azuredevops_serviceendpoint_kubernetes plugin crashed

[StefanSchoof]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Terraform v1.2.8
on linux_amd64

• provider registry.terraform.io/hashicorp/azurerm v3.19.1
• provider registry.terraform.io/hashicorp/random v3.3.2
• provider registry.terraform.io/microsoft/azuredevops v0.2.2

(run in tf cloud)

Affected Resource(s)

• azuredevops_serviceendpoint_kubernetes

Terraform Configuration Files

resource "azuredevops_serviceendpoint_kubernetes" "aks_endpoint" {
  project_id            = local.ado_project_id
  service_endpoint_name = "mgmt-aks"
  apiserver_url         = format("https://%s:", azurerm_kubernetes_cluster.kubernetes.fqdn)
  authorization_type    = "Kubeconfig"
  kubeconfig {
    accept_untrusted_certs = true
    kube_config            = azurerm_kubernetes_cluster.kubernetes.kube_config_raw
  }
}
resource "azuredevops_serviceendpoint_azurecr" "bat_acr_service_connection" {
  project_id                = local.ado_project_id
  service_endpoint_name     = "acr"
  description               = "Managed by Terraform"
  resource_group            = azurerm_resource_group.resource_group.name
  azurecr_spn_tenantid      = data.azurerm_client_config.current.client_id
  azurecr_name              = azurerm_container_registry.acr.name
  azurecr_subscription_id   = data.azurerm_subscription.current.subscription_id
  azurecr_subscription_name = data.azurerm_subscription.current.display_name
}

resource "azuredevops_variable_group" "group" {
  project_id = local.ado_project_id
  name       = "aks-services-mgmt"
  variable {
    name  = "MGMT_CLUSTER_SERVICE_CONNECTION_NAME"
    value = azuredevops_serviceendpoint_kubernetes.aks_endpoint.service_endpoint_name
  }
  variable {
    name  = "MGMT_ENVIRONMENT_NAME"
    value = "mgmt"
  }
  variable {
    name  = "MGMT_PUBLIC_IP"
    value = azurerm_public_ip.nginx_ingress.ip_address
  }
}

Debug Output

https://gist.github.com/StefanSchoof/9d10a46d38a61a9df265e22635cc0fd3

Panic Output

Stack trace from the terraform-provider-azuredevops_v0.2.2 plugin:

panic: interface conversion: interface {} is map[string]interface {}, not map[interface {}]interface {}

goroutine 99 [running]:
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.expandServiceEndpointKubernetes(0xf63760?)
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_kubernetes.go:213 +0x13a6
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint.genServiceEndpointCreateFunc.func1(0x0?, {0xc7eba0?, 0xc0005d4360})
github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/service/serviceendpoint/commons.go:167 +0x73
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0xf64d80?, {0xf64d80?, 0xc0004db890?}, 0xd?, {0xc7eba0?, 0xc0005d4360?})
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:330 +0x178
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc000412380, {0xf64d80, 0xc0004db890}, 0xc0005db6c0, 0xc00012da00, {0xc7eba0, 0xc0005d4360})
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:472 +0x83a
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc0004508a0, {0xf64cd8?, 0xc000128680?}, 0xc000347b80)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:1021 +0xdaa
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc0003fcaa0, {0xf64d80?, 0xc0004da720?}, 0xc000620c40)
github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:812 +0x515
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0xdd7060?, 0xc0003fcaa0}, {0xf64d80, 0xc0004da720}, 0xc00029cc00, 0x0)
github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:385 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000278c40, {0xf67800, 0xc0004c6340}, 0xc0002f07e0, 0xc00047dec0, 0x1473ea0, 0x0)
google.golang.org/[email protected]/server.go:1282 +0xccf
google.golang.org/grpc.(*Server).handleStream(0xc000278c40, {0xf67800, 0xc0004c6340}, 0xc0002f07e0, 0x0)
google.golang.org/[email protected]/server.go:1619 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
google.golang.org/[email protected]/server.go:921 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
google.golang.org/[email protected]/server.go:919 +0x28a

Error: The terraform-provider-azuredevops_v0.2.2 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected Behavior

no panic at apply (maybe error about credential)

Actual Behavior

plugin crash

Steps to Reproduce

1. terraform apply

Important Factoids

I have also a "state:Failed statusMessage:HandleAdalServiceExceptionFromRefreshTokenUse: Failed to obtain an access token of identity 533cf407-a69e-757e-8d23-d7d3ac3e1918 using cached refresh token. Sign-in required." in the log. Possible some credential problems are causing this crash. But even a wrong credential should not cause a crash.

References

• #0000

[StefanSchoof]

I got the azuredevops_serviceendpoint_kubernetes to work. The kubeconfig.kube_config was invalid. So the devops api returned an error.

I updated this using the AzureSubscription authorization type and it works without an crash:

resource "azuredevops_serviceendpoint_kubernetes" "aks_endpoint" {
  project_id            = local.ado_project_id
  service_endpoint_name = "mgmt-aks"
  apiserver_url         = format("https://%s:", azurerm_kubernetes_cluster.kubernetes.fqdn)
  authorization_type    = "AzureSubscription"
  azure_subscription {
    cluster_name      = azurerm_kubernetes_cluster.kubernetes.name
    subscription_id   = data.azurerm_subscription.current.subscription_id
    subscription_name = data.azurerm_subscription.current.display_name
    tenant_id         = data.azurerm_subscription.current.tenant_id
    resourcegroup_id  = azurerm_resource_group.resource_group.name
  }
}

Looks like the provider is handling the error response not well.

[ccadruvi]

I got the same error:

module.azuredevops_serviceconnection.azuredevops_serviceendpoint_kubernetes.se_kubeconfig["d6602a75-eeec-43d9-9043-23633bd6cead"]: Modifying... [id=8e94e223-4560-4436-8361-3b6e6b322750]
╷
│ Error: Plugin did not respond
│
│ with module.azuredevops_serviceconnection.azuredevops_serviceendpoint_kubernetes.se_kubeconfig["d6602a75-eeec-43d9-9043-23633bd6cead"],
│ on modules/azuredevops_serviceconnection/main.tf line 10, in resource "azuredevops_serviceendpoint_kubernetes" "se_kubeconfig":
│ 10: resource "azuredevops_serviceendpoint_kubernetes" "se_kubeconfig" {
│
│ The plugin encountered an error, and failed to respond to the
│ plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may
│ contain more details.
╵
Stack trace from the terraform-provider-azuredevops_v0.2.2 plugin:
panic: interface conversion: interface {} is map[string]interface {}, not map[interface {}]interface {}

Downgrading the azure devops plugin to 0.2.1 helps, so I think this is a regression.

When I use the same kubeconfig file as passed to the azuredevops_serviceendpoint_kubernetes resource to connect to the cluster e.g. using kubectl get pods, it works fine, so the kubeconfig file should be valid.