Validate IBM Cloud region before attempting to contact API

[pbaity]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I've noticed that if the region is invalid, rather than a fast failure and error message there is a long pause until the request times out because the region is prepended to the API URL without being validated:

Error: Error fetching Keys Get "https://us-soth.iaas.cloud.ibm.com/v1/keys?generation=2&version=2021-06-29": net/http: TLS handshake timeout

This is especially problematic when you allow an end-user to select which region to use, as we are doing via the IBM Cloud Schematics offering, since if they mistype they will experience this long hang and then an error message that may be unclear to them.

New or Affected Resource(s)

• none

Potential Terraform Configuration

n/a - the Terraform code would not change

References

[kavya498]

@pbaity ,

I don’t think this is possible.. There are two issues that would be stopping this..

• There are private regions used by customers which cannot be exposed anywhere in the code for validation..
• When ever there is a support for new region.. Customers ll have to wait until it is been supported by provider..

[pbaity]

@kavya498 There's no way to try/catch hit some API endpoint and see what HTTP code it returns? Ideally some type of preliminary request that can immediately return either a 200 or 400-500 range error that will show whether the endpoint is valid for that user, whatever region (private or otherwise) they've selected.

Pseudo-code:

endpoint = f"https://{region}.iaas.cloud.ibm.com/v1"

response = request(endpoint, headers={"Authorization": "Bearer: ${token}"})

switch response.status:
    case 200:
        // endpoint is valid, therefore the region is valid
    case 401:
        // endpoint seems valid but the user doesn't have access
    default: 
        // endpoint is invalid, therefore the region is invalid

The main thing I'd hope to change is that when an invalid region is given, an error should be thrown faster (there's a long delay right now) and with a more helpful error message like "Invalid region" (right now you just get TLS timeout).

It would seem like a design flaw if something simple as just checking the HTTP code returned by an endpoint wasn't feasible, but I understand this may be an issue with the IBM Cloud API, not the provider. If this truly isn't possible, you can close this issue.

[kavya498]

We do retries on few error codes and some error handlings on few other error types and strings.. If we take up this.. We ll have to do this for every request we do in every resource which is out of our scope.. It should be handled from API side.. We may not be able to handle it..

May be as a workaround when you write a template.. You can add validation to the variables in your template.. I think that should help..

Thanks..

[kavya498]

Closing this issue.. As, this cannot be achieved via provider..

Thanks..