Provider crashes when rolling strategy is used to update a CloudFoundry app

[srba-stankovic]

Hi,

when I try to update a CloudFoundry app, that uses the rolling deployment strategy, with a new Docker image, the update looks to be working as expected, but, the final step crashes.

Here is the app definition:

resource "cloudfoundry_app" "app-router" {
  name                 = "app-router"
  strategy             = "rolling"
  space                = var.vcap_services.services.cf_space_id
  memory               = var.memory
  timeout              = 600
  health_check_timeout = 600
  instances            = var.instances
  docker_image         = var.docker_image_name
  source_code_hash     = local.source_code_hash
  labels = {
    app = "app-router"
  }
  annotations = merge(var.context.default_annotations, {
    "kubernetes.io/change-cause" = var.change_cause
    "epd_key_rotation_id"        = var.context.epd_key_rotation_id
    }
  )

  environment = {
    TENANT_HOST_PATTERN       = var.vcap_services.services.tenant_host_pattern
    SESSION_TIMEOUT           = 60
    DYNAMIC_IDENTITY_PROVIDER = true
    destinations = jsonencode([
      {
        name = "web-assistant-server"
        url  = "https://xray.hana.ondemand.com"
      },
      {
        name = "web-assistant-content"
        url  = "https://cp.hana.ondemand.com"
      },
    ])
    httpHeaders = jsonencode(var.router_http_headers)
    COOKIES = jsonencode({
      "SameSite" : "None",
      "Partitioned" : {
        "supportedPartitionAgents" : "((Chrome|Chromium)/((11[4-9])|(1[2-9][0-9])|([2-9][0-9][0-9])))|(Version/(18[.][4-9]|(19|[2-9][0-9])[.][0-9])([.][^ ]+)? (Mobile/[^ ]+ )?Safari)",
        "unsupportedPartitionAgents" : "PostmanRuntime/7[.]29[.]2"
      }
    })
    SAP_JWT_TRUST_ACL = jsonencode([{
      clientid     = "*"
      identityzone = "*"
    }])
    EXT_SESSION_MGT = jsonencode({
      instanceName  = var.vcap_services.services.redis_btp.instance_name
      storageType   = "redis"
      sessionSecret = random_string.redis-secret.result
    })
    COOKIE_BACKWARD_COMPATIBILITY = true
  }

  docker_credentials = {
    username = var.context.credentials.artifactory.user_id
    password = var.context.credentials.artifactory.reference_token
  }

  service_binding {
    service_instance = var.vcap_services.services.uaa_application.instance_id
    params = {
      "credential-type" = "binding-secret"
    }
  }
  service_binding {
    service_instance = var.vcap_services.services.saas_registry.instance_id
  }
  service_binding {
    service_instance = var.vcap_services.services.portal.instance_id
  }
  service_binding {
    service_instance = var.vcap_services.services.html5_apps_repo_app_runtime.instance_id
  }
  service_binding {
    service_instance = var.vcap_services.services.redis_btp.instance_id
  }
  service_binding {
    service_instance = cloudfoundry_service_instance.epd-visualization.id
  }
  service_binding {
    service_instance = var.vcap_services.services.epd_common.instance_id
    params = {
      "credential-type" = "binding-secret"
    }

  }
  service_binding {
    service_instance = var.vcap_services.services.feature_flags.instance_id
  }
  service_binding {
    service_instance = cloudfoundry_service_instance.ui-theme-designer.id
  }
  service_binding {
    service_instance = var.vcap_services.services.logging.instance_id
    params = {
      "capability_name" = var.context.default_annotations.plm_capability
    }
  }

  routes {
    route = cloudfoundry_route.app-router.id
  }
}

Terraform plan:

