Error: The terraform-provider-anypoint_v1.6.0 plugin crashed! when trying to import the configuration of a anypoint_apim_policy_jwt_validation

dfelcey commented 6 months ago

When I tried to import a JWT Validation policy configuration the plugin causes terraform to crash. See details below;

│ Error: Request cancelled │ │ The plugin.(*GRPCProvider).ReadResource request was cancelled. ╵

Stack trace from the terraform-provider-anypoint_v1.6.0 plugin:

panic: runtime error: index out of range [0] with length 0

goroutine 67 [running]: github.com/mulesoft-anypoint/terraform-provider-anypoint/anypoint.flattenApimPolicyJwtValidationCfg(0xc0001f5200?, 0xc0001f5200) github.com/mulesoft-anypoint/terraform-provider-anypoint/anypoint/resource_apim_policy_jwt_validation.go:604 +0x2be github.com/mulesoft-anypoint/terraform-provider-anypoint/anypoint.resourceApimInstancePolicyJwtValidationRead({0x1d59b08, 0xc0000feee0}, 0x0?, {0x1bd2dc0?, 0xc000208000?}) github.com/mulesoft-anypoint/terraform-provider-anypoint/anypoint/resource_apim_policy_jwt_validation.go:444 +0x6ee github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).read(0xc000374e00, {0x1d59a60, 0xc000590810}, 0xd?, {0x1bd2dc0, 0xc000208000}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.24.0/helper/schema/resource.go:724 +0x11b github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).RefreshWithoutUpgrade(0xc000374e00, {0x1d59a60, 0xc000590810}, 0xc0000b9e10, {0x1bd2dc0, 0xc000208000}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.24.0/helper/schema/resource.go:1015 +0x549 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(GRPCProviderServer).ReadResource(0xc00049dbc0, {0x1d59a60?, 0xc000590720?}, 0xc0005ed580) github.com/hashicorp/terraform-plugin-sdk/v2@v2.24.0/helper/schema/grpc_provider.go:613 +0x48a github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(server).ReadResource(0xc00036c320, {0x1d59a60?, 0xc000271800?}, 0xc00007ec60) github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/tf5server/server.go:748 +0x48b github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0x1ba0220?, 0xc00036c320}, {0x1d59a60, 0xc000271800}, 0xc0000fe7e0, 0x0) github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:349 +0x169 google.golang.org/grpc.(Server).processUnaryRPC(0xc0004d0000, {0x1d5de88, 0xc0006029c0}, 0xc000229560, 0xc000271e90, 0x247e070, 0x0) google.golang.org/grpc@v1.48.0/server.go:1295 +0xb18 google.golang.org/grpc.(Server).handleStream(0xc0004d0000, {0x1d5de88, 0xc0006029c0}, 0xc000229560, 0x0) google.golang.org/grpc@v1.48.0/server.go:1636 +0x9e7 google.golang.org/grpc.(Server).serveStreams.func1.2() google.golang.org/grpc@v1.48.0/server.go:932 +0x8d created by google.golang.org/grpc.(Server).serveStreams.func1 in goroutine 39 google.golang.org/grpc@v1.48.0/server.go:930 +0x246

Error: The terraform-provider-anypoint_v1.6.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue

soufi commented 6 months ago

Thank you for reporting this.

soufi commented 6 months ago

@dfelcey can you give some info about your JWT policy ? what version etc ...

dfelcey commented 6 months ago

Sure. The current JWT policy I'm trying to import is version 0.11.0. See the attached screen shot;

Screenshot 2024-05-23 at 20 31 33

Let me know if you need any other information

soufi commented 6 months ago

Hi @dfelcey

I'm confused, the latest version is 1.4.0

Please try using that version. your version is too old.

dfelcey commented 6 months ago

Hi Soufi,

If the JWT Validation policy is being applied to a Flex Gateway this is the latest version of the policy. If you are applying the JWT Validation policy to a Mule 4 gateway the latest version is 1.4. But they will be different implementations

