Crash (panic, interface conversion error) when creating mongodbatlas_encryption_at_rest in Azure

gvilarino commented 4 years ago

$ terraform --version
Terraform v0.12.16
+ provider.mongodbatlas v0.3.1

I have these mongodbatlas_project and a mongodbatlas_cluster resources created properly and managed with terraform. I now want to add the mongodbatlas_encryption_at_rest resource so I can encrypt my clusters with my own keys in my Azure KeyVault.

Here's my .tf (secrets edited) file:

resource "mongodbatlas_encryption_at_rest" "encryption" {
  project_id = mongodbatlas_project.project.id

  azure_key_vault = {
    enabled             = true
    client_id           = "my-service-principal-client-id"
    azure_environment   = "AZURE"
    subscription_id     = "my-subscription-id"
    resource_group_name = "my-resource-group"
    key_vault_name      = "my-key-vault-name"
    key_identifier      = "https://my-vault-name.vault.azure.net/keys/my-key-name/my-key-ID"
    secret              = "some-secret-value"
    tenant_id           = "my-tenant-id"
  }
}

Terraform crashes as soon as I type yes in the apply confirmation dialogue (after the plan) with the following message:

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

mongodbatlas_encryption_at_rest.encryption: Creating...

Error: rpc error: code = Unavailable desc = transport is closing

panic: interface conversion: interface {} is nil, not string

The error stack trace is:

2019/11/22 16:05:58 [TRACE] GRPCProvider: ApplyResourceChange
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: panic: interface conversion: interface {} is nil, not string
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: 
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: goroutine 8 [running]:
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/mongodbatlas.expandAwsKms(0xc00049f020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/mongodbatlas/resource_mongodbatlas_encryption_at_rest.go:142 +0x3be
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/mongodbatlas.resourceMongoDBAtlasEncryptionAtRestCreate(0xc0002ea930, 0x1b46760, 0xc000177200, 0x2, 0x27d1620)
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/mongodbatlas/resource_mongodbatlas_encryption_at_rest.go:154 +0xec
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/github.com/hashicorp/terraform/helper/schema.(*Resource).Apply(0xc000187f80, 0xc0000b8640, 0xc00046e7a0, 0x1b46760, 0xc000177200, 0xc00049e901, 0xc0001d04a0, 0x1afad80)
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/github.com/hashicorp/terraform/helper/schema/resource.go:286 +0x3b4
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/github.com/hashicorp/terraform/helper/schema.(*Provider).Apply(0xc000496080, 0xc0003c1a58, 0xc0000b8640, 0xc00046e7a0, 0xc000444868, 0xc000446010, 0x1afcbe0)
2019-11-22T16:05:58.587-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/github.com/hashicorp/terraform/helper/schema/provider.go:285 +0x18f
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/github.com/hashicorp/terraform/helper/plugin.(*GRPCProviderServer).ApplyResourceChange(0xc00009a530, 0x1eb85c0, 0xc00049e000, 0xc000070420, 0xc00009a530, 0xc00049e000, 0xc0001bbbd0)
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/github.com/hashicorp/terraform/helper/plugin/grpc_provider.go:842 +0x894
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/github.com/hashicorp/terraform/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x1c28740, 0xc00009a530, 0x1eb85c0, 0xc00049e000, 0xc0000b8280, 0x0, 0x1eb85c0, 0xc00049e000, 0xc00049c000, 0x3f4)
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/github.com/hashicorp/terraform/internal/tfplugin5/tfplugin5.pb.go:3019 +0x23e
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc000001680, 0x1ec3880, 0xc00009f380, 0xc000177300, 0xc0003001b0, 0x27a6880, 0x0, 0x0, 0x0)
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/google.golang.org/grpc/server.go:966 +0x470
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/google.golang.org/grpc.(*Server).handleStream(0xc000001680, 0x1ec3880, 0xc00009f380, 0xc000177300, 0x0)
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/google.golang.org/grpc/server.go:1245 +0xd25
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0000360a0, 0xc000001680, 0x1ec3880, 0xc00009f380, 0xc000177300)
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/google.golang.org/grpc/server.go:685 +0x9f
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4: created by github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/google.golang.org/grpc.(*Server).serveStreams.func1
2019-11-22T16:05:58.588-0300 [DEBUG] plugin.terraform-provider-mongodbatlas_v0.3.1_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-mongodbatlas/vendor/google.golang.org/grpc/server.go:683 +0xa1
2019/11/22 16:05:58 [DEBUG] mongodbatlas_encryption_at_rest.encryption: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing

Note that terraform validate and terraform plan go through with no errors.

I'm discarding wrong credentials in the resource parameters as the error cause because I'm using the same service principal for Atlas custom key encryption in another cluster.

I'm at a loss here. Please help?

gvilarino commented 4 years ago

I'm not much of a go developer, but from what I think I can understand, it seems the crash happens in line 142 of resource_mongodbatlas_encryption_at_rest.go when trying to cast a non-existant value to string.

awsKms["access_key_id"].(string)

I never configured AWS credentials as I want to use only an Azure KeyVault. That code should never be executed, if I understand correctly

gvilarino commented 4 years ago

Ok, after trying with both the AWS and GCE settings, with empty strings as values and enabled = false this did work.

However, it wasn't unless reading the code that I sort of figured out how to bypass it. I think the UX for this is not consistent for the core terraform modules; as a common user I didn't expect to have to specify unneeded settings, also my configuration shouldn't have passed terraform validate

PacoDw commented 4 years ago

Hello @gvilarino thanks for your reviews, we will attend them as son as posible 👍

mongodb / terraform-provider-mongodbatlas

Crash (panic, interface conversion error) when creating mongodbatlas_encryption_at_rest in Azure #74