scaleway_rdb_acl breaks state after terraform apply

[FabienPapet]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.2.3 on darwin_arm64

Affected Resource(s)

• scaleway_rdb_acl

Terraform Configuration Files

resource "scaleway_rdb_acl" "acl_home" {
  instance_id = scaleway_rdb_instance.main.id
  acl_rules {
    ip = "X.X.X.X/32"
    description = "Home"
  }
}

Steps to Reproduce

1. terraform apply

Important Factoids

The rules were previously existing, but they have been created without terraform and I did not imported them with terraform import. Running terraform apply first resulted in a 409 conflict , but then the state was broken. I can't run terraform plan now :/

Stack trace from the terraform-provider-scaleway_v2.2.2 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xd964ee]

goroutine 23 [running]:
github.com/scaleway/terraform-provider-scaleway/v2/scaleway.rdbACLRulesFlattenFromSchema({0x198a060, 0x0, 0xb}, {0xc0006afac0, 0x1, 0xc000860037})
        github.com/scaleway/terraform-provider-scaleway/v2/scaleway/resource_rdb_acl.go:255 +0x52e
github.com/scaleway/terraform-provider-scaleway/v2/scaleway.resourceScalewayRdbACLRead({0x126f728, 0xc0003c63c0}, 0x7f6b649f7d28, {0xe1efc0, 0xc0002c23d0})
        github.com/scaleway/terraform-provider-scaleway/v2/scaleway/resource_rdb_acl.go:129 +0x44f
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc000016380, {0x126f760, 0xc00083c180}, 0xd, {0xe1efc0, 0xc0002c23d0})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:724 +0x12e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc000016380, {0x126f760, 0xc00083c180}, 0xc0000a8820, {0xe1efc0, 0xc0002c23d0})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:1015 +0x585
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc00031f890, {0x126f6b8, 0xc0002407c0}, 0xc00028e040)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:613 +0x574
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadResource(0xc000432640, {0x126f760, 0xc0005f4750}, 0xc000156a80)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:746 +0x48c
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0xf67b20, 0xc000432640}, {0x126f760, 0xc0005f4750}, 0xc000156a20, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:349 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000336700, {0x1280c50, 0xc0003e8000}, 0xc0000c6a20, 0xc00034a3f0, 0x1949f30, 0x0)
        google.golang.org/[email protected]/server.go:1283 +0xcf2
google.golang.org/grpc.(*Server).handleStream(0xc000336700, {0x1280c50, 0xc0003e8000}, 0xc0000c6a20, 0x0)
        google.golang.org/[email protected]/server.go:1620 +0xa2a
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/[email protected]/server.go:922 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:920 +0x294

Error: The terraform-provider-scaleway_v2.2.2 plugin crashed!

[remyleone]

Hello :) thanks for submitting a report. Could you please publish a minimal snippet of code that reproduces your setup? We need that to be able to fix it.

[FabienPapet]

Create two acls into your account, then create the terraform configuration for these two rules, then run terraform apply, this should break.

resource "scaleway_rdb_acl" "acl_webserver" {
  instance_id = scaleway_rdb_instance.main.id
  acl_rules {
    ip = "X.X.X.X/32"
    description = "VPS"
  }
}

resource "scaleway_rdb_acl" "acl_home" {
  instance_id = scaleway_rdb_instance.main.id
  acl_rules {
    ip = "X.X.X.X/32"
    description = "Home"
  }
}

[FabienPapet]

Looks like recreating by hand and run terraform plan "solves" the issue as the plugin does not crash

[FabienPapet]

It also looks like you cannot create two acl at the same time. Perhaps an issue with the scaleway API ?

[remyleone]

Yes, there is a configuration lock on the resource every time you apply an ACL. Therefore it is not possible to have two concurrent requests that modify the ACLs of an instance in one go.

[FabienPapet]

Ok, got it, but it looks like that if you create a first run terraform apply and then creating a second one , the first created is overriden.

