search

F5Networks / terraform-provider-bigip

Terraform resources that can configure F5 BIG-IP products
https://registry.terraform.io/providers/F5Networks/bigip/latest/docs
Mozilla Public License 2.0
103 stars 119 forks source link

Provider returns 401 Unauthorized after upgrade to 15.1.5.1 for users with token authorization #637

Closed PanSiwek closed 2 years ago

PanSiwek commented 2 years ago

Provider returns 401 Unauthorized after upgrade to 15.1.5.1 for users with token authorization (tacacs server (cisco ISE)).

Environment

Summary

After upgrading BigIP to version BIG-IP 15.1.5.1 Build 0.0.14 Point Release 1 provider started return 401 Unauthorized ERROR. On previous version BIG-IP 15.1.4 Build 0.0.47 Final everything works fine. After downgrade from 15.1.5.1 to 15.1.4 everything sterted to work normal.

On both versions there is no problem to execute cURL to generate token and GET resource from BigIP through iControl REST Api.

Users are managed through tacacs server (cisco ISE) Same behaviour is for Administrator Assigned Role user and for Manager Asaigned Role user.

I already tried this solution with no result https://support.f5.com/csp/article/K22162765 https://support.f5.com/csp/article/K20752925 https://support.f5.com/csp/article/K19294264

Let me know if i should provide more details.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Provide terraform resource config which you are facing trouble along with the output of it.
  required_providers {
    bigip = {
      source = "F5Networks/bigip"
      version = "1.14.0"
    }
  }
}

provider "bigip" {
    address = var.F5_URL
    username = var.F5_USERNAME
    password = var.F5_PASSWORD
    token_auth = true
    login_ref = "tmos"
} 
    resource "bigip_ltm_datagroup" "f5-silverline-source-ips2" {
    name = "${var.BIGIP_VLAN_ID}f5-silverline-source-ips2"
    type = "ip"

