Open alarobric opened 1 year ago
It turns out after much debugging, that this was due to the PAT being used (the build service account) not having access. This account was in Endpoint Creators group and so could create service connections, but not edit them. In the previous connections the build service account had been given explicit access to administer those service connections.
Resolved for me now, but I still believe this should produce a better user error instead of crashing.
@alarobric This kind issue is hard to locate and return a proper error message. Service will not return the resource if it does not have the read permission. One way to circumvent this error is defensive coding.
Community Note
Terraform (and Azure DevOps Provider) Version
terraform 1.5.2 hashicorp/aws 4.67.0 microsoft/azuredevops 0.6.0
I've found the same issue with 0.5.0 as well.
Affected Resource(s)
azuredevops_serviceendpoint_aws
Terraform Configuration Files
Debug Output
Panic Output
panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0xc10bf1]
goroutine 54 [running]: github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.doBaseFlattening(0x0?, 0xc0003a17a0, 0xc0002e06f0) github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/commons.go:119 +0x151 github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.flattenServiceEndpointAws(0xc0000ee400?, 0xc0003a17a0, 0xc00012c1f0?) github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_aws.go:82 +0x27 github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.genServiceEndpointReadFunc.func1(0xc000099080, {0xcae620?, 0xc000398280}) github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/commons.go:233 +0x2ef github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).read(0xfa07e0?, {0xfa07e0?, 0xc00017d0b0?}, 0xd?, {0xcae620?, 0xc000398280?}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/resource.go:712 +0x178 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).RefreshWithoutUpgrade(0xc0003ca460, {0xfa07e0, 0xc00017d0b0}, 0xc0000acea0, {0xcae620, 0xc000398280}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/resource.go:1015 +0x585 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(GRPCProviderServer).ReadResource(0xc0003969d8, {0xfa07e0?, 0xc00010c900?}, 0xc0004e6f80) github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/grpc_provider.go:613 +0x497 github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(server).ReadResource(0xc000360fa0, {0xfa07e0?, 0xc0002352f0?}, 0xc00007c960) github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/tf5server/server.go:748 +0x49e github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0xe0b0a0?, 0xc000360fa0}, {0xfa07e0, 0xc0002352f0}, 0xc0000b61c0, 0x0) github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:349 +0x170 google.golang.org/grpc.(Server).processUnaryRPC(0xc00026a1e0, {0xfa3440, 0xc0003eba00}, 0xc0002a8b40, 0xc0003e7140, 0x14ca890, 0x0) google.golang.org/grpc@v1.48.0/server.go:1295 +0xb0b google.golang.org/grpc.(Server).handleStream(0xc00026a1e0, {0xfa3440, 0xc0003eba00}, 0xc0002a8b40, 0x0) google.golang.org/grpc@v1.48.0/server.go:1636 +0xa1b google.golang.org/grpc.(Server).serveStreams.func1.2() google.golang.org/grpc@v1.48.0/server.go:932 +0x98 created by google.golang.org/grpc.(Server).serveStreams.func1 google.golang.org/grpc@v1.48.0/server.go:930 +0x28a
Error: The terraform-provider-azuredevops_v0.5.0 plugin crashed!
This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue.
Expected Behavior
Pipeline was previously working as expected. A separate module creates the AWS account and role and passes that to this module. This creates the service connection in AzDO for our other terraform pipelines to make use of. This was now extended to include a third service connection. The only changes inside this module are the
aws_dev_service_connection
and a new variablevar.dev_terraform_provisioning_role_to_assume
Actual Behavior
Terraform works correctly from my developer machine. Service connection is created or updated as expected. From Azure DevOps pipeline, it fails with the panic pasted above.
Steps to Reproduce
terraform plan
within the AzDO pipelineImportant Factoids
References