Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plugin crashing when importing snowflake account #2317

Closed
sdiazben opened this issue Jan 4, 2024 · 8 comments
Closed

Plugin crashing when importing snowflake account #2317

sdiazben opened this issue Jan 4, 2024 · 8 comments
Labels
bug Used to mark issues with provider's incorrect behavior

Comments

@sdiazben
Copy link

sdiazben commented Jan 4, 2024

Terraform CLI and Provider Versions

Provider version
0.80
Terraform version
1.6.6

Terraform Configuration

resource "snowflake_account" "account" {
  provider             = snowflake
  name                 = local.account_name
  admin_name           = var.admin_name
  admin_password       = var.admin_password
  admin_rsa_public_key = var.admin_rsa_public_key
  must_change_password = false
  email                = var.email
  edition              = coalesce(var.edition, "BUSINESS_CRITICAL")
  comment              = var.comment
  region               = var.region
}

Using an s3 backend

Expected Behavior

Expected the import to work correctly given that we are using the ORGADMIN role

Actual Behavior

After calling terraform import it throws this error:

╷
│ Error: Plugin did not respond
│
│ The plugin encountered an error, and failed to respond to the plugin6.(*GRPCProvider).ConfigureProvider call. The plugin logs may contain more details.
╵
 
…

Error: The terraform-provider-snowflake_v0.80.0 plugin crashed!
 
This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Stack trace:

Stack trace from the terraform-provider-snowflake_v0.80.0 plugin:
 
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1362778]
 
