terraform-provider-google_v5.9.0_x5 plugin crashed! on resource google_container_attached_cluster update

[roreviakin-clgx]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

1.6.5

Affected Resource(s)

google_container_attached_cluster

Terraform Configuration Files

resource "google_container_attached_cluster" "primary" {
  name     = var.cluster.name
  location = var.gcp_location
  project = data.google_project.project.project_id
  description = "Test cluster"
  distribution = "eks"
  oidc_config {
      issuer_url = module.eks.cluster_oidc_issuer_url
  }
  platform_version = data.google_container_attached_versions.versions.valid_versions[0]
  fleet {
    project = "projects/${data.google_project.project.number}"
  }
  authorization {
    //admin_users = [ "[email protected]", "[email protected]"]
    admin_groups = [ "admin#example.com"]
  }  
  logging_config {
    component_config {
      enable_components = ["SYSTEM_COMPONENTS", "WORKLOADS"]
    }
  }
  monitoring_config {
    managed_prometheus_config {
      enabled = true
    }
  }  
}

Debug Output

  # google_container_attached_cluster.primary will be updated in-place
  ~ resource "google_container_attached_cluster" "primary" {
        id                       = "projects/PROJECT_ID/locations/us-west1/attachedClusters/eks"
        name                     = "eks"
        # (17 unchanged attributes hidden)

      + authorization {
          + admin_groups = [
              + "ADMIN@GROUP",
            ]
        }




      ~ monitoring_config {
          ~ managed_prometheus_config {
              ~ enabled = false -> true
            }
        }

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Panic Output

https://gist.github.com/roreviakin-clgx/67293bfc557f83f5fa9e2ef4496f1635

Expected Behavior

added authorisation section to resource it should be updated

Actual Behavior

panic raised

Steps to Reproduce

deploy resource google_container_attached_cluster without authorisation, after add authorisation and apply again

Important Factoids

References

• #0000

b/316328522

[melinath]

Panic output is:

panic: interface conversion: interface {} is nil, not []interface {}

goroutine 282 [running]:
github.com/hashicorp/terraform-provider-google/google/services/containerattached.flattenContainerAttachedClusterAuthorization({0x3522f00?, 0xc00198e750}, 0x3af544d?, 0xd?)
	github.com/hashicorp/terraform-provider-google/google/services/containerattached/resource_container_attached_cluster.go:1174 +0x455

This corresponds to https://github.com/hashicorp/terraform-provider-google/blob/v5.9.0/google/services/containerattached/resource_container_attached_cluster.go#L1174

orig := v.(map[string]interface{})["adminUsers"].([]interface{})

So it looks like adminUsers is not present in the "authorization" field of the API response. We have tests that exercise the authorization field (and pass in our nightly builds) but they all set both admin_users and admin_groups - possibly the adminUsers field is not returned if there's no value?

I'm not able to run tests locally easily - I think there's some additional setup required - so I'm digging into this some more before handing off.

It looks like the authorization field uses a custom flattener: https://github.com/GoogleCloudPlatform/magic-modules/blob/6afde3f9effd7c1c7298108a856395f220421201/mmv1/products/containerattached/Cluster.yaml#L287 This was added in GoogleCloudPlatform/magic-modules#6858 - I'm a little surprised it was necessary.

This will need to be fixed there. Created a quick PR at GoogleCloudPlatform/magic-modules#9627 to double-check that this is reproducible.

[melinath]

The test failed in the same way. Unfortunately since it's a panic I can't verify the API behavior from those results.

[roreviakin-clgx]

Just FYI with admin_users and admin_groups together its not failing

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.