search

yandex-cloud / terraform-provider-yandex

Terraform Yandex provider
https://www.terraform.io/docs/providers/yandex/
Mozilla Public License 2.0
203 stars 112 forks source link

Provider crashed #408

Open onixsib opened 7 months ago

onixsib commented 7 months ago

Similar behavior is observed when trying to create or import the resource yandex_organizationmanager_saml_federation_user_account

yandex_organizationmanager_saml_federation_user_account.federation_account["XXXX-NAME"]: Importing from ID "XXX-ID"
╷
│ Error: Plugin did not respond
│ 
│ The plugin encountered an error, and failed to respond to the
│ plugin6.(*GRPCProvider).ImportResourceState call. The plugin logs may
│ contain more details.
╵

Stack trace from the terraform-provider-yandex_v0.104.0 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x1aa6389]

goroutine 135 [running]:
github.com/yandex-cloud/terraform-provider-yandex/yandex.getSamlUserAccount({0x2657020, 0xc0013d6ae0}, 0xc000b33600, {0xc0007be3f0, 0x14}, {0xc0007be408, 0x15})
        github.com/yandex-cloud/terraform-provider-yandex/yandex/resource_yandex_organizationmanager_saml_federation_user_account.go:194 +0x389
github.com/yandex-cloud/terraform-provider-yandex/yandex.resourceYandexOrganizationManagerSamlFederationUserAccountImport({0x2657020, 0xc0013d6ae0}, 0xc00138aa00, {0x2041240?, 0xc000b33600})
        github.com/yandex-cloud/terraform-provider-yandex/yandex/resource_yandex_organizationmanager_saml_federation_user_account.go:70 +0x38d
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Provider).ImportState(0xc0000e7920, {0x2657020, 0xc0013d6ae0}, 0xc001393428, {0xc0005f08d0, 0x14})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.28.0/helper/schema/provider.go:388 +0x1ac
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ImportResourceState(0xc000787a28, {0x2657020?, 0xc0013d69c0?}, 0xc0000e4cc0)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.28.0/helper/schema/grpc_provider.go:1097 +0xf4
github.com/hashicorp/terraform-plugin-mux/tf5to6server.v5tov6Server.ImportResourceState({{0x2661508?, 0xc000787a28?}}, {0x2657020?, 0xc0013d69c0?}, 0xc0000e4ca0?)
        github.com/hashicorp/terraform-plugin-mux@v0.11.2/tf5to6server/tf5to6server.go:70 +0xd0
github.com/hashicorp/terraform-plugin-mux/tf6muxserver.muxServer.ImportResourceState({0xc000d16150, 0xc000f9cc30, 0xc000d16180, 0xc000d161b0, {0xc000b68c20, 0x2, 0x2}}, {0x2657020?, 0xc0013d6690?}, 0xc0000e4ca0)
        github.com/hashicorp/terraform-plugin-mux@v0.11.2/tf6muxserver/mux_server_ImportResourceState.go:30 +0x139
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ImportResourceState(0xc0001470e0, {0x2657020?, 0xc0013c3d70?}, 0xc0005f4fa0)
        github.com/hashicorp/terraform-plugin-go@v0.18.0/tfprotov6/tf6server/server.go:849 +0x1f6
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ImportResourceState_Handler({0x22377e0?, 0xc0001470e0}, {0x2657020, 0xc0013c3d70}, 0xc00138a780, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.18.0/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:440 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000693a40, {0x2657020, 0xc0013c23f0}, {0x265fce0, 0xc000e36000}, 0xc0013c10e0, 0xc000db8030, 0x3eadcd8, 0x0)
        google.golang.org/grpc@v1.59.0/server.go:1343 +0xe49
google.golang.org/grpc.(*Server).handleStream(0xc000693a40, {0x265fce0, 0xc000e36000}, 0xc0013c10e0)
        google.golang.org/grpc@v1.59.0/server.go:1737 +0xca6
google.golang.org/grpc.(*Server).serveStreams.func1.1()
        google.golang.org/grpc@v1.59.0/server.go:986 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/grpc@v1.59.0/server.go:997 +0x15c

