Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pass_password with concurrency fails because of git locks. #20

Open
tommij opened this issue Nov 19, 2018 · 1 comment
Open

pass_password with concurrency fails because of git locks. #20

tommij opened this issue Nov 19, 2018 · 1 comment

Comments

@tommij
Copy link

tommij commented Nov 19, 2018

example:

provider "pass" {
  refresh_store = false
}
resource "pass_password" "a" {
  path = "test/a"
  password = "a"
}
resource "pass_password" "b" {
  path = "test/b"
  password = "b"
}
resource "pass_password" "c" {
  path = "test/c"
  password = "c"
}

results in:

pass_password.b: Creating...
  password: "" => "b"
  path:     "" => "test/b"
pass_password.a: Creating...
  password: "" => "a"
  path:     "" => "test/a"
pass_password.c: Creating...
  password: "" => "c"
  path:     "" => "test/c"
pass_password.a: Creation complete after 4s (ID: test/a)

Error: Error applying plan:

2 error(s) occurred:

* pass_password.c: 1 error(s) occurred:

* pass_password.c: failed to write secret at test/c: failed to commit changes to git: exit status 128
* pass_password.b: 1 error(s) occurred:

* pass_password.b: failed to write secret at test/b: failed to push to git remote: exit status 1
pass_password.b: Creating...
  password: "" => "b"
  path:     "" => "test/b"
pass_password.a: Creating...
  password: "" => "a"
  path:     "" => "test/a"
pass_password.c: Creating...
  password: "" => "c"
  path:     "" => "test/c"
pass_password.a: Creation complete after 4s (ID: test/a)

Error: Error applying plan:

2 error(s) occurred:

* pass_password.c: 1 error(s) occurred:

* pass_password.c: failed to write secret at test/c: failed to commit changes to git: exit status 128
* pass_password.b: 1 error(s) occurred:

* pass_password.b: failed to write secret at test/b: failed to push to git remote: exit status 1

This happens on both create and destroy.
Adding dependency chaining resolves the issue:

provider "pass" {
  refresh_store = false
}
resource "pass_password" "a" {
  path = "test/a"
  password = "a"
}
resource "pass_password" "b" {
  path = "test/b"
  password = "b"
  depends_on = [ "pass_password.a" ]
}
resource "pass_password" "c" {
  path = "test/c"
  password = "c"
  depends_on = [ "pass_password.b" ]
}

But is a inflexible, as this renders the provider overly complex to use in modules.
e.g.

####module-definition
resource "pass_password" "module_a_a" {
  path = "a"
  password "a"
}
resource "pass_password" "module_a_b" {
  path = "b"
  password "b"
  depends_on [ "pass_password.module_a_a" ] 
}
output "last_pass_resource" { 
  value = "${pass_password.module_a_b.path}" # could technically use depends_on, but that has issues too.
}
#### end module definition
module "foo" {
  source = "path-to-module-definition"
}
module "bar" {
  source = "path-to-module-definition"
  dummy_param = "${module.foo.last_pass_resource}" # as modules don't have depends_on
}
module "baz" {
  source = "path-to-module-definition"
  dummy_param = "${module.bar.last_pass_resource}" 
}

Any chance this could be flagged with a semaphore + wait or similar for each operation?
The chances for race conditions are git commit + push, oftentimes giving a 6+ second window for race conditions to cause this issue?
@toabi
Copy link
Contributor

toabi commented Aug 6, 2020

Still happens… quite annoying… any plans to tackle this?

@toabi toabi mentioned this issue Aug 10, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@toabi @tommij