Validate resource exists

[abdelazizhd]

Description

We are using crossplane to handle our infrastructure, specifically https://github.com/crossplane-contrib/provider-jet-mongodbatlas wich use this terraform provider internally. We attempt to create the database user and IP access list, on both cases the following error rise:

Error: Plugin did not respond
│ 
│   with mongodbatlas_project_ip_access_list.xyz-mongodba-all,
│   on main.tf.json line 17, in resource.mongodbatlas_project_ip_access_list.xyz-mongodba-all:
│   17:             }
│ 
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-mongodbatlas_v1.3.0 plugin:

panic: runtime error: index out of range [1] with length 1

goroutine 84 [running]:
github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas.decodeStateID(0xc0000dad80, 0x14, 0xc000713550)
        github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas/provider.go:237 +0x505
github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas.resourceMongoDBAtlasProjectIPAccessListRead(0x10218c8, 0xc0006eaa80, 0xc00020d280, 0xddb840, 0xc00039f8b0, 0xc00015e5f0, 0x616d65686373, 0x40e0f8)
        github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas/resource_mongodbatlas_project_ip_access_list.go:185 +0x137
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc00044b340, 0x1021900, 0xc0000fe2a0, 0xc00020d280, 0xddb840, 0xc00039f8b0, 0x0, 0x0, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:359 +0x17f
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc00044b340, 0x1021900, 0xc0000fe2a0, 0xc0003a7c70, 0xddb840, 0xc00039f8b0, 0xc00058aed8, 0x0, 0x0, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:650 +0x230
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc00000c090, 0x1021858, 0xc0000fe2a0, 0xc00018c2c0, 0xf020ea, 0x12, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:613 +0x4bb
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadResource(0xc000332320, 0x1021900, 0xc0000f19e0, 0xc0006ea240, 0x0, 0x0, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:746 +0x430
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler(0xec0100, 0xc000332320, 0x1021900, 0xc0000f19e0, 0xc0006ea1e0, 0x0, 0x1021900, 0xc0000f19e0, 0xc0000fc000, 0xb8)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:349 +0x214
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0002ae700, 0x102ab98, 0xc0004761a0, 0xc0005d5c20, 0xc000614cf0, 0x14ff6b0, 0x0, 0x0, 0x0)
        google.golang.org/[email protected]/server.go:1282 +0x52b
google.golang.org/grpc.(*Server).handleStream(0xc0002ae700, 0x102ab98, 0xc0004761a0, 0xc0005d5c20, 0x0)
        google.golang.org/[email protected]/server.go:1619 +0xd0c
google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc0003c0190, 0xc0002ae700, 0x102ab98, 0xc0004761a0, 0xc0005d5c20)
        google.golang.org/[email protected]/server.go:921 +0xab
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:919 +0x1fd

Error: The terraform-provider-mongodbatlas_v1.3.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

We detect that for some reasons a state file was created but the target resource was not, so the code does not call ImportState function leading to an invalid resourceData ID (not a base64 encoded values)

Link to any related issue(s):

Type of change:

• [ x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
• [ ] This change requires a documentation update
• [ ] Documentation fix/enhancement

Required Checklist:

• [x ] I have signed the MongoDB CLA
• [ x] I have read the Terraform contribution guidelines
• [x ] I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
• [ x] I have added any necessary documentation (if appropriate)
• [ x] I have run make fmt and formatted my code

Further comments

[themantissa]

@abdelazizhd thank you for the submission and for signing the CLA. The team will review and provide feedback, if required.

[themantissa]

Internal ticket INTMDB-312

[themantissa]

Hi @abdelazizhd, Our engineers took a look and feel it would be much better to get to the root cause of the potential bug than work around it. Any chance you can get us the output of the terraform config crossplane produces? That would allow us to perhaps repro this and get to the cause.

cc @martinstibbe

[themantissa]

@abdelazizhd wanted to ping you on my above comment again and see if you had any input? We are getting closer to release so wanted to check in or we'll likely close this PR as abandoned.