Error: The terraform-provider-yandex_v0.104.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

XXX-NAME - string XXX-ID id from YC

KoDA82 commented 7 months ago

Hi, is it still reproducible with 0.105.0? If yes - could you share a sample so we can use to reproduce it locally?

onixsib commented 7 months ago 
╷
│ Error: Plugin did not respond
│ 
│ The plugin encountered an error, and failed to respond to the
│ plugin6.(*GRPCProvider).ApplyResourceChange call. The plugin logs may
│ contain more details.
╵

Stack trace from the terraform-provider-yandex_v0.105.0 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x1aaef09]

goroutine 28 [running]:
github.com/yandex-cloud/terraform-provider-yandex/yandex.getSamlUserAccount({0x2663c28, 0xc001406b40}, 0xc001350160, {0xc0005eabe8, 0x14}, {0xc0005eac00, 0x15})
        github.com/yandex-cloud/terraform-provider-yandex/yandex/resource_yandex_organizationmanager_saml_federation_user_account.go:194 +0x389
github.com/yandex-cloud/terraform-provider-yandex/yandex.resourceYandexOrganizationManagerSamlFederationUserAccountRead({0x2663c28, 0xc001406b40}, 0xc001406b40?, {0x204bd20?, 0xc001350160})
        github.com/yandex-cloud/terraform-provider-yandex/yandex/resource_yandex_organizationmanager_saml_federation_user_account.go:114 +0x106
github.com/yandex-cloud/terraform-provider-yandex/yandex.resourceYandexOrganizationManagerSamlFederationUserAccountCreate({0x2663c28, 0xc001406b40}, 0x0?, {0x204bd20?, 0xc001350160?})
        github.com/yandex-cloud/terraform-provider-yandex/yandex/resource_yandex_organizationmanager_saml_federation_user_account.go:107 +0x5fe
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0xc000d67dc0, {0x2663c60, 0xc001406000}, 0xd?, {0x204bd20, 0xc001350160})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.28.0/helper/schema/resource.go:778 +0x12e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc000d67dc0, {0x2663c60, 0xc001406000}, 0xc001324b60, 0xc001378300, {0x204bd20, 0xc001350160})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.28.0/helper/schema/resource.go:909 +0xa7e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc000729680, {0x2663c60?, 0xc001363e00?}, 0xc001319f90)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.28.0/helper/schema/grpc_provider.go:1027 +0xe8d
github.com/hashicorp/terraform-plugin-mux/tf5to6server.v5tov6Server.ApplyResourceChange({{0x266e148?, 0xc000729680?}}, {0x2663c60, 0xc001363e00}, 0x0?)
        github.com/hashicorp/terraform-plugin-mux@v0.11.2/tf5to6server/tf5to6server.go:37 +0x5a
github.com/hashicorp/terraform-plugin-mux/tf6muxserver.muxServer.ApplyResourceChange({0xc000d84a80, 0xc000fcfb60, 0xc000d84ab0, 0xc000d84ae0, {0xc0008c6ce0, 0x2, 0x2}}, {0x2663c60?, 0xc001363ad0?}, 0xc001319f40)
        github.com/hashicorp/terraform-plugin-mux@v0.11.2/tf6muxserver/mux_server_ApplyResourceChange.go:30 +0x139
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ApplyResourceChange(0xc000598960, {0x2663c60?, 0xc0013630e0?}, 0xc0001ed810)
        github.com/hashicorp/terraform-plugin-go@v0.18.0/tfprotov6/tf6server/server.go:819 +0x574
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x22431c0?, 0xc000598960}, {0x2663c60, 0xc0013630e0}, 0xc001307b00, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.18.0/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:422 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0008bed20, {0x2663c60, 0xc001363050}, {0x266c920, 0xc000e44ea0}, 0xc0013707e0, 0xc000e3c960, 0x3ec3c60, 0x0)
        google.golang.org/grpc@v1.59.0/server.go:1343 +0xe49
google.golang.org/grpc.(*Server).handleStream(0xc0008bed20, {0x266c920, 0xc000e44ea0}, 0xc0013707e0)
        google.golang.org/grpc@v1.59.0/server.go:1737 +0xca6
google.golang.org/grpc.(*Server).serveStreams.func1.1()
        google.golang.org/grpc@v1.59.0/server.go:986 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/grpc@v1.59.0/server.go:997 +0x15c

Error: The terraform-provider-yandex_v0.105.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Yes it still crashes.