    record {
        name = "107.162.0.0%1/21"
    }
    record {
        name = "107.162.104.0%1/23"
    }
    record {
        name = "107.162.49.0%1/24"
    }
    record {
        name = "107.162.56.0%1/22"
    }
    record {
        name = "107.162.60.0%1/24"
    }
    record {
        name = "107.162.96.0%1/21"
    }
}
  1. To get to know more about the issue, provide terraform debug logs
 $ terraform plan
2022-06-01T09:27:38.861+0200 [INFO]  Terraform version: 1.2.1
2022-06-01T09:27:38.861+0200 [DEBUG] using github.com/hashicorp/go-tfe v1.0.0
2022-06-01T09:27:38.861+0200 [DEBUG] using github.com/hashicorp/hcl/v2 v2.12.0
2022-06-01T09:27:38.861+0200 [DEBUG] using github.com/hashicorp/terraform-config-inspect v0.0.0-20210209133302-4fd17a0faac2
2022-06-01T09:27:38.861+0200 [DEBUG] using github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734
2022-06-01T09:27:38.861+0200 [DEBUG] using github.com/zclconf/go-cty v1.10.0
2022-06-01T09:27:38.861+0200 [INFO]  Go runtime version: go1.18.1
2022-06-01T09:27:38.861+0200 [INFO]  CLI args: []string{"terraform", "plan"}
2022-06-01T09:27:38.861+0200 [DEBUG] Attempting to open CLI config file: /home/filip/.terraformrc
2022-06-01T09:27:38.861+0200 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2022-06-01T09:27:38.861+0200 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2022-06-01T09:27:38.861+0200 [DEBUG] ignoring non-existing provider search directory /home/filip/.terraform.d/plugins
2022-06-01T09:27:38.861+0200 [DEBUG] ignoring non-existing provider search directory /home/filip/.local/share/terraform/plugins
2022-06-01T09:27:38.861+0200 [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
2022-06-01T09:27:38.861+0200 [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2022-06-01T09:27:38.862+0200 [DEBUG] ignoring non-existing provider search directory /var/lib/snapd/desktop/terraform/plugins
2022-06-01T09:27:38.862+0200 [INFO]  CLI command args: []string{"plan"}
2022-06-01T09:27:38.864+0200 [DEBUG] New state was assigned lineage "ff1eb779-bb5a-4d0b-d527-a82a165cfdc7"
2022-06-01T09:27:39.019+0200 [DEBUG] checking for provisioner in "."
2022-06-01T09:27:39.030+0200 [DEBUG] checking for provisioner in "/usr/bin"
2022-06-01T09:27:39.031+0200 [INFO]  backend/local: starting Plan operation
2022-06-01T09:27:39.033+0200 [DEBUG] created provider logger: level=debug
2022-06-01T09:27:39.033+0200 [INFO]  provider: configuring client automatic mTLS
2022-06-01T09:27:39.065+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 args=[.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0]
2022-06-01T09:27:39.065+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 pid=17909
2022-06-01T09:27:39.066+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0
2022-06-01T09:27:39.081+0200 [INFO]  provider.terraform-provider-bigip_v1.14.0: configuring server automatic mTLS: timestamp=2022-06-01T09:27:39.081+0200
2022-06-01T09:27:39.154+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: plugin address: address=/tmp/plugin692982317 network=unix timestamp=2022-06-01T09:27:39.154+0200
2022-06-01T09:27:39.155+0200 [DEBUG] provider: using plugin: version=5
2022-06-01T09:27:39.221+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2022-06-01T09:27:39.226+0200 [DEBUG] No provider meta schema returned
2022-06-01T09:27:39.236+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 pid=17909
2022-06-01T09:27:39.236+0200 [DEBUG] provider: plugin exited
2022-06-01T09:27:39.236+0200 [DEBUG] Building and walking validate graph
2022-06-01T09:27:39.236+0200 [DEBUG] ProviderTransformer: "bigip_ltm_datagroup.f5-silverline-source-ips2" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/f5networks/bigip"]
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "var.BIGIP_VLAN_ID" references: []
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "var.SOURCE_ADDRESS_TRANSLATION" references: []
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "var.SNATPOOL" references: []
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/f5networks/bigip\"]" references: [var.F5_USERNAME var.F5_URL var.F5_PASSWORD]
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "bigip_ltm_datagroup.f5-silverline-source-ips2" references: [var.BIGIP_VLAN_ID]
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "var.ELK_LOGGER_NAME" references: []
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "var.F5_USERNAME" references: []
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "var.F5_PASSWORD" references: []
2022-06-01T09:27:39.237+0200 [DEBUG] ReferenceTransformer: "var.F5_URL" references: []
2022-06-01T09:27:39.237+0200 [DEBUG] Starting graph walk: walkValidate
2022-06-01T09:27:39.238+0200 [DEBUG] created provider logger: level=debug
2022-06-01T09:27:39.238+0200 [INFO]  provider: configuring client automatic mTLS
2022-06-01T09:27:39.270+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 args=[.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0]
2022-06-01T09:27:39.271+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 pid=17923
2022-06-01T09:27:39.271+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0
2022-06-01T09:27:39.287+0200 [INFO]  provider.terraform-provider-bigip_v1.14.0: configuring server automatic mTLS: timestamp=2022-06-01T09:27:39.287+0200
2022-06-01T09:27:39.360+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: plugin address: address=/tmp/plugin299457098 network=unix timestamp=2022-06-01T09:27:39.360+0200
2022-06-01T09:27:39.360+0200 [DEBUG] provider: using plugin: version=5
2022-06-01T09:27:39.424+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2022-06-01T09:27:39.429+0200 [DEBUG] No provider meta schema returned