[bitgandtter]

Hello @themantissa in the description of the PR its the output of the terraform apply, but just to enhance the answer find below the output of latest terraform plan

╷
│ Error: Plugin did not respond
│ 
│   with mongodbatlas_project_ip_access_list.m-aa-all,
│   on main.tf.json line 1, in resource.mongodbatlas_project_ip_access_list.m-aa-all:
│    1: {"provider":{"mongodbatlas":null},"resource":{"mongodbatlas_project_ip_access_list":{"m-aa-all":{"cidr_block":"0.0.0.0/0","comment":"all","lifecycle":{"prevent_destroy":true},"project_id":"62967975f62919381e8b1b24"}}},"terraform":{"required_providers":{"mongodbatlas":{"source":"terraform-providers/mongodbatlas","version":"1.2.0"}}}}
│ 
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-mongodbatlas_v1.2.0 plugin:

panic: runtime error: index out of range [1] with length 1

goroutine 31 [running]:
github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas.decodeStateID(0xc0003ab3b8, 0x8, 0xfd30b8)
        github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas/provider.go:229 +0x23f
github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas.resourceMongoDBAtlasProjectIPAccessListRead(0xfd3128, 0xc0003bf200, 0xc0000b3c00, 0xd99a00, 0xc000417310, 0xc00001db90, 0xc000427878, 0x40e0f8)
        github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas/resource_mongodbatlas_project_ip_access_list.go:182 +0x97
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc000328700, 0xfd30b8, 0xc0003b13c0, 0xc0000b3c00, 0xd99a00, 0xc000417310, 0x0, 0x0, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:358 +0x17f
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc000328700, 0xfd30b8, 0xc0003b13c0, 0xc000355ba0, 0xd99a00, 0xc000417310, 0xc00000f818, 0x0, 0x0, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:635 +0x1cb
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc00000d368, 0xfd30b8, 0xc0003b13c0, 0xc0003b1400, 0xebc1a2, 0x12, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:576 +0x47d
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadResource(0xc0000b2b80, 0xfd3160, 0xc0003b13c0, 0xc0003be840, 0x0, 0x0, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:553 +0x322
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler(0xe7afc0, 0xc0000b2b80, 0xfd3160, 0xc0006fa870, 0xc0003be7e0, 0x0, 0xfd3160, 0xc0006fa870, 0xc0003ca0b0, 0xaa)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:344 +0x214
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001728c0, 0xfdc3b8, 0xc000592d80, 0xc0000a0c60, 0xc000338d50, 0x14957b0, 0x0, 0x0, 0x0)
        google.golang.org/[email protected]/server.go:1286 +0x52b
google.golang.org/grpc.(*Server).handleStream(0xc0001728c0, 0xfdc3b8, 0xc000592d80, 0xc0000a0c60, 0x0)
        google.golang.org/[email protected]/server.go:1609 +0xd0c
google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000270220, 0xc0001728c0, 0xfdc3b8, 0xc000592d80, 0xc0000a0c60)
        google.golang.org/[email protected]/server.go:934 +0xab
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:932 +0x1fd

Error: The terraform-provider-mongodbatlas_v1.2.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

[bitgandtter]

also as stated on the main description

We detect that for some reasons a state file was created but the target resource was not, so the code does not call ImportState function leading to an invalid resourceData ID (not a base64 encoded values)

the fix was about to not trust that initial (wrong) state

[martinstibbe]

@bitgandtter Is there a way to see the terraform output that the terraform-jet provider assembles dynamically ? as I would like to replicate this use case to see what root cause is

[bitgandtter]

@martinstibbe do you mean the terraform file with the instructions? or any other?

