terraform-provider-kubernetes icon indicating copy to clipboard operation
terraform-provider-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Crash when wait condition status is bool instead of string

Open benley opened this issue 3 years ago • 2 comments

Terraform Version, Provider Version and Kubernetes Version

Terraform version: 1.2.9
Kubernetes provider version: 2.13.1
Kubernetes version: 1.22.12

Affected Resource(s)

  • kubernetes_manifest

Terraform Configuration Files

resource "kubernetes_manifest" "keycloak-crd-instance" {
  depends_on = [
    kubernetes_manifest.keycloak-cert
  ]
  wait {
    condition {
      type = "Ready"
      status = true  # <---- this causes a crash.  "true" and "True" don't work either.
    }
  }
  manifest = {
    apiVersion = "k8s.keycloak.org/v2alpha1"
    kind = "Keycloak"
    metadata = {
      name = var.name
      namespace = var.namespace
    }
    spec = {
      instances = var.instances
      hostname = var.public_hostname
      tlsSecret = local.tls_secret_name
      disableDefaultIngress = true
      serverConfiguration = [
        {
          name = "db"
          value = var.db_type
        },
        {
          name = "db-url-host"
          value = var.db_hostname
        },
        {
          name = "db-url-database"
          value = var.db_name
        },
        {
          name = "db-username"
          value = var.db_username
        },
        {
          name = "db-password"
          secret = {
            name = kubernetes_secret.db_credentials.metadata.0.name
            key = "password"
          }
        },
        {
          name = "metrics-enabled"
          value = "true"
        },
        {
          name = "http-relative-path"
          value = "/auth"
        },
        {
          name = "hostname-path"
          value = "auth"
        }
      ]
    }
  }
}

Debug Output

Debug output contains a ton of secret values. If you really need this please ask and I'll come up with a redacted version.

Panic Output

kubernetes_manifest.keycloak-crd-instance: Modifying...
╷
│ Error: Plugin did not respond
│ 
│   with kubernetes_manifest.keycloak-crd-instance,
│   on main.tf line 36, in resource "kubernetes_manifest" "keycloak-crd-instance":
│   36: resource "kubernetes_manifest" "keycloak-crd-instance" {
│ 
│ The plugin encountered an error, and failed to respond to the
│ plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may
│ contain more details.
╵

Stack trace from the terraform-provider-kubernetes_v2.13.1_x5 plugin:

panic: interface conversion: interface {} is bool, not string

goroutine 321 [running]:
github.com/hashicorp/terraform-provider-kubernetes/manifest/provider.(*ConditionsWaiter).Wait(0xc000c74960, {0x208e0d0?, 0xc001542f00?})
        github.com/hashicorp/terraform-provider-kubernetes/manifest/provider/waiter.go:358 +0x5b4
github.com/hashicorp/terraform-provider-kubernetes/manifest/provider.(*RawProviderServer).waitForCompletion(0xc0012a1860?, {0x208e0d0, 0xc001542f00}, {{0x2091608?, 0xc0039ccb40?}, {0x1b19960?, 0xc0039cc0f0?}}, {0x2092638?, 0xc000831c70?}, {0xc003e0cab4, ...}, ...)
        github.com/hashicorp/terraform-provider-kubernetes/manifest/provider/waiter.go:34 +0x10e
github.com/hashicorp/terraform-provider-kubernetes/manifest/provider.(*RawProviderServer).ApplyResourceChange(0xc001228780, {0x208e108, 0xc002f77b90}, 0xc000c63680)
        github.com/hashicorp/terraform-provider-kubernetes/manifest/provider/apply.go:435 +0x4a45
github.com/hashicorp/terraform-plugin-mux/tf5muxserver.muxServer.ApplyResourceChange({0xc0008a1d40, 0xc0008a1da0, {0xc0012a4c80, 0x2, 0x2}, 0xc0008a1d70, 0xc0008a2d60, 0xc00127cba0, 0xc0008a1dd0}, {0x208e060, ...}, ...)
        github.com/hashicorp/[email protected]/tf5muxserver/mux_server_ApplyResourceChange.go:27 +0x142
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc0004bfc20, {0x208e108?, 0xc002f77290?}, 0xc0004eed90)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:812 +0x515
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x1cc2000?, 0xc0004bfc20}, {0x208e108, 0xc002f77290}, 0xc002f44ea0, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:385 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00021a700, {0x20920f8, 0xc000d6c1a0}, 0xc00267e5a0, 0xc0012f09f0, 0x2e7ef60, 0x0)
        google.golang.org/[email protected]/server.go:1282 +0xccf
google.golang.org/grpc.(*Server).handleStream(0xc00021a700, {0x20920f8, 0xc000d6c1a0}, 0xc00267e5a0, 0x0)
        google.golang.org/[email protected]/server.go:1619 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/[email protected]/server.go:921 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:919 +0x28a

Error: The terraform-provider-kubernetes_v2.13.1_x5 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Steps to Reproduce

  1. Install the CRDs for the Keycloak operator (the "new" one, version 19 as I'm writing this)
  2. Apply a kubernetes_manifest resource with:
resource "kubernetes_manifest" "this" {
  wait {
    condition {
      type = "Ready"
      status = true
    }
  }
  manifest = {
    apiVersion = "k8s.keycloak.org/v2alpha1"
    kind = "Keycloak"
    metadata = { ... }
  }
  spec = { ... }
}

Expected Behavior

It should create the resource and wait for the Ready condition, which is (apparently) a boolean value with this CRD, not a string.

Actual Behavior

It paniced.

Important Factoids

References

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

benley avatar Sep 15 '22 22:09 benley

Hi @benley,

One clarifying question here. When you use "true" and "True" does it also crash?

The kubernetes_manifest resource expects wait.condition.status to be a string with a value True, False or Unknown according to the Kubernetes meta/v1 structure that represents conditions: https://github.com/kubernetes/apimachinery/blob/master/pkg/apis/meta/v1/types.go#L1464-L1510

At a first glance it looks like the Keycloak operator is not implementing this API correctly and uses bool type instead of expected string: https://github.com/keycloak/keycloak/blob/main/kubernetes/keycloaks.keycloak.org-v1.yml#L2690-L2703

Thanks.

arybolovlev avatar Sep 20 '22 13:09 arybolovlev

Confirmed, the crash still happens if I use "true" or "True". It sounds like this is technically a bug in the keycloak operator, but perhaps it's worth working around it in this provider implementation as well?

benley avatar Sep 21 '22 21:09 benley

Hello! I looked into this and attempted to replicate this issue with the latest version of our provider, 2.13.1. It looks like we can now take both string and boolean values for the wait condition! Let us know if you still run into this issue still, I will close this for now.

BBBmau avatar Mar 07 '23 15:03 BBBmau