...
[2026-02-11T23:45:09.871Z]   # module.app-router[0].cloudfoundry_app.app-router will be updated in-place
[2026-02-11T23:45:09.871Z]   ~ resource "cloudfoundry_app" "app-router" {
[2026-02-11T23:45:09.871Z]       ~ docker_image                    = "vis3d.common.cdn.repositories.cloud.sap/com.sap.cloud.platform.visualization.services/app-router:3.1.740" -> "vis3d.common.cdn.repositories.cloud.sap/com.sap.cloud.platform.visualization.services/app-router:3.1.741"
[2026-02-11T23:45:09.872Z]         id                              = "684023a9-c5d2-4f9c-bba9-5681ed25aaa1"
[2026-02-11T23:45:09.872Z]         name                            = "app-router"
[2026-02-11T23:45:09.872Z]       ~ source_code_hash                = (sensitive value)
[2026-02-11T23:45:09.872Z]         # (17 unchanged attributes hidden)
[2026-02-11T23:45:09.872Z] 
[2026-02-11T23:45:09.872Z]         # (11 unchanged blocks hidden)
[2026-02-11T23:45:09.872Z]     }
...

But, the apply crashes:

...
[2026-02-11T23:46:54.587Z] module.app-router[0].cloudfoundry_app.app-router: Modifying... [id=684023a9-c5d2-4f9c-bba9-5681ed25aaa1]
[2026-02-11T23:47:05.729Z] module.app-router[0].cloudfoundry_app.app-router: Still modifying... [id=684023a9-c5d2-4f9c-bba9-5681ed25aaa1, 10s elapsed]
[2026-02-11T23:47:15.982Z] module.app-router[0].cloudfoundry_app.app-router: Still modifying... [id=684023a9-c5d2-4f9c-bba9-5681ed25aaa1, 20s elapsed]
[2026-02-11T23:47:26.231Z] module.app-router[0].cloudfoundry_app.app-router: Still modifying... [id=684023a9-c5d2-4f9c-bba9-5681ed25aaa1, 30s elapsed]
[2026-02-11T23:47:34.600Z] 
[2026-02-11T23:47:34.600Z] Error: Plugin did not respond
[2026-02-11T23:47:34.600Z] 
[2026-02-11T23:47:34.600Z]   with module.app-router[0].cloudfoundry_app.app-router,
[2026-02-11T23:47:34.600Z]   on ../../modules/common/app-router/main.tf line 55, in resource "cloudfoundry_app" "app-router":
[2026-02-11T23:47:34.601Z]   55: resource "cloudfoundry_app" "app-router" {
[2026-02-11T23:47:34.601Z] 
[2026-02-11T23:47:34.601Z] The plugin encountered an error, and failed to respond to the
[2026-02-11T23:47:34.601Z] plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain
[2026-02-11T23:47:34.601Z] more details.
[2026-02-11T23:47:34.601Z] 
[2026-02-11T23:47:34.601Z] Stack trace from the terraform-provider-cloudfoundry_v0.54.0 plugin:
[2026-02-11T23:47:34.601Z] 
[2026-02-11T23:47:34.601Z] panic: interface conversion: interface {} is types.OptionalObject, not map[string]interface {}
[2026-02-11T23:47:34.601Z] 
[2026-02-11T23:47:34.601Z] goroutine 141 [running]:
[2026-02-11T23:47:34.601Z] github.com/terraform-providers/terraform-provider-cloudfoundry/cloudfoundry.AppDeployV3ToResourceData(_, {{{0xc000056d50, 0x24}, {0x0, 0x0}, {0x0, 0x0, 0x0}, {0xc00061a810, 0x6}, ...}, ...})
[2026-02-11T23:47:34.601Z] 	github.com/terraform-providers/terraform-provider-cloudfoundry/cloudfoundry/structures_app.go:403 +0x13a6
[2026-02-11T23:47:34.601Z] github.com/terraform-providers/terraform-provider-cloudfoundry/cloudfoundry.resourceAppUpdate({0x12a5820?, 0xc00067a0f0?}, 0xc0005b8600, {0x1028600, 0xc000607e00})