goroutine 24 [running]:
crypto/rsa.(*PrivateKey).Public(...)
        crypto/rsa/rsa.go:123
github.com/snowflakedb/gosnowflake.prepareJWTToken(0xc000a92c00)
        [github.com/snowflakedb/[email protected]/auth.go:462](mailto:github.com/snowflakedb/[email protected]/auth.go:462) +0x38
github.com/snowflakedb/gosnowflake.createRequestBody(0xc000a29d40, 0xc000ac0670?, {{0xc00023a7c0, 0x1c}, {0x1d6b54b, 0x5}, {0xc0000a8470, 0x8}, {0x1d7bb7f, 0x9}}, ...)
        [github.com/snowflakedb/[email protected]/auth.go:425](mailto:github.com/snowflakedb/[email protected]/auth.go:425) +0x429
github.com/snowflakedb/gosnowflake.authenticate.func1()
        [github.com/snowflakedb/[email protected]/auth.go:336](mailto:github.com/snowflakedb/[email protected]/auth.go:336) +0x6d
github.com/snowflakedb/gosnowflake.(*retryHTTP).execute(0xc000133e68)
        [github.com/snowflakedb/[email protected]/retry.go:313](mailto:github.com/snowflakedb/[email protected]/retry.go:313) +0x207
github.com/snowflakedb/gosnowflake.postAuthRestful({0x20bf990?, 0xc0000a8000?}, 0x19?, 0xc000ac0640?, 0x1a3b740?, 0x30?, 0xc000089800?, 0xc000a65e60?)
        [github.com/snowflakedb/[email protected]/restful.go:198](mailto:github.com/snowflakedb/[email protected]/restful.go:198) +0x10f
github.com/snowflakedb/gosnowflake.postAuth({0x20bf990, 0xc0000a8000}, 0xc000a24dd0, 0x8?, 0xc0000b3588, 0x1ae7440?, 0xc000a64d50?, 0x2097bf0?)
        [github.com/snowflakedb/[email protected]/auth.go:229](mailto:github.com/snowflakedb/[email protected]/auth.go:229) +0x34d
github.com/snowflakedb/gosnowflake.authenticate({0x20bf990, 0xc0000a8000}, 0xc000a29d40, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0})
        [github.com/snowflakedb/[email protected]/auth.go:356](mailto:github.com/snowflakedb/[email protected]/auth.go:356) +0xfa8
github.com/snowflakedb/gosnowflake.authenticateWithConfig(0xc000a29d40)
        [github.com/snowflakedb/[email protected]/auth.go:547](mailto:github.com/snowflakedb/[email protected]/auth.go:547) +0x36c
github.com/snowflakedb/gosnowflake.SnowflakeDriver.OpenWithConfig({}, {_, _}, {{0xc00023a789, 0xf}, {0xc00023a780, 0x7}, {0xc00023a780, 0x0}, {0x0, ...}, ...})
        [github.com/snowflakedb/[email protected]/driver.go:43](mailto:github.com/snowflakedb/[email protected]/driver.go:43) +0x15e
github.com/snowflakedb/gosnowflake.SnowflakeDriver.Open({}, {0xc00023a780, 0xb7})
        [github.com/snowflakedb/[email protected]/driver.go:26](mailto:github.com/snowflakedb/[email protected]/driver.go:26) +0x133
github.com/luna-duclos/instrumentedsql.dsnConnector.Connect(...)
        [github.com/luna-duclos/[email protected]/connector.go:53](mailto:github.com/luna-duclos/[email protected]/connector.go:53)
github.com/luna-duclos/instrumentedsql.wrappedConnector.Connect({{{0x20aa8c0, 0x1e7d308}, {0x20aa920, 0x2e57f30}, 0x0, 0x0}, {0x20b6820, 0xc000b35280}, 0xc0007f6780}, {0x20bf990, ...})
        [github.com/luna-duclos/[email protected]/connector.go:33](mailto:github.com/luna-duclos/[email protected]/connector.go:33) +0x204
database/sql.(*DB).conn(0xc000a24d00, {0x20bf990, 0xc0000a8000}, 0x1)
        database/sql/sql.go:1387 +0x763
database/sql.(*DB).PingContext.func1(0x30?)
        database/sql/sql.go:850 +0x45
database/sql.(*DB).retry(0x0?, 0xc000134de8)
        database/sql/sql.go:1538 +0x47
database/sql.(*DB).PingContext(0xc000a24d00, {0x20bf990, 0xc0000a8000})
        database/sql/sql.go:849 +0x98
database/sql.(*DB).Ping(...)
        database/sql/sql.go:867
github.com/jmoiron/sqlx.Connect({0x1dac2a5?, 0x16?}, {0xc00023a780?, 0xc0007f6740?})
        [github.com/jmoiron/[email protected]/sqlx.go:642](mailto:github.com/jmoiron/[email protected]/sqlx.go:642) +0x4a
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk.NewClient(0x0?)
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/client.go:129 +0xb2
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/provider.ConfigureProvider(0x1d6e7c9?)
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/provider/provider.go:740 +0x18d9
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Provider).Configure(0xc000b3cba0, {0x20bfa00, 0xc000a64e40}, 0xc0007225f0)
        [github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/provider.go:296](mailto:github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/provider.go:296) +0x1c2
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ConfigureProvider(0xc00095e618, {0x20bfa00?, 0xc000a64060?}, 0xc0001364e0)
        [github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:605](mailto:github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:605) +0x3a5
github.com/hashicorp/terraform-plugin-mux/tf5to6server.v5tov6Server.ConfigureProvider({{0x20d5c00?, 0xc00095e618?}}, {0x20bfa00?, 0xc000a64060?}, 0xc000136480?)
        [github.com/hashicorp/[email protected]/tf5to6server/tf5to6server.go:48](mailto:github.com/hashicorp/[email protected]/tf5to6server/tf5to6server.go:48) +0x189
github.com/hashicorp/terraform-plugin-mux/tf6muxserver.(*muxServer).ConfigureProvider(0xc0002d0150, {0x20bfa00?, 0xc00019fd10?}, 0xc00019fce0?)
        [github.com/hashicorp/[email protected]/tf6muxserver/mux_server_ConfigureProvider.go:28](mailto:github.com/hashicorp/[email protected]/tf6muxserver/mux_server_ConfigureProvider.go:28) +0x156
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ConfigureProvider(0xc0009690e0, {0x20bfa00?, 0xc00019f4a0?}, 0xc0007f6240)
        [github.com/hashicorp/[email protected]/tfprotov6/tf6server/server.go:568](mailto:github.com/hashicorp/[email protected]/tfprotov6/tf6server/server.go:568) +0x2d3
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ConfigureProvider_Handler({0x1cef400?, 0xc0009690e0}, {0x20bfa00, 0xc00019f4a0}, 0xc000a56000, 0x0)
        [github.com/hashicorp/[email protected]/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:413](mailto:github.com/hashicorp/[email protected]/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:413) +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000223680, {0x20bfa00, 0xc00019f410}, {0x20cf900, 0xc00008b6c0}, 0xc000a50000, 0xc000745800, 0x2e12850, 0x0)
        [google.golang.org/[email protected]/server.go:1343](mailto:google.golang.org/[email protected]/server.go:1343) +0xe49
google.golang.org/grpc.(*Server).handleStream(0xc000223680, {0x20cf900, 0xc00008b6c0}, 0xc000a50000)
        [google.golang.org/[email protected]/server.go:1737](mailto:google.golang.org/[email protected]/server.go:1737) +0xca6
google.golang.org/grpc.(*Server).serveStreams.func1.1()
        [google.golang.org/[email protected]/server.go:986](mailto:google.golang.org/[email protected]/server.go:986) +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func1
        [google.golang.org/[email protected]/server.go:997](mailto:google.golang.org/[email protected]/server.go:997) +0x15c
 
