Sentinel 0.22.1: panic with Terraform plugin

rosmo · July 10, 2023, 3:57pm

I’m getting a panic when adding this to my Sentinel config:

sentinel {
  features = {
    terraform = true
  }
}

Panic is:

$ sentinel apply restrict-apis.sentinel 
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x104f44c48]

goroutine 1 [running]:
github.com/hashicorp/sentinel/runtime/eval.(*evalState).recoverBailout(0x140005337d8?, 0x140005352df, 0x14000535310)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:230 +0x88
panic({0x1053a2260, 0x105bbc8c0})
        /Users/runner/actions-runner/_work/_tool/go/1.19.1/x64/src/runtime/panic.go:884 +0x204
github.com/hashicorp/sentinel-plugin-terraform/v2/import/v2/helper.(*Collection).Map(0x0?)
        /Users/runner/go/pkg/mod/github.com/hashicorp/sentinel-plugin-terraform/v2@v2.1.0/import/v2/helper/helper.go:20 +0x18
github.com/hashicorp/sentinel-sdk/framework.(*Plugin).resultReflect(0x1400048b170?, {0x1053a9000, 0x0})
        /Users/runner/go/pkg/mod/github.com/hashicorp/sentinel-sdk@v0.4.0/framework/plugin.go:231 +0x4c
github.com/hashicorp/sentinel-sdk/framework.(*Plugin).Get(0x105396ae0?, {0x1400018d328, 0x1, 0x6?})
        /Users/runner/go/pkg/mod/github.com/hashicorp/sentinel-sdk@v0.4.0/framework/plugin.go:168 +0x514
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalImportExpr(0x14000216300, 0x140001680f0, 0x140003845a0)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:2249 +0x31c
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eval(0x14000216300, {0x1054eeb08?, 0x140001680f0?}, 0x140003845a0)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:444 +0x708
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalFilterExpr(0x14000216300, 0x14000168050, 0x14000168050?)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:1104 +0x5c
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalQuantExpr(0x14000216300, 0x14000168050, 0x14000534228?)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:1224 +0x118
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eval(0x14000216300, {0x1054ee9c8?, 0x14000168050?}, 0x14000384580)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:430 +0x23c
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalAssign(0x14000216300, 0x1400037dfb0, 0x14000384580)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:539 +0x31c
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eval(0x14000216300, {0x1054ee568?, 0x1400037dfb0?}, 0x14000384580)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:344 +0x744
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalCallExpr(0x14000216300, 0x14000562540, 0x14000384570)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:1971 +0x884
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eval(0x14000216300, {0x1054ee680?, 0x14000562540?}, 0x14000384570)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:433 +0x278
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalImportExpr(0x14000216300, 0x14000560a50, 0x14000384570)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:2161 +0xec
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eval(0x14000216300, {0x1054eeb08?, 0x14000560a50?}, 0x14000384570)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:444 +0x708
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eltLoop(0x14000534b28?, {0x1054f1560?, 0x14000560a50}, 0x94?, 0x14000534b38?, 0x1054f1320?, 0x14000534ba8?)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:1285 +0x5c
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalAnyAllExpr(0x14000534bd8?, 0x140005609b0, 0x140005609b0?)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:1178 +0x68
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalQuantExpr(0x14000216300, 0x140005609b0, 0x14000384340?)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:1228 +0xe0
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eval(0x14000216300, {0x1054ee9c8?, 0x140005609b0?}, 0x14000384340)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:430 +0x23c
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalAssign(0x14000216300, 0x1400048ac60, 0x14000384340)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:539 +0x31c
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eval(0x14000216300, {0x1054ee568?, 0x1400048ac60?}, 0x14000384340)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:344 +0x744
github.com/hashicorp/sentinel/runtime/eval.(*evalState).evalFile(0x14000216300, 0x14000448360, 0x14000384340)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:813 +0x680
github.com/hashicorp/sentinel/runtime/eval.(*evalState).eval(0x14000216300, {0x1054ee7c0?, 0x14000448360?}, 0x14000384340)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:339 +0x680
github.com/hashicorp/sentinel/runtime/eval.(*evalState).Eval.func1(0x140005352e8?, 0x10461c2ec?, 0x105c13940?, 0x14000535300)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:149 +0x6c
github.com/hashicorp/sentinel/runtime/eval.(*evalState).Eval(0x14000216300)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:150 +0x1e0
github.com/hashicorp/sentinel/runtime/eval.Eval(0x140005355a8)
        /Users/runner/actions-runner/_work/sentinel/sentinel/runtime/eval/eval.go:57 +0x15c
github.com/hashicorp/sentinel/sentinel.(*Sentinel).Eval(0x14000430000, {0x1400018d2a0, 0x1, 0x12?}, 0x14000535950)
        /Users/runner/actions-runner/_work/sentinel/sentinel/sentinel/eval.go:194 +0x308
github.com/hashicorp/sentinel/cmd/apply.(*Command).Run(0x1400007b660, {0x140001880b0, 0x1, 0x1})
        /Users/runner/actions-runner/_work/sentinel/sentinel/cmd/apply/apply.go:282 +0x116c
github.com/mitchellh/cli.(*CLI).Run(0x1400016db80)
        /Users/runner/go/pkg/mod/github.com/mitchellh/cli@v1.0.0/cli.go:255 +0x4a8
main.realMain()
        /Users/runner/actions-runner/_work/sentinel/sentinel/cmd/sentinel/main.go:37 +0x10c
main.main()
        /Users/runner/actions-runner/_work/sentinel/sentinel/cmd/sentinel/main.go:11 +0x1c

Details:

$ sentinel version
Sentinel v0.22.1
$ uname -a
Darwin taneli-macbookpro.roam.internal 22.5.0 Darwin Kernel Version 22.5.0: Thu Jun  8 22:22:20 PDT 2023; root:xnu-8796.121.3~7/RELEASE_ARM64_T6000 arm64

Or maybe this is not intended to work and you can’t really run Sentinel locally? (Seems like the only issue is getting the actual plan instead of a mock in…)

cam-stitt · July 10, 2023, 9:26pm

Hi @rosmo, Thanks for reaching out. I have a couple of questions about the rest of the setup. Do you have a policy that is making use of one of the Terraform imports? Have you configured the imports within your configuration? I can see that there is a missing section of docs that would potentially explain the issue.

If you can let me know the import you are using, I’ll share a snippet of how to configure it correctly.

rosmo · July 11, 2023, 12:25pm

You’re right, I was missing the import with plan_path. The plugin documentation page is/was erroring out for me (a well timed Esc fixed it - must be some JS problem), so I was missing it. But adding the import makes it work properly.

cam-stitt · July 12, 2023, 2:36am

@rosmo that is great to hear! I added the import configuration documentation yesterday as I realized it was missing. Thanks again for reaching out.