[2026-02-11T23:47:34.601Z] 	github.com/terraform-providers/terraform-provider-cloudfoundry/cloudfoundry/resource_cf_app.go:454 +0x5d8
[2026-02-11T23:47:34.601Z] github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xc0003d3420, {0x12a5820, 0xc00067a0f0}, 0xc0005b8600, {0x1028600, 0xc000607e00})
[2026-02-11T23:47:34.601Z] 	github.com/hashicorp/terraform-plugin-sdk/v2@v2.31.0/helper/schema/resource.go:812 +0x119
[2026-02-11T23:47:34.601Z] github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc0003d3420, {0x12a5820, 0xc00067a0f0}, 0xc0001aba00, 0xc0005b8480, {0x1028600, 0xc000607e00})
[2026-02-11T23:47:34.601Z] 	github.com/hashicorp/terraform-plugin-sdk/v2@v2.31.0/helper/schema/resource.go:919 +0x83a
[2026-02-11T23:47:34.601Z] github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc0003bc0c0, {0x12a5820?, 0xc00067a030?}, 0xc00041c6e0)
[2026-02-11T23:47:34.601Z] 	github.com/hashicorp/terraform-plugin-sdk/v2@v2.31.0/helper/schema/grpc_provider.go:1074 +0xd5c
[2026-02-11T23:47:34.601Z] github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc0002b75e0, {0x12a5820?, 0xc000508d20?}, 0xc000666000)
[2026-02-11T23:47:34.601Z] 	github.com/hashicorp/terraform-plugin-go@v0.20.0/tfprotov5/tf5server/server.go:859 +0x56f
[2026-02-11T23:47:34.601Z] github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x10d1180, 0xc0002b75e0}, {0x12a5820, 0xc000508d20}, 0xc000198b00, 0x0)
[2026-02-11T23:47:34.601Z] 	github.com/hashicorp/terraform-plugin-go@v0.20.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:503 +0x1a6
[2026-02-11T23:47:34.601Z] google.golang.org/grpc.(*Server).processUnaryRPC(0xc00025c5a0, {0x12a5820, 0xc000508c90}, {0x12abe60, 0xc000478000}, 0xc00016cfc0, 0xc0003bbc50, 0x1a42df8, 0x0)
[2026-02-11T23:47:34.601Z] 	google.golang.org/grpc@v1.60.0/server.go:1372 +0xdd1
[2026-02-11T23:47:34.601Z] google.golang.org/grpc.(*Server).handleStream(0xc00025c5a0, {0x12abe60, 0xc000478000}, 0xc00016cfc0)
[2026-02-11T23:47:34.601Z] 	google.golang.org/grpc@v1.60.0/server.go:1783 +0xfb8
[2026-02-11T23:47:34.601Z] google.golang.org/grpc.(*Server).serveStreams.func2.1()
[2026-02-11T23:47:34.601Z] 	google.golang.org/grpc@v1.60.0/server.go:1016 +0x59
[2026-02-11T23:47:34.601Z] created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 51
[2026-02-11T23:47:34.602Z] 	google.golang.org/grpc@v1.60.0/server.go:1027 +0x106
[2026-02-11T23:47:34.602Z] 
[2026-02-11T23:47:34.602Z] Error: The terraform-provider-cloudfoundry_v0.54.0 plugin crashed!
[2026-02-11T23:47:34.602Z] 
[2026-02-11T23:47:34.602Z] This is always indicative of a bug within the plugin. It would be immensely
[2026-02-11T23:47:34.602Z] helpful if you could report the crash with the plugin's maintainers so that it
[2026-02-11T23:47:34.602Z] can be fixed. The output above should help diagnose the issue.
[2026-02-11T23:47:34.602Z] 
...

Looks like it is failing when processing the modification completion.

The workaround is to use a blue-green deployment, but, I would like to use a rolling deployment as it is faster.