Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when changing name of aws.secretsmanager.Secret() resource #2900

Closed
dmrvaakari opened this issue Oct 18, 2023 — with Slack · 4 comments
Closed

Error when changing name of aws.secretsmanager.Secret() resource #2900

dmrvaakari opened this issue Oct 18, 2023 — with Slack · 4 comments
Assignees
@t0yv0 @VenelinMartinov
Labels
impact/panic This bug represents a panic or unexpected crash kind/bug Some behavior is incorrect or out of spec p1 A bug severe enough to be the next item assigned to an engineer resolution/fixed This issue was fixed
Milestone
0.96

Comments

@dmrvaakari Slack
Copy link

dmrvaakari commented Oct 18, 2023
edited by VenelinMartinov
Loading

Hi,
I generate a random password with

random.RandomPassword(
...
    keepers={
        "engine": engine,
        "instance_class": db_instance_class,
        "username": master_db_username,
    },
)
aws.rds.Instance(
...
    password=random_password_provider.result
)

and save it in AWS Secrets Manager

# Create an AWS Secrets Manager secret for the master password
master_password_secret = aws.secretsmanager.Secret(
    master_secret_resource_name,
    name=master_secret_name,
    description="Master authentication information",
    opts=pulumi.ResourceOptions(delete_before_replace=True),
)
master_password_secret_version = aws.secretsmanager.SecretVersion(
    master_secret_version_resource_name,
    secret_id=master_password_secret.id,
    secret_string=pulumi.Output.all(
        username=rds_instance.username,
        password=rds_instance.password,
        host=rds_instance.address,
        port=rds_instance.port,
        engine=rds_instance.engine,
    ).apply(
        lambda args: json.dumps(
            {
                "username": args["username"],
                "password": args["password"],
                "engine": args["engine"],
                "host": args["host"],
                "port": args["port"],
            }
        )
    ),
)

Working with secrecretsmanager seems problematic. I get errors such as this one when I want to update the secret.