2022-06-01T09:27:39.454+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 pid=17923
2022-06-01T09:27:39.454+0200 [DEBUG] provider: plugin exited
2022-06-01T09:27:39.455+0200 [INFO]  backend/local: plan calling Plan
2022-06-01T09:27:39.455+0200 [DEBUG] Building and walking plan graph for NormalMode
2022-06-01T09:27:39.455+0200 [DEBUG] ProviderTransformer: "bigip_ltm_datagroup.f5-silverline-source-ips2 (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/f5networks/bigip"]
2022-06-01T09:27:39.455+0200 [DEBUG] ReferenceTransformer: "bigip_ltm_datagroup.f5-silverline-source-ips2 (expand)" references: [var.BIGIP_VLAN_ID]
2022-06-01T09:27:39.455+0200 [DEBUG] ReferenceTransformer: "var.SOURCE_ADDRESS_TRANSLATION" references: []
2022-06-01T09:27:39.455+0200 [DEBUG] ReferenceTransformer: "var.F5_USERNAME" references: []
2022-06-01T09:27:39.456+0200 [DEBUG] ReferenceTransformer: "var.F5_PASSWORD" references: []
2022-06-01T09:27:39.456+0200 [DEBUG] ReferenceTransformer: "var.F5_URL" references: []
2022-06-01T09:27:39.456+0200 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/f5networks/bigip\"]" references: [var.F5_PASSWORD var.F5_USERNAME var.F5_URL]
2022-06-01T09:27:39.456+0200 [DEBUG] ReferenceTransformer: "var.SNATPOOL" references: []
2022-06-01T09:27:39.456+0200 [DEBUG] ReferenceTransformer: "var.BIGIP_VLAN_ID" references: []
2022-06-01T09:27:39.456+0200 [DEBUG] ReferenceTransformer: "var.ELK_LOGGER_NAME" references: []
2022-06-01T09:27:39.456+0200 [DEBUG] Starting graph walk: walkPlan
2022-06-01T09:27:39.457+0200 [DEBUG] created provider logger: level=debug
2022-06-01T09:27:39.457+0200 [INFO]  provider: configuring client automatic mTLS
2022-06-01T09:27:39.488+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 args=[.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0]
2022-06-01T09:27:39.489+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 pid=17937
2022-06-01T09:27:39.489+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0
2022-06-01T09:27:39.504+0200 [INFO]  provider.terraform-provider-bigip_v1.14.0: configuring server automatic mTLS: timestamp=2022-06-01T09:27:39.504+0200
2022-06-01T09:27:39.575+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: plugin address: address=/tmp/plugin303359089 network=unix timestamp=2022-06-01T09:27:39.575+0200
2022-06-01T09:27:39.575+0200 [DEBUG] provider: using plugin: version=5
2022-06-01T09:27:39.641+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2022-06-01T09:27:39.647+0200 [DEBUG] No provider meta schema returned
2022-06-01T09:27:39.663+0200 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/f5networks/bigip\"]" changed the config value, but that value is unused
2022-06-01T09:27:39.664+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: 2022/06/01 09:27:39 [INFO] Initializing BigIP connection
2022-06-01T09:27:39.827+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: 2022/06/01 09:27:39 [ERROR] Connection to BigIP device could not have been validated: HTTP 401 :: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2022-06-01T09:27:39.827+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: <html><head>
2022-06-01T09:27:39.827+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: <title>401 Unauthorized</title>
2022-06-01T09:27:39.827+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: </head><body>
2022-06-01T09:27:39.827+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: <h1>Unauthorized</h1>
2022-06-01T09:27:39.827+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: <p>This server could not verify that you
2022-06-01T09:27:39.827+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: are authorized to access the document
2022-06-01T09:27:39.827+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: requested.  Either you supplied the wrong
2022-06-01T09:27:39.828+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: credentials (e.g., bad password), or your
2022-06-01T09:27:39.828+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: browser doesn't understand how to supply
2022-06-01T09:27:39.828+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: the credentials required.</p>
2022-06-01T09:27:39.828+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0: </body></html>
2022-06-01T09:27:39.828+0200 [DEBUG] provider.terraform-provider-bigip_v1.14.0:
2022-06-01T09:27:39.828+0200 [ERROR] vertex "provider[\"registry.terraform.io/f5networks/bigip\"]" error: HTTP 401 :: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
2022-06-01T09:27:39.828+0200 [INFO]  backend/local: plan operation completed
╷
│ Error: HTTP 401 :: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
│ <html><head>
│ <title>401 Unauthorized</title>
│ </head><body>
│ <h1>Unauthorized</h1>
│ <p>This server could not verify that you
│ are authorized to access the document
│ requested.  Either you supplied the wrong
│ credentials (e.g., bad password), or your
│ browser doesn't understand how to supply
│ the credentials required.</p>
│ </body></html>
│
│
│   with provider["registry.terraform.io/f5networks/bigip"],
│   on terraform_provider.tf line 10, in provider "bigip":
│   10: provider "bigip" {
│
╵
2022-06-01T09:27:39.831+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.14.0/linux_amd64/terraform-provider-bigip_v1.14.0 pid=17937
2022-06-01T09:27:39.831+0200 [DEBUG] provider: plugin exited
coffmant commented 2 years ago

Likely related to https://cdn.f5.com/product/bugtracker/ID1108181.html

PanSiwek commented 2 years ago

It was this bug form @coffmant comment. Already recived EHF from support which resolved this issue.