plugin crashes when using secret data tags

[skylerspaeth]

Terraform Version and Provider Version

Terraform version: 1.8.3
HCP provider version: 0.88.0

I'm on Fedora Linux x86 if it matters.

Affected Resource(s)

• At least hcp_vault_secrets_secret, but maybe others

Terraform Configuration Files

data "hcp_vault_secrets_secret" "bot_token" {
  app_name    = "non-tf-managed"
  secret_name = "bot_token"
}

data "hcp_vault_secrets_secret" "bot_owner" {
  app_name    = "non-tf-managed"
  secret_name = "bot_owner"
}

Panic Output

https://gist.github.com/skylerspaeth/9f2b66b6d47e041bf55d344c715a1c82

Steps to Reproduce

Not sure. At first only seemed to encounter the error when the secret contained only numbers. Then I would add a single alphabetical character and it would fix it. Then I would remove it and make it just a number and it would fail again. But now it's completely sporadic, so maybe it was a coincidence. It seems to work for 15 times or so, then fail for 10 or 15, then back to work. Not an exact pattern but my key take away is that if it works once it'll likely work a few more times, and if it fails, it'll likely fail a couple more times before working again.

1. terraform apply or plan

FWIW:
I'm referencing the output of those data tags in the set_sensitive values being passed to my helm_release resource like so:

data.hcp_vault_secrets_secret.bot_token.secret_value

Also these secrets aren't MANAGED by Terraform, but sometimes don't have any problem accessing their value via a data tag and so I don't think that's the issue.

Expected Behavior

100% of plans and applies DON'T give me a stack trace 🙂

Actual Behavior

It opens the browser, sometimes it successfully does the HCP auth and returns to terminal, other times it doesn't, and just takes me to a localhost page that doesn't respond: http://localhost:8443/oidc/callback?code=...

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[gonzolino]

I experience the same issue.

I think this might be related to the authentication via browser login: https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/guides/auth#user-session-with-browser-login

The panic output panic: http: multiple registrations for /oidc/callback sounds to me like multiple goroutines in the hcp provider plugin try to open an oidc callback endpoint, so but only one of them can successfully do it. So the plugin crashes, which leads to the non-responding localhost page in the browser.

[skylerspaeth]

@gonzolino do you also experience it when using secret data tags in particular or always?

[gonzolino]

I experienced it with hcp_organization and hcp_project data sources.

[cliffchapmanrbx]

Can confirm, experiencing this as well with data hcp_organization references and trying to create resources. Sure smells like goroutines fighting over who gets to set up the OIDC endpoint.

[tmatilai]

I think this might be related to the authentication via browser login

Me too. I think it doesn't matter what data sources (or even resources?) are used. Maybe change the issue title a bit to make it more generic?