Possible Race Condition

Question

Possible Race Condition

Closed this issue 4 years ago · 8 comments

This happens during terraform plan in 'ubuntu:bionic' container.

# terraform --version
2020/08/01 02:15:39 [INFO] Terraform version: 0.12.26  
2020/08/01 02:15:39 [INFO] Go runtime version: go1.12.13

2020/08/01 02:10:52 [TRACE] buildProviderConfig for provider.onepassword: using explicit config only
2020/08/01 02:10:52 [TRACE] GRPCProvider: GetSchema
2020-08-01T02:10:52.849Z [TRACE] plugin.stdio: waiting for stdio data
2020-08-01T02:10:52.850Z [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020/08/01 02:10:52 [TRACE] GRPCProvider: Configure
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"

Answer 1 · 2020-08-01T18:39:45.000Z

@matttrach Can you provide your op version alongside a snippet of the Terraform that generated this output?

Answer 2 · 2020-08-03T18:30:56.000Z

I do not have a one password client installed in the container, is that necessary?

Answer 3 · 2020-08-04T06:21:47.000Z

No, the client should be automatically downloaded and unzipped into /tmp/ if it can't find it in the container. Looks like version 0.7.1 which is a few releases behind.

Although I'm not convinced that that's what is causing the race. I'd love to try to recreate the issue on my side. Do you just have a data.onepassword_item_secure_note resource or is there more going on in your Terraform installation?

Answer 4 · 2020-08-05T16:58:51.000Z

There is quite a bit more, I am also using the JIRA, Openstack, and GitLab plugins. The provisioner plugins should not interfere with each other though, right?

Answer 5 · 2020-08-05T21:02:42.000Z

That sounds similar to my company setup 😄 GitHub, PagerDuty, Datadog, and Aviatrix.

It's highly unlikely for them to interfere with each other as they execute in separate processes. That said, I have been able to cause Terraform to crash (in general, not provider specific) by having a large number of modules that depend on outputs from other modules.

e.g.

module/resource
module/dependent
module/dependent
module/dependent
module/dependent
module/dependent
x100

In those situations my team has to apply -target module.resource before the dependent modules will stop crashing the plan.

Does this sound similar at all to your situation? I hope it helps!

Answer 6 · 2020-08-05T23:12:42.000Z

We have less than 30 modules overall, I don't think that is causing any problems.

Answer 7 · 2020-08-06T17:48:26.000Z

I figured it out, I have 2FA enabled for 1pass, since the 2FA is unable to send the message and 1pass is in a waiting pattern for the 2FA approval there is a loop. I was able to bypass by logging in manually using the CLI, which sets the OP_SESSION env variable and everything worked as expected.

Answer 8 · 2020-08-13T11:09:01.000Z

Thanks for explaining the problem to us. I think I can close this issue if you have any more question, please create new one issue or re-open this.