Screenshot 2024-05-24 at 08 57 33

soufi commented 6 months ago

@dfelcey You're right. Can you paste your terraform policy resource code here.

dfelcey commented 6 months ago

main.tf

terraform {
  required_providers {
    anypoint = {
      source = "mulesoft-anypoint/anypoint"
      version = "1.6.0"
    }
  }
}

provider "anypoint" {
  # use either username/pwd or client id/secret to connect to the platform

  client_id = var.client_credentials_id
  client_secret = var.client_credentials_secret

  # You may need to change the anypoint control plane: use 'eu' or 'us'
  # by default the control plane is 'us'
  cplane= var.control_plane
}

data "anypoint_flexgateway_target" "target" {
  id = "7d3e667c-fe3d-4cc8-bab2-99bfe516c278"
  org_id = var.anypoint_org_id
  env_id = var.anypoint_env_id
}

resource "anypoint_apim_flexgateway" "fg" {
  asset_group_id = var.anypoint_org_id
  asset_id = var.asset_id 
  asset_version = var.asset_version 
  org_id = var.anypoint_org_id
  env_id = var.anypoint_env_id

  deployment_target_id = data.anypoint_flexgateway_target.target.id
  deployment_target_name = data.anypoint_flexgateway_target.target.name
  deployment_gateway_version = data.anypoint_flexgateway_target.target.version
  deployment_expected_status = "deployed"
  deployment_overwrite = true
  deployment_type = "HY"
  instance_label  = "my terraform flex instance"
  endpoint_proxy_uri = "http://consumer.url/hello/world/2"
  routing {
    label = "my-route01"
    upstreams {
      label = "upstream01"
      weight = 100
    }
    rules {
      methods = [ "POST", "GET" ]
      host = ".*"
      path = "/.*"
      headers = {
        "x-example-header" = ".*"
        "x-correlation-id" = ".*"
      }
    }
  }
  upstreams {
    label = "upstream01"
    uri = "http://192.168.1.166:3000"
  }
}

resource "anypoint_apim_policy_jwt_validation" "jwt-policy-1" {
  org_id = var.anypoint_org_id
  env_id = var.anypoint_env_id
  apim_id = anypoint_apim_flexgateway.fg.id
  disabled = false 
  asset_version = "0.11.0"
  configuration_data {
    jwt_origin = "httpBearerAuthenticationHeader"
    signing_method = "rsa"
    signing_key_length = 256 
    jwt_key_origin = "jwks"
    jwks_url = "http://your-jwks-service.example:80/base/path"
    jwks_service_time_to_live = 60
    jwks_service_connection_timeout = 1000
    text_key = "your-(256|384|512)-bit-secret"
  }
}

variables.tf

variable "flex_gateway_name" {
  type    = string
  default = "fg-170524"
}

variable "anypoint_org_id" {
  type    = string
}

variable "anypoint_env_id" {
  type    = string
}

variable "client_credentials_id" {
  type = string
  sensitive = false
}

variable "client_credentials_secret" {
  type = string
  sensitive = false
}

variable "control_plane" {
  type = string
  sensitive = false
}

variable "endpoint_uri" {
  type = string
  sensitive = false
}

variable "asset_id" {
  type = string
  sensitive = false
}

variable "asset_group_id" {
  type = string
  sensitive = false
}

variable "asset_version" {
  type = string
  sensitive = false
}

soufi commented 6 months ago

issue is resolved and pushed to branch fixes/import_jwt_validation_policy in case you want to try it out.

This will be part of the next patch 1.6.1.

soufi commented 5 months ago

solved in v1.6.1

mulesoft-anypoint / terraform-provider-anypoint

Error: The terraform-provider-anypoint_v1.6.0 plugin crashed! when trying to import the configuration of a anypoint_apim_policy_jwt_validation #41