[remyleone]

The problem occurs in this function: https://github.com/scaleway/terraform-provider-scaleway/blob/master/scaleway/resource_rdb_acl.go#L236-L262 I will try to investigate and have a setup that reproduces it in a test.

[Nevermind-s]

I do have the same issue when I try to create ACLs on RDB for the Kapsule nodes of our cluster, with the following code :

resource "scaleway_rdb_acl" "hodho_staging_rdb_kube_acls" {
  for_each = {
    for node in scaleway_k8s_pool.nodepool_general.nodes :
    node.name => node
  }
  instance_id = scaleway_rdb_instance.hodho_staging_rdb.id
  acl_rules {
    ip          = "${each.value.public_ip}/32"
    description = "${each.value.name} IP Address"
  }
}

Only one ACL was created and first resulted in a 409 conflict and then the state was broken and the plugin started crashing every time I try to run tf apply or tf plan.

╷
│ Error: Plugin did not respond
│ 
│   with scaleway_rdb_instance.hodho_staging_rdb,
│   on main.tf line 93, in resource "scaleway_rdb_instance" "hodho_staging_rdb":
│   93: resource "scaleway_rdb_instance" "hodho_staging_rdb" {
│ 
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-scaleway_v2.2.8 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x1012a3850]

goroutine 32 [running]:
github.com/scaleway/terraform-provider-scaleway/v2/scaleway.rdbACLRulesFlattenFromSchema({0x101eed508, 0x0, 0x0}, {0x14000840e40, 0x1, 0x1})
        github.com/scaleway/terraform-provider-scaleway/v2/scaleway/resource_rdb_acl.go:255 +0x4d0
github.com/scaleway/terraform-provider-scaleway/v2/scaleway.resourceScalewayRdbACLRead({0x1017c86e8, 0x14000922420}, 0x14000280800, {0x10160e220, 0x1400065a350})
        github.com/scaleway/terraform-provider-scaleway/v2/scaleway/resource_rdb_acl.go:129 +0x478
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0x140001ac7e0, {0x1017c8720, 0x140008b8210}, 0x14000280800, {0x10160e220, 0x1400065a350})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:724 +0x118
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0x140001ac7e0, {0x1017c8720, 0x140008b8210}, 0x1400025f5f0, {0x10160e220, 0x1400065a350})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:1015 +0x548
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0x1400000da58, {0x1017c8720, 0x140008b8090}, 0x14000860000)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:613 +0x658
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadResource(0x14000625540, {0x1017c8720, 0x14000269a70}, 0x1400007dec0)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:747 +0x474
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0x10175c640, 0x14000625540}, {0x1017c8720, 0x14000269a70}, 0x14000b208c0, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:349 +0x1c0
google.golang.org/grpc.(*Server).processUnaryRPC(0x140002948c0, {0x1017d9170, 0x14000128000}, 0x14000b79680, 0x14000369140, 0x101ead7d0, 0x0)
        google.golang.org/[email protected]/server.go:1295 +0xb50
google.golang.org/grpc.(*Server).handleStream(0x140002948c0, {0x1017d9170, 0x14000128000}, 0x14000b79680, 0x0)
        google.golang.org/[email protected]/server.go:1636 +0xa34
google.golang.org/grpc.(*Server).serveStreams.func1.2(0x1400011f7b0, 0x140002948c0, {0x1017d9170, 0x14000128000}, 0x14000b79680)
        google.golang.org/[email protected]/server.go:932 +0x94
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:930 +0x1f0

Error: The terraform-provider-scaleway_v2.2.8 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

I had to manually remove the states of the ACLs to make it work again, and comment my code for the ACLs creation to make it work again.

Terraform Version

Terraform v1.2.6 on darwin_arm64

• provider registry.terraform.io/scaleway/scaleway v2.2.8

Affected Resource(s)

scaleway_rdb_acl

[Monitob]

Related to #1437

[Codelax]

Fixed in #1438, it will be included in next release, coming today