     Type                                 Name                     Status                   Info
     pulumi:pulumi:Stack                  brain-dev                                         36 messages
 ~   ├─ aws:secretsmanager:Secret         devMasterPasswordSecret  **updating failed**      [diff: ~description]; 1 error
 +-  ├─ aws:secretsmanager:SecretVersion  akari/brain/dev          **replacing failed**     1 error
     └─ aws:rds:Instance                  devinstance              **failed**               1 error
Diagnostics:
  pulumi:pulumi:Stack (brain-dev):
    panic: interface conversion: interface {} is nil, not map[string]interface {}
    goroutine 111 [running]:
    <http://github.com/hashicorp/go-cty/cty.Value.GetAttr({{{0xfb93078|github.com/hashicorp/go-cty/cty.Value.GetAttr({{{0xfb93078>?, 0xc00cd3b8e8?}}, {0x0?, 0x0?}}, {0xe5dbd51, 0x8})
        /home/runner/go/pkg/mod/github.com/hashicorp/[email protected]/cty/value_ops.go:711 +0x2de       
    <http://github.com/hashicorp/terraform-provider-aws/internal/provider.tagsResourceInterceptor.run({0xc002f25f20|github.com/hashicorp/terraform-provider-aws/internal/provider.tagsResourceInterceptor.run({0xc002f25f20>?, 0xe8cfd30?, 0xe8cfd28?}, {0xfb92c50, 0xc0085e37d0}, {0xfba3a18, 0xc006a6df00}, {0xe56fa80?, 0xc001088b60?}, 0x1, ...)
        /home/runner/work/pulumi-aws/pulumi-aws/upstream/internal/provider/intercept.go:250 +0x143a
    <http://github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0xcaa0160|github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0xcaa0160>?, {0xe56fa80?, 0xc001088b60?})
        /home/runner/work/pulumi-aws/pulumi-aws/upstream/internal/provider/intercept.go:100 +0x169
    <http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xfb92d30|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xfb92d30>?, {0xfb92d30?, 0x1a8050e0?}, 0xd?, {0xe56fa80?, 0xc001088b60?})
        /home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:812 +0x7a
    <http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc002f97ce0|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc002f97ce0>, {0xfb92d30, 0x1a8050e0}, 0xc008938d00, 0xc006a6dd00, {0xe56fa80, 0xc001088b60})
        /home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:924 +0x83a
    <http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply({0xc000a6e240|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply({0xc000a6e240>?, {0xc00019c740?, 0x0?, 0xc00cd6f4c8?}}, {0xe698622, 0x19}, {0xfb93178?, 0xc002126678}, {0xfba34c8, 0xc006a6dd00})
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/pkg/tfshim/sdk-v2/provider.go:100 +0x165
    <http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0xc000555b80|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0xc000555b80>, {0xfb92c50?, 0xc00831c420?}, 0xc000de7b00)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/pkg/tfbridge/provider.go:975 +0x8ac
    <http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update.func1({0xfbc2718|github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update.func1({0xfbc2718>?, 0xc000555b80?})
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:356 +0x33
    <http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.resourceMethod[...](0xc00cb04d70|github.com/pulumi/pulumi-terraform-bridge/x/muxer.resourceMethod[...](0xc00cb04d70>?, 0x40, 0xc00cd6f778?)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:303 +0xb5
    <http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update(0x0|github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update(0x0>?, {0xfb92c50?, 0xc00831c420?}, 0x40?)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:355 +0x65
    <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1({0xfb92c50|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1({0xfb92c50>, 0xc00831c420}, {0xe17eae0?, 0xc000de7b00})
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/[email protected]/proto/go/provider_grpc.pb.go:609 +0x75
    <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0xfb92c50|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0xfb92c50>, 0xc007dd5f20}, {0xe17eae0, 0xc000de7b00}, 0xc009e2c560, 0xc002126600)
        /home/runner/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/go/otgrpc/server.go:57 +0x3d0
    <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler({0xe3dc980|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler({0xe3dc980>?, 0xc00cb04d70}, {0xfb92c50, 0xc007dd5f20}, 0xc009e2bc70, 0xc00b24ea40)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/[email protected]/proto/go/provider_grpc.pb.go:611 +0x135
    <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc000700000|google.golang.org/grpc.(*Server).processUnaryRPC(0xc000700000>, {0xfba59e0, 0xc0097061a0}, 0xc00cd44900, 0xc0086cf590, 0x1a792a70, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:1360 +0xe15
    <http://google.golang.org/grpc.(*Server).handleStream(0xc000700000|google.golang.org/grpc.(*Server).handleStream(0xc000700000>, {0xfba59e0, 0xc0097061a0}, 0xc00cd44900, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:1737 +0x9e7
    <http://google.golang.org/grpc.(*Server).serveStreams.func1.1()|google.golang.org/grpc.(*Server).serveStreams.func1.1()>
        /home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:982 +0x8d
    created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1> in goroutine 23
        /home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:980 +0x165

  aws:secretsmanager:SecretVersion (akari/brain/dev):
    error: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:58132: connectex: No connection could be made because the target machine actively refused it."

  aws:secretsmanager:Secret (devMasterPasswordSecret):
    error: error reading from server: read tcp 127.0.0.1:58136-&gt;127.0.0.1:58132: wsarecv: An existing connection was forcibly closed by the remote host.

  aws:rds:Instance (devinstance):
    error: error reading from server: read tcp 127.0.0.1:58136-&gt;127.0.0.1:58132: wsarecv: An existing connection was forcibly closed by the remote host.

Outputs:

I am not certain if this is the right workflow for creating and storing passwords in Pulumi. I save the password in Secrets Manager so that my app can retrieve it from there to access the DB. (I create another non-master db role too. The workflow is the same above.)

What is the right/recommended workflow in Pulumi Python to create and save passwords when creating infra for use in app code?