Below i has put code and data which going to provider.

variable "federations" {
  type = map(any)
}

variable "folder_ids" {
  type = map(any)
}

variable "cloud_ids" {
  type = map(any)
}

variable "staff_users" {
  type = list(object({
    username         = string
    enabled          = optional(bool)
    email            = string
    email_verified   = optional(bool)
    first_name       = string
    last_name        = string
    groups           = list(string)
    initial_password = optional(string)
    vpn_access = optional(object({
      prod    = optional(list(string))
      staging = optional(list(string))
    }))
    cloud_access = optional(object({
      prod = optional(object({
        prod = optional(list(string))
      }))
      staging = optional(object({
        stress = optional(list(string))
        tech  = optional(list(string))
      }))
    }))
    description = optional(string)
  }))
  default     = []
  description = "List of users"
}

locals {
  users = {
    for user in var.staff_users : user.username => user
  }
  yandex_users = flatten([
    for key, user in local.users : [
      for cloud, access in user.cloud_access : {
        username = "${user.username}"
        email    = "${user.email}"
        cloud    = "${cloud}"
        access   = access
      } if access != null && access != ""
    ] if user.cloud_access != null && user.cloud_access != {}
  ])

  yandex_users_folder = flatten([
    for key, user in local.users : [
      for cloud, access in user.cloud_access : [
        for folder, rights in access : [
          for role in rights :
          {
            username       = "${user.username}"
            email          = "${user.email}"
            username_cloud = "${user.username}-${cloud}"
            cloud          = "${cloud}"
            folder         = "${folder}"
            role           = "${role}"
          }
        ] if rights != null
      ] if access != null
    ] if user.cloud_access != null && user.cloud_access != {}
  ])
}
resource "yandex_organizationmanager_saml_federation_user_account" "federation_account" {
  for_each = { for user in local.yandex_users : "${user.username}-${user.cloud}" => user }
  federation_id = yandex_organizationmanager_saml_federation.federation["${each.value.cloud}"].id
  name_id       = each.value.email
}

resource "yandex_resourcemanager_cloud_iam_member" "iam_member" {
  for_each = { for user in local.yandex_users : "${user.username}-${user.cloud}" => user }
  cloud_id = var.cloud_ids[each.value.cloud]
  role     = "resource-manager.clouds.member"
  member   = "federatedUser:${yandex_organizationmanager_saml_federation_user_account.federation_account["${each.value.username}-${each.value.cloud}"].id}"
}

resource "yandex_resourcemanager_folder_iam_member" "iam_member" {
  for_each  = { for user in local.yandex_users_folder : "${user.username}-${user.cloud}-${user.folder}-${user.role}" => user }
  folder_id = var.folder_ids[each.value.folder]
  role      = each.value.role
  member    = "federatedUser:${yandex_organizationmanager_saml_federation_user_account.federation_account["${each.value.username_cloud}"].id}"
}

Data

staff_users = [
  {
    username   = "user"
    email      = "user@company.com"
    first_name = "User"
    last_name  = "Resu"
    groups     = [""]
    vpn_access = {
      prod    = [""]
      staging = [""]
    },
    cloud_access = {
      prod = {
        prod = ["admin"]
      },
      staging = {
        strees = ["admin"],
        tech  = ["admin"]
      }
    }
    description = "DevOps"
  },
]

folder_ids = {
  stress = "idiididididididididi"
  tech  = "idiidididididididid2"
  prod  = "idiidididididididid3"
}

cloud_ids = {

  staging = "idc11111111111111111"
  prod    = "idc22222222222222222"
}

federations = {
  staging = "idf11111111111111111"
  prod    = "idf22222222222222222"
}
onixsib commented 6 months ago

v0.107.0

Stack trace from the terraform-provider-yandex_v0.107.0 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x1ad68a9]

