Plugin Crashed Terraform plan

[sujitks]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Affected Resource(s)

• azuredevops_v0.5.0

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
provider "azuredevops" {
  personal_access_token = var.AZDO_PERSONAL_ACCESS_TOKEN
  org_service_url       = var.AZDO_ORG_SERVICE_URL
}

data "azuredevops_project" "multispecies" {
  name = "Project Name in ADO"
}
resource "azuredevops_serviceendpoint_azurerm" "dev-serviceendpoints" {
  for_each              = { for k, v in var.platform_landingzones : k => v if v.dev_enabled }
  project_id            = data.azuredevops_project.multispecies.id
  service_endpoint_name = "name-of-se-${each.value.lz_short_name}-dev"
  description           = "Managed by Terraform"
  credentials {
    serviceprincipalid  = azuread_service_principal.dev-spn[each.key].object_id
    serviceprincipalkey = azuread_service_principal_password.dev-spn-password[each.key].value
  }
  azurerm_spn_tenantid      = var.tenant_id
  azurerm_subscription_id   = azurerm_subscription.platform-SUBs-dev[each.key].subscription_id
  azurerm_subscription_name = azurerm_subscription.platform-SUBs-dev[each.key].subscription_name
}

Debug Output

Panic Output

	github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/commons.go:119 +0x151
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.flattenServiceEndpointAzureRM(0xc0000123c0?, 0xc000525200, 0xc0000a8260?)
	github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_azurerm.go:173 +0x27
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.genServiceEndpointReadFunc.func1(0xc000150f00, {0x131b8c0?, 0xc000534140})
	github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/commons.go:233 +0x2ef
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0x1610000?, {0x1610000?, 0xc0004e5f50?}, 0xd?, {0x131b8c0?, 0xc000534140?})
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:712 +0x178
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc0003e4540, {0x1610000, 0xc0004e5f50}, 0xc000052f70, {0x131b8c0, 0xc000534140})
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:1015 +0x585
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc0003a8a98, {0x1610000?, 0xc0004e5e30?}, 0xc000013280)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:613 +0x497
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadResource(0xc00035d0e0, {0x1610000?, 0xc0004e5350?}, 0xc00007c7e0)
	github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:748 +0x49e
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0x1478100?, 0xc00035d0e0}, {0x1610000, 0xc0004e5350}, 0xc00058a150, 0x0)
	github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:349 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001e61e0, {0x1612c60, 0xc000064ea0}, 0xc0000d9560, 0xc0004030e0, 0x1b3a6b0, 0x0)
	google.golang.org/[email protected]/server.go:1295 +0xb0b
google.golang.org/grpc.(*Server).handleStream(0xc0001e61e0, {0x1612c60, 0xc000064ea0}, 0xc0000d9560, 0x0)
	google.golang.org/[email protected]/server.go:1636 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
	google.golang.org/[email protected]/server.go:932 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
	google.golang.org/[email protected]/server.go:930 +0x28a

Error: The terraform-provider-azuredevops_v0.5.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

### Expected Behavior
Plan should have provided number of service endpoints being created/destroyed
<!--- What should have happened? --->

### Actual Behavior
Terraform plan failed
<!--- What actually happened? --->

### Steps to Reproduce
<!--- Please list the steps required to reproduce the issue. --->
Create management group
Create subscription
Create SPN (azurerm provider)
Create SPN password (azurerm provider)
Create Service endpoint (Azure devops provider)..

1. terraform plan

Important Factoids

We are using azure public cloud with backend in storage account. Same configuration was working fine, we have just refactored it to into multiple files and modules approach to call from a root file.

Plan is giving expected outcome about resources which will be destroyed and others which will be created but crashes and causes pipeline to fail.

References

• #0000

[xuzhang3]

@sujitks what is permissions does the PAT granted? Checked the code, the endpoint referenced project not returned by service.

[Exchizz]

Hi,

I hope it's OK I add to this issue as my bug seems related. Let me know if I should create a new issue.

I have a service connection in Azur eDevops that's manually created. I want to get it's ID in terraform.

It has authentication method set to "Token Based authentication".