[martinstibbe]

Yes an example instructions if available that I can run to get familiar with the flow to run jet provider Thanks

[bitgandtter]

below its the .json file

{"provider":{"mongodbatlas":null},"resource":{"mongodbatlas_project_ip_access_list":{"m-aa-all":{"cidr_block":"0.0.0.0/0","comment":"all","lifecycle":{"prevent_destroy":true},"project_id":"someid"}}},"terraform":{"required_providers":{"mongodbatlas":{"source":"terraform-providers/mongodbatlas","version":"1.2.0"}}}}

[martinstibbe]

@bitgandtter I used kind installed kubectl crossplane install provider crossplane/provider-jet-mongodbatlas:v0.3.0 then in examples/project directory changed projectid and ran ``` kubectl apply -f ipaccesslist.yaml ipaccesslist.project.mongodbatlas.jet.crossplane.io/default created

It created this in my atlas project 0.0.0.0/32	Example IP access list

Not sure how you are getting this error

[bitgandtter]

The project exists before you intent to create the IP whitelist? If the answer it's yes then it does not represent the issue. Your need to use the provider to create both the project and the IP whitelist at the same time. K8s + crossplane will try to create both. Observing status of then till fulfillment

[martinstibbe]

@bitgandtter Are you doing this with a composite resource ? as I was applying project.yaml then setting projectid in ipaccess.yaml after project created. Do you have example of this composite yaml you apply I could see to replicate

[bitgandtter]

find the resources at https://gist.github.com/bitgandtter/339847a58740cc09447bace5226a9717 notice that's a part of a helm chart that replaces the values. as you can see are two diff resources not a composite

[themantissa]

We are continuing to work to find the root cause @bitgandtter, fyi.

[bitgandtter]

Thanks, we are kind of stuck here. If we can be of any help

[luebken]

This is what we found:

The manifest for the IPAccessList contains an external-name annotation and what's specified there as the external-name is not formatted correctly. The following should do the job (the Crossplane external-name annotation on IPAccessList removed and also the harmless metadata.annotations["externalName"], which is not honored by Crossplane, removed):

apiVersion: mongodbatlas.jet.crossplane.io/v1alpha1
kind: Project
metadata:
  name: {{ .Values.name }}
spec:
  providerConfigRef:
    name: {{ .Values.provider }}
  forProvider:
    orgId: {{ .Values.orgId }}
---
apiVersion: project.mongodbatlas.jet.crossplane.io/v1alpha1
kind: IPAccessList
metadata:
  name: {{ printf "%s-%s" $.Values.name (trim .comment) }}
spec:
  providerConfigRef:
    name: {{ $.Values.provider }}
  forProvider:
    projectIdRef:
      name: {{ $.Values.name }}
    cidrBlock: {{ .cidrBlock }}
    comment: {{ .comment }}

I could successfully provision a new project and a new IP access list for the project using the following manifests:

apiVersion: mongodbatlas.jet.crossplane.io/v1alpha1
kind: Project
metadata:
  name: example-project-2
spec:
  providerConfigRef:
    name: default
  forProvider:
    orgId: <org ID>
---
apiVersion: project.mongodbatlas.jet.crossplane.io/v1alpha1
kind: IPAccessList
metadata:
  name: acl
spec:
  providerConfigRef:
    name: default
  forProvider:
    projectIdRef:
      name: example-project-2
    cidrBlock: 10.0.1.0/24
    comment: mycomment

TLDR; metadata.annotations["crossplane.io/external-name"] needs to be removed from the IPAccessList manifest.

The root cause is the native (Terraform) provider cannot parse the string (-<ACL comment>) that we pass as ID but unfortunately ungracefully fails & panics.

[Zuhairahmed]

Thanks for feedback luebken! Can you confirm bitgandtter / abdelazizhd if this has resolved your issue?

[bitgandtter]

Thanks for the update @Zuhairahmed we will notify you when we test it. thanks

[github-actions[bot]]

This PR has gone 30 days without any activity and meets the project’s definition of "stale". This will be auto-closed if there is no new activity over the next 30 days. If the issue is still relevant and active, you can simply comment with a "bump" to keep it open, or add the label "not_stale". Thanks for keeping our repository healthy!