goroutine 40 [running]:
github.com/yandex-cloud/terraform-provider-yandex/yandex.getSamlUserAccount({0x26ab308, 0xc000febda0}, 0xc00097d1e0, {0xc000f8a528, 0x14}, {0xc000f8a540, 0x15})
        github.com/yandex-cloud/terraform-provider-yandex/yandex/resource_yandex_organizationmanager_saml_federation_user_account.go:194 +0x389
github.com/yandex-cloud/terraform-provider-yandex/yandex.resourceYandexOrganizationManagerSamlFederationUserAccountRead({0x26ab308, 0xc000febda0}, 0xc000febda0?, {0x2085d60?, 0xc00097d1e0})
        github.com/yandex-cloud/terraform-provider-yandex/yandex/resource_yandex_organizationmanager_saml_federation_user_account.go:114 +0x106
github.com/yandex-cloud/terraform-provider-yandex/yandex.resourceYandexOrganizationManagerSamlFederationUserAccountCreate({0x26ab308, 0xc000febda0}, 0x0?, {0x2085d60?, 0xc00097d1e0?})
        github.com/yandex-cloud/terraform-provider-yandex/yandex/resource_yandex_organizationmanager_saml_federation_user_account.go:107 +0x5fe
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0xc000d92380, {0x26ab340, 0xc000feb260}, 0xd?, {0x2085d60, 0xc00097d1e0})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.28.0/helper/schema/resource.go:778 +0x12e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc000d92380, {0x26ab340, 0xc000feb260}, 0xc000fccd00, 0xc000f96c80, {0x2085d60, 0xc00097d1e0})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.28.0/helper/schema/resource.go:909 +0xa7e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc000783668, {0x26ab340?, 0xc000feb080?}, 0xc000fb0a50)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.28.0/helper/schema/grpc_provider.go:1027 +0xe8d
github.com/hashicorp/terraform-plugin-mux/tf5to6server.v5tov6Server.ApplyResourceChange({{0x26b5848?, 0xc000783668?}}, {0x26ab340, 0xc000feb080}, 0x0?)
        github.com/hashicorp/terraform-plugin-mux@v0.11.2/tf5to6server/tf5to6server.go:37 +0x5a
github.com/hashicorp/terraform-plugin-mux/tf6muxserver.muxServer.ApplyResourceChange({0xc000db63c0, 0xc001162880, 0xc000db63f0, 0xc000db6420, {0xc000c72b00, 0x2, 0x2}}, {0x26ab340?, 0xc000fead50?}, 0xc000fb0a00)
        github.com/hashicorp/terraform-plugin-mux@v0.11.2/tf6muxserver/mux_server_ApplyResourceChange.go:30 +0x139
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ApplyResourceChange(0xc000992b40, {0x26ab340?, 0xc000fea360?}, 0xc000238b60)
        github.com/hashicorp/terraform-plugin-go@v0.18.0/tfprotov6/tf6server/server.go:819 +0x574
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x2284b00?, 0xc000992b40}, {0x26ab340, 0xc000fea360}, 0xc000f96480, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.18.0/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:422 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0009dd000, {0x26ab340, 0xc000fea2d0}, {0x26b4000, 0xc000db96c0}, 0xc000fe2360, 0xc000e582a0, 0x3f54b40, 0x0)
        google.golang.org/grpc@v1.60.1/server.go:1372 +0xe49
google.golang.org/grpc.(*Server).handleStream(0xc0009dd000, {0x26b4000, 0xc000db96c0}, 0xc000fe2360)
        google.golang.org/grpc@v1.60.1/server.go:1783 +0x1031
google.golang.org/grpc.(*Server).serveStreams.func2.1()
        google.golang.org/grpc@v1.60.1/server.go:1016 +0x68
created by google.golang.org/grpc.(*Server).serveStreams.func2
        google.golang.org/grpc@v1.60.1/server.go:1027 +0x12e

Error: The terraform-provider-yandex_v0.107.0 plugin crashed!
onixsib commented 6 months ago

Any news?

KoDA82 commented 6 months ago

The issue was transmitted to the responsible team. Now waiting for a fix.