When I use:

data "azuredevops_serviceendpoint_azurerm" "service_connection" {
  project_id            = "<my project id>"
  service_endpoint_name = "test endpoint"
}

I also get a crash:

│ Error: Request cancelled
│
│   with azuredevops_git_repository.application_helmchart[0],
│   on repositories.tf line 16, in resource "azuredevops_git_repository" "application_helmchart":
│   16: resource "azuredevops_git_repository" "application_helmchart" {
│
│ The plugin.(*GRPCProvider).UpgradeResourceState request was cancelled.
╵

Stack trace from the terraform-provider-azuredevops_v0.9.1 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x125cbcb]

goroutine 11 [running]:
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.flattenServiceEndpointAzureRM(0xc00032f680?, 0xc0005e2900, 0x13?)
        github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_azurerm.go:375 +0x4b
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.dataSourceServiceEndpointAzureRMRead(0x0?, {0x1305f40?, 0xc000349a20?})
        github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/data_serviceendpoint_azurerm.go:26 +0x11e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0x15febe0?, {0x15febe0?, 0xc00062b200?}, 0xd?, {0x1305f40?, 0xc000349a20?})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:712 +0x178
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).ReadDataApply(0xc0004762a0, {0x15febe0, 0xc00062b200}, 0xc00032f580, {0x1305f40, 0xc000349a20})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:943 +0x145
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadDataSource(0xc0004ac000, {0x15febe0?, 0xc00062b0e0?}, 0xc0004d6960)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:1179 +0x38f
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadDataSource(0xc0004b6000, {0x15febe0?, 0xc00062a930?}, 0xc00062c820)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:658 +0x3ef
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadDataSource_Handler({0x1464e20?, 0xc0004b6000}, {0x15febe0, 0xc00062a930}, 0xc00011a540, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:421 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000370000, {0x16018e0, 0xc000485040}, 0xc0004318c0, 0xc00049c270, 0x1b32670, 0x0)
        google.golang.org/[email protected]/server.go:1336 +0xd13
google.golang.org/grpc.(*Server).handleStream(0xc000370000, {0x16018e0, 0xc000485040}, 0xc0004318c0, 0x0)
        google.golang.org/[email protected]/server.go:1704 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/[email protected]/server.go:965 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:963 +0x28a

However if I change "Authentication method" to "Basic authentication" then the terraform data resource successfully returns the ID of the service provider.

Will this bug be fixed in a future release ?

[xuzhang3]

@Exchizz RM service connection authorized with SPN not token, can you check what type of service connection you are trying to manage?

[Exchizz]

@xuzhang3 I'm trying to read the id of a "Azure Repos/Team Foundation Server"-serviceconnection. But I just realized I'm using "azuredevops_serviceendpoint_azurerm" as a data-resource. I'm guessing that's why it's failing ?

Does that mean I can't read the ID of the "Azure Repos/Team Foundation Server" service endpoint ? I can't seem to find a data resource for that type.

[xuzhang3]

@Exchizz Azure Repos/Team Foundation Server data source does not supported yet. All service connections use the same API and have basically the same response body structure, which is why azuredevops_serviceendpoint_azurerm can handle it.

[Exchizz]

@xuchang3 Ah ok. Do you think it is a bug and will it be fixed so I can read a Azure Repos/Team Foundation Server-service connection with authentication set to "Token Based authentication" using the azuredevops_serviceendpoint_azurerm data source ?

If you can give me a couple of hints to where this should be fixed in the code and how it should be fixed, I would not mind creating a PR :)

[sujitks]

Hi @xuzhang3 - There was some permissions issue and we have got this fixed in our pipeline. Documentation/error handling should reflect meaning of the error.

Thank you

[xuzhang3]

@Exchizz Azure Repos/Team Foundation Server resource is managed by serviceendpoint_externaltfs, you can add a new data source for it. Ref: https://github.com/microsoft/terraform-provider-azuredevops/blob/main/azuredevops/internal/service/serviceendpoint/data_serviceendpoint_npm.go

[xuzhang3]

@sujitks good to see this issue resolved

[xuzhang3]

This issue is related to permissions. If the PAT does not have access permissions, the service returns the service connection ID and nothing else. #1193 is attempting to fix this.