Slack Message
@Frassle Frassle transferred this issue from pulumi/pulumi Oct 18, 2023
@dmrvaakari
Copy link
Author

pulumi version
v3.89.0

on Windows with Python 3.11

my requirements.txt has:
pulumi>=3.0.0,<4.0.0
pulumi-aws>=6.0.2,<7.0.0
pulumi_awsx
pulumi_postgresql
pulumi_random

@mikhailshilkov mikhailshilkov added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Oct 23, 2023
@mikhailshilkov
Copy link
Member

@t0yv0 @VenelinMartinov is this the same as #2904?

@mikhailshilkov mikhailshilkov added impact/panic This bug represents a panic or unexpected crash p1 A bug severe enough to be the next item assigned to an engineer and removed needs-triage Needs attention from the triage team labels Oct 26, 2023
@mikhailshilkov mikhailshilkov added this to the 0.96 milestone Oct 26, 2023
@t0yv0
Copy link
Member

t0yv0 commented Nov 13, 2023

I've tried quickly if I can reproduce the problem here but unfortunately it does not reproduce for me. It tried variations of this program to generate update scenarios on Secret and replace scenarios on SecretVersion at pulumi-aws 6.0.2 and 6.8.0 but it did not panic for me. I'll continue with the repro in 2904.

"""An AWS Python Pulumi program"""

import pulumi
import pulumi_aws as aws
import pulumi_random as random
import json


pw = random.RandomPassword("mypassword",
                           length=12,
                           special=True,
                           override_special="!#$%&*()-_=+[]{}<>:?")


mysecret = aws.secretsmanager.Secret(
    "mysecret",
    opts=pulumi.ResourceOptions(delete_before_replace=True),
    description="Master authentication information1",
)

aws.secretsmanager.SecretVersion(
    "mysecretversion",
    secret_id=mysecret.id,
    secret_string=pulumi.Output.all(
        username='myuserg',
        password=pw.result,
        host='myhost',
        port=999,
        engine='v12',
    ).apply(
        lambda args: json.dumps(
            {
                "username": args["username"],
                "password": args["password"],
                "engine": args["engine"],
                "host": args["host"],
                "port": args["port"],
            }
        )
    ))

@t0yv0 t0yv0 mentioned this issue Nov 15, 2023
Merged
4 tasks
t0yv0 added a commit that referenced this issue Nov 15, 2023
@t0yv0
Upgrade terraform provider aws to v5.25.0 (#2998)
c0b357e 
[Upstream v5.25.0 release
notes](https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.25.0)

Fixes #2983, #2904, #2971, #2900

- [x] Rebuild eks.Cluster patches; upstream moved to AWS SDK v2 for Go,
patches needed updates as well
- [x] Fix pulumi/pulumi-terraform-bridge#1523
in the bridge
- [x] Update bridge to include
pulumi/pulumi-terraform-bridge#1521 and
pulumi/pulumi-terraform-bridge#1520 fixes
affecting P1s in pulumi-aws
- [x] Build a Pulumi test for EKS Cluster add-on removal -> turns out
the property is a no-op, not needed
@t0yv0
Copy link
Member

t0yv0 commented Nov 15, 2023

While we could not reproduce this issue exactly, an issue with a very similar-looking stack trace got fixed in v6.9.0. Please open another issue if this surfaces again.

@t0yv0 t0yv0 added the resolution/fixed This issue was fixed label Nov 15, 2023
@t0yv0 t0yv0 closed this as completed Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@t0yv0 t0yv0

@VenelinMartinov VenelinMartinov

Labels
impact/panic This bug represents a panic or unexpected crash kind/bug Some behavior is incorrect or out of spec p1 A bug severe enough to be the next item assigned to an engineer resolution/fixed This issue was fixed
Projects
None yet
Milestone
0.96
Development

No branches or pull requests
4 participants
@t0yv0 @mikhailshilkov @VenelinMartinov @dmrvaakari