citizen icon indicating copy to clipboard operation
citizen copied to clipboard

Published 20 hours ago verified publisher icon outsideris

Publishing a module which has a submodule without a source field fails and causes Citizen to spike to 100% CPU usage until restarted.

Open xRokco opened this issue 1 year ago • 0 comments

Hi,

I have an issue which is causing some Citizen degradation as well as failed module publishing.

Consider the following main.tf:

module "submodule" {}

It includes a module block missing the required source parameter. This is invalid Terraform (it passes terraform fmt but fails terraform validate), however when I try to publish this is causes the publish to hang before eventually failing:

WARNING:root:2024-01-31T10:25:27.056Z citizen:client Target citizen registry server: [REDACTED]
- compress the terraform module
2024-01-31T10:25:27.079Z citizen:client files to compress: [ 'main.tf' ]
✔ compress the terraform module
- publish managed-elasticsearch/test/preview/202401.31.37523-dev0
2024-01-31T10:25:27.083Z citizen:client send post request to : [REDACTED]
✖ publish managed-elasticsearch/test/preview/202401.31.37523-dev0
RequestError: Unexpected token < in JSON at position 0
    at Request._error (/snapshot/citizen/node_modules/got/dist/source/core/index.js:1194:21)
    at /snapshot/citizen/node_modules/got/dist/source/core/index.js:1276:23
    at JSON.parse (<anonymous>)
    at /snapshot/citizen/lib/module/module.js
    at Request._error (/snapshot/citizen/node_modules/got/dist/source/core/index.js:1190:31)
    at /snapshot/citizen/node_modules/got/dist/source/core/index.js:1276:23
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  code: 'ERR_GOT_REQUEST_ERROR',
  timings: {
    start: 1706696727090,
    socket: 1706696727092,
    lookup: 1706696727096,
    connect: 1706696727097,
    secureConnect: 1706696727816,
    upload: 1706696727825,
    response: 1706696788087,
    end: 1706696788097,
    error: undefined,
    abort: undefined,
    phases: {
      wait: 2,
      dns: 4,
      tcp: 1,
      tls: 719,
      request: 9,
      firstByte: 60262,
      download: 10,
      total: 61007
    }
  }
}

It also causes the Citizen server to essentially crash: image

Requiring a terraform validate pass before a module can be published could be argued to be reasonable, but being able to DDOS the server with a dodgy publish is probably an issue.

We're still on version 0.5 of Citizen but I will try to upgrade to version 0.6 to test if this still happens there.

xRokco avatar Jan 31 '24 10:01 xRokco