Error: The terraform-provider-snowflake_v0.80.0 plugin crashed!
 
This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Steps to Reproduce

  1. terraform init
  2. terraform import 'snowflake_account.account["<ACCOUNT_NAME"]' "<ACCOUNT_LOCATOR>"

How much impact is this issue causing?

High

Logs

No response

Additional Information

No response

@sdiazben sdiazben added the bug Used to mark issues with provider's incorrect behavior label Jan 4, 2024
@sfc-gh-asawicki
Copy link
Collaborator

Hey @sdiazben. Thanks for reporting the issue.

Can you share the provider block from your tf config?

@sdiazben
Copy link
Author

sdiazben commented Jan 4, 2024

Hey @sdiazben. Thanks for reporting the issue.

Can you share the provider block from your tf config?

terraform
{
  required_providers {
   snowflake = {
    source = "Snowflake-Labs/snowflake"
    version = "0.80"
  }
}
backend "s3" 
{
# bucket, key, dynamo table attributes set via make target
   region = "eu-west-1"
   encrypt = true
  }
}

Sorry for the formatting

Thanks!

@sfc-gh-asawicki
Copy link
Collaborator

@sdiazben I wasn't perfectly clear in my first answer. We need provider "snowflake" {} block (https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs#example-provider-configuration) to see the configuration there.

@sdiazben
Copy link
Author

sdiazben commented Jan 4, 2024

@sdiazben I wasn't perfectly clear in my first answer. We need provider "snowflake" {} block (https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs#example-provider-configuration) to see the configuration there.

Oh sorry, my bad

provider "snowflake" {
 authenticator = "JWT"
 account = local.hub_name
 user = var.org_admin_name
 role = "ORGADMIN"
} 

Thanks!

@sfc-gh-asawicki
Copy link
Collaborator

@sdiazben this looks fine.

May I ask how you provide the config for the provider (profile file/env variables)? From the config and the logs provided, it seems that there is a problem with the private key provided. I am interested in three parameters:

  • private_key_path
  • private_key
  • private_key_passphrase.

What combination of them you are using? IMPORTANT: do not share the values.

There are two main possible reasons:

@sdiazben
Copy link
Author

sdiazben commented Jan 4, 2024

Hello,

We discovered by trying different alternatives the issue was due to incorrectly passing the account's private key, so it was an authentication error.
Would it be worth improving the exception handling for this?

@sfc-gh-asawicki
Copy link
Collaborator

This is a bit tricky because the authentication is not being done on our provider side but in the underlying driver (as you can see in the logs, the error originates in github.com/snowflakedb/gosnowflake).

I would oppose checking the correctness of the provided key on our provider side (to not couple the implementation with the underlying libraries). We can check if the key is always present with JWT authenticator type provided. I will add this to our upcoming configuration rework.

@sdiazben
Copy link
Author

sdiazben commented Jan 8, 2024

This is a bit tricky because the authentication is not being done on our provider side but in the underlying driver (as you can see in the logs, the error originates in github.com/snowflakedb/gosnowflake).

I would oppose checking the correctness of the provided key on our provider side (to not couple the implementation with the underlying libraries). We can check if the key is always present with JWT authenticator type provided. I will add this to our upcoming configuration rework.

Umm ok understood, yes that would be good to not got into panic mode 😅
Thanks! you can close the issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Used to mark issues with provider's incorrect behavior
Projects
None yet
Development

No branches or pull requests

2 participants