Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v8.2.0 seeing failed assertions leading to panics in terraform bridge #2405

Closed
scttl opened this issue Sep 20, 2024 · 5 comments · May be fixed by pulumi/pulumi-terraform-bridge#2437
Closed
Assignees
Labels
impact/panic This bug represents a panic or unexpected crash impact/regression Something that used to work, but is now broken kind/bug Some behavior is incorrect or out of spec p1 A bug severe enough to be the next item assigned to an engineer resolution/fixed This issue was fixed

Comments

@scttl
Copy link

scttl commented Sep 20, 2024

Describe what happened

After upgrading from v8.1.0 to v8.2.0 we started encountering errors running pulumi preview or pulumi deploy of any gcp related resources:

Diagnostics:
  gcp:serviceaccount:Account (python-service-account):
    error: error reading from server: EOF

  pulumi:pulumi:Stack (my_cool_staging_stack):
    
    panic: fatal: An assertion has failed: The bridge does not accept secrets, so we should not encounter them here
    goroutine 123 [running]:
    github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/[email protected]/go/common/util/contract/failfast.go:23
    github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assertf(0x60?, {0x57dac69?, 0xc005408140?}, {0x0?, 0x410a05?, 0x8?})
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/[email protected]/go/common/util/contract/assert.go:35 +0xe8
    github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*ConfigEncoding).UnfoldProperties(0xc00449c040, 0xc002006b70)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/pkg/tfbridge/config_encoding.go:143 +0x29a
    github.com/pulumi/pulumi-terraform-bridge/pf/internal/configencoding.(*provider[...]).ConfigureWithContext(0xc00526bac0, {0x60e6d38?, 0xc002006990}, 0xc002006b70)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/internal/configencoding/provider.go:110 +0x45
    github.com/pulumi/pulumi-terraform-bridge/pf/internal/plugin.(*provider).Configure(0x55c34e0?, {0x60e6d38?, 0xc002006990?}, {0x0?})
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/internal/plugin/provider_context.go:143 +0x25
    github.com/pulumi/pulumi-terraform-bridge/pf/internal/plugin.providerThunk.Configure({{0x610dcf0?, 0xc0023365c0?}}, {0x60e6d38, 0xc002006990}, {0xffffffffffffffff?})
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/internal/plugin/provider_server.go:83 +0x76
    github.com/pulumi/pulumi/sdk/v3/go/common/resource/plugin.(*providerServer).Configure(0xc0018a6510, {0x60e6d38, 0xc002006990}, 0xc00526b900)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/[email protected]/go/common/resource/plugin/provider_server.go:314 +0x331
    github.com/pulumi/pulumi-terraform-bridge/pf/internal/plugin.(*providerServer).Configure(0x60ace60?, {0x60e6d38?, 0xc002006990?}, 0x1?)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/internal/plugin/provider_server.go:57 +0x25
    github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Configure.func1()
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:298 +0x6f
    github.com/pulumi/pulumi-terraform-bridge/x/muxer.asyncJoin[...].func1()
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:595 +0x42
    created by github.com/pulumi/pulumi-terraform-bridge/x/muxer.asyncJoin[...] in goroutine 121
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:594 +0x79

The identical code snippet (below) previews and deploys fine on v8.1.0

Sample program

index.ts;

import * as gcp from '@pulumi/gcp';

export = async () => {

  const pythonServiceAccount = new gcp.serviceaccount.Account(
    'python-service-account',
    {
      accountId: `sa-python`,
    }
  );
};

gcp related vars like project and credentials are defined in a config Pulumi.stack.yaml

Log output

No response

Affected Resource(s)

No response

Output of pulumi about

❯ pulumi about (irrelevant values redacted via ###)

CLI          
Version      3.122.0
Go Version   go1.22.7
Go Compiler  gc

Plugins
NAME        VERSION
cloudflare  5.39.0
docker      4.5.5
gcp         8.2.0
nodejs      unknown
postgresql  3.12.0
random      4.16.5

Host     
OS       nixos
Version  24.05 (Uakari)
Arch     x86_64

This project is written in nodejs: executable='/etc/profiles/per-user/scott/bin/node' version='v20.15.1'

Current Stack: ###

TYPE                                      URN
pulumi:pulumi:Stack                       urn:pulumi:###
pulumi:providers:gcp                      urn:pulumi:###::pulumi:providers:gcp::default_8_2_0
gcp:serviceaccount/account:Account        urn:pulumi:###::gcp:serviceaccount/account:Account::python-service-account


Found no pending operations associated with ###

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/###
User           ###
Organizations  ###
Token type     personal

Dependencies:
NAME                VERSION
@pulumi/cloudflare  5.39.0
@pulumi/random      4.16.5
@types/node-forge   1.3.11
@pulumi/docker      4.5.5
@pulumi/gcp         8.2.0
@pulumi/postgresql  3.12.0
@pulumi/pulumi      3.133.0
@types/node         22.5.5
node-forge          1.3.1

Pulumi locates its logs in /tmp by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

@scttl scttl added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Sep 20, 2024
@iwahbe iwahbe added impact/panic This bug represents a panic or unexpected crash p1 A bug severe enough to be the next item assigned to an engineer impact/regression Something that used to work, but is now broken labels Sep 23, 2024
@guineveresaenger guineveresaenger removed the needs-triage Needs attention from the triage team label Sep 23, 2024
@guineveresaenger
Copy link
Contributor

Hi @scttl, thank you for filing this issue.

I could reproduce this issue with the following steps:

  1. Set project: pulumi config set gcp:project <our-project>
  2. Set credentials: pulumi config set gcp:credentials <path-to-file>--secret <-- this is the issue
  3. Run pulumi up with v 8.2.0.

Additionally I've verified this does not panic on v8.1.0.
Furthermore, this does not panic on v8.2.0 unless the config value is set to --secret. But of course you need to be able to make your credentials value secret.

We're hoping to have a fix for this soon. Thank you again for reporting.

@guineveresaenger
Copy link
Contributor

Seeing the same error elsewhere: pulumi/pulumi-hcloud#603

github-merge-queue bot pushed a commit to pulumi/pulumi that referenced this issue Sep 24, 2024
Following up on pulumi/pulumi-gcp#2405, this
PR adds a comment to Configure explaining that ConfigureRequest.args may
contain secrets.
@guineveresaenger
Copy link
Contributor

Hi @scttl - we have reverted the bridge change that caused this behavior. This week's new GCP release will incorporate that version. I've verified with a local build that the changes address your issue.

Once pulumi-gcp v8.3.0 is merged and released you should be able to upgrade to that version.

Please let us know if you continue to see trouble - thank you very much for your patience here. 🙏

@guineveresaenger
Copy link
Contributor

8.3.0 is released.

Please upgrade to 8.3.0. We apologize for the trouble.

@guineveresaenger guineveresaenger added the resolution/fixed This issue was fixed label Sep 25, 2024
@scttl
Copy link
Author

scttl commented Sep 25, 2024

Thanks @guineveresaenger ! v8.3.0 works well for me too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
impact/panic This bug represents a panic or unexpected crash impact/regression Something that used to work, but is now broken kind/bug Some behavior is incorrect or out of spec p1 A bug severe enough to be the next item assigned to an engineer resolution/fixed This issue was fixed
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants