search

terraform-google-modules / terraform-google-org-policy

Manages Google Cloud organization policies
https://registry.terraform.io/modules/terraform-google-modules/org-policy/google
Apache License 2.0
79 stars 79 forks source link

Plugin crashed when applying tag based boolean org policy in APIv2 #84

Closed dsGCloud closed 1 year ago

dsGCloud commented 1 year ago

TL;DR

applying org policies based on tags lead to plugin crash

Expected behavior

org policy enforcement

Observed behavior

Error: Plugin did not respond │ │ with module.org-policy.google_org_policy_policy.org_policy_boolean[0], │ on .terraform/modules/org-policy/modules/org_policy_v2/boolean_constraints.tf line 20, in resource "google_org_policy_policy" "org_policy_boolean": │ 20: resource "google_org_policy_policy" "org_policy_boolean" { │ │ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details. ╵

Stack trace from the terraform-provider-google_v3.90.1_x5 plugin:

panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 38 [running]: github.com/hashicorp/terraform-provider-google/google.expandOrgPolicyPolicySpecRulesCondition(...) /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-google/google/resource_org_policy_policy.go:454 github.com/hashicorp/terraform-provider-google/google.expandOrgPolicyPolicySpecRules(0x1072dd860, 0x140011c0f30, 0x2) /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-google/google/resource_org_policy_policy.go:409 +0x7a8 github.com/hashicorp/terraform-provider-google/google.expandOrgPolicyPolicySpecRulesArray(0x1070b1520, 0x1400066eb10, 0x106a7d635, 0x5, 0x1400129bee8) /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-google/google/resource_org_policy_policy.go:394 +0xc8 github.com/hashicorp/terraform-provider-google/google.expandOrgPolicyPolicySpec(0x1070b1520, 0x1400066ebe8, 0x4) /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-google/google/resource_org_policy_policy.go:363 +0x178 github.com/hashicorp/terraform-provider-google/google.resourceOrgPolicyPolicyCreate(0x1400023f280, 0x107766d60, 0x14000b94000, 0xffffffffffffffff, 0x140010d9798) /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-google/google/resource_org_policy_policy.go:207 +0x144 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).create(0x14000790540, 0x10780a420, 0x14001240340, 0x1400023f280, 0x107766d60, 0x14000b94000, 0x0, 0x0, 0x0) /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.5.0/helper/schema/resource.go:318 +0x170 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).Apply(0x14000790540, 0x10780a420, 0x14001240340, 0x1400023ce00, 0x1400123e680, 0x107766d60, 0x14000b94000, 0x1072dd860, 0x140011c0d20, 0x0, ...) /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.5.0/helper/schema/resource.go:456 +0x4ec github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(GRPCProviderServer).ApplyResourceChange(0x14000304d38, 0x10780a420, 0x14001240340, 0x140012624b0, 0x14001240340, 0x1076ad2e0, 0x0) /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.5.0/helper/schema/grpc_provider.go:955 +0x6f8 github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(server).ApplyResourceChange(0x14000dce380, 0x10780a4c8, 0x14001240340, 0x1400023cbd0, 0x14000dce380, 0x1050b82d0, 0x1075044c0) /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.2.1/tfprotov5/server/server.go:332 +0x94 github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x1076ad2e0, 0x14000dce380, 0x10780a4c8, 0x1400079ad50, 0x14001552120, 0x0, 0x10780a4c8, 0x1400079ad50, 0x14000390c00, 0x5a1) /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.2.1/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:380 +0x1c8 google.golang.org/grpc.(Server).processUnaryRPC(0x14000296540, 0x107848df8, 0x14000103680, 0x1400128c000, 0x140007189c0, 0x1086dc8a0, 0x0, 0x0, 0x0) /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/google.golang.org/grpc@v1.40.0/server.go:1297 +0x3e8 google.golang.org/grpc.(Server).handleStream(0x14000296540, 0x107848df8, 0x14000103680, 0x1400128c000, 0x0) /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/google.golang.org/grpc@v1.40.0/server.go:1626 +0xa50 google.golang.org/grpc.(Server).serveStreams.func1.2(0x1400018f170, 0x14000296540, 0x107848df8, 0x14000103680, 0x1400128c000) /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/google.golang.org/grpc@v1.40.0/server.go:941 +0x94 created by google.golang.org/grpc.(Server).serveStreams.func1 /opt/teamcity-agent/work/5d79fe75d4460a2f/pkg/mod/google.golang.org/grpc@v1.40.0/server.go:939 +0x1f8

Error: The terraform-provider-google_v3.90.1_x5 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue.

Terraform Configuration

module "org-policy" {
  source  = "terraform-google-modules/org-policy/google//modules/org_policy_v2"
  version = "~> 5.2.0"
  policy_root      = "organization"    
  policy_root_id   = var.parent_folder     
  constraint       = "iam.disableServiceAccountCreation"
  policy_type      = "boolean"      
  exclude_folders  = []             
  exclude_projects = []  

  rules = [
    # Rule 1
    {
      enforcement = false
      allow       = []
      deny        = []
      conditions  = [{
        description = ""
        expression  = ""
        location    = ""
        title = ""
      }]
    },
    # Rule 2
    {
      enforcement = true
      allow       = []
      deny        = []
      conditions  = [{
        description = "Disable SA creation outside production"
        expression  = "resource.matchTag('271381331669/environment', 'development') && resource.matchTag('271381331669/environment', 'qa')"
        location    = ""
        title       = "Denny SA creation"
      }]
    }
  ]
}

Terraform Version

terraform {
  required_version = "> 1.3.0"
...

Additional information

No response

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days