not have the permissions, you will get an error message.

sennerholm commented 3 years ago

I hade an simular problem (trace), I think it's a permission problem combining with that the code didn't handle it in a good way. When I added the service principal that runs the plan output to "Endpoint Administrators" I got it running. The service endpoint was created from my personal account, but the pipeline was running as an other user that didn't saw all Service endpoints"

xuzhang3 commented 3 years ago

@sennerholm Have grant the pipeline the access permission? If not, yuou can use azuredevops_resource_authorization grant pipeline the access permission. Provide created service connection won't grant the access permission by default.

sennerholm commented 3 years ago

We had the "Pipeline user" in the "Permissions->Endpoint creators" but not the "Permissions->Endpoint Administrators" with the impact that when the service endpoint was created from another user the "terraform plan" gave that stacktrace. It would be better if it got a more controlled error. But with this information I think you can reproduce it.

xuzhang3 commented 3 years ago

@sennerholm ADO provider mange the access permissions based on the personal access token. The group managed permissions should not affect the Terraform execution permissions. Can you check personal access token configurations?

microsoft / terraform-provider-azuredevops