search

Mongey / terraform-provider-confluentcloud

A Terraform provider for managing resource in confluent.cloud
MIT License
110 stars 47 forks source link

Unable to create kafka-acl at Cluster level for Confluent Cloud #81

Open kanthi-hpfc opened 3 years ago

kanthi-hpfc commented 3 years ago

Hi,

I tried to create a Cluster level Acl, using the following instructions:

terraform {
  required_version = "> 0.13"
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "2.58.0"
    }
    confluentcloud = {
      source = "Mongey/confluentcloud"
    }
    kafka = {
      source  = "Mongey/kafka"
      version = "0.3.3"
    }
  }

################################-Confluent Cloud Provider##############################
provider "confluentcloud" {
  username = var.CCLOUD_USER
  password = var.CCLOUD_PASSWORD
}

#######################API Key  And service Account###############################################
resource "confluentcloud_api_key" "dest_api_admin_access" {
  cluster_id     = var.DEST_CLUSTER_ID
  environment_id = var.DEST_ENVIRONMENT_ID
}

resource "confluentcloud_service_account" "replicatorServiceAccount" {
  name           = var.SERVICE_ACCOUNT_NAME
  description    = "Replicator Test Service Account"
}

#####################################################################################
provider "kafka" {
  alias = "dest_cluster"
  bootstrap_servers = var.DEST_BOOTSTRAP_SERVERS

  tls_enabled    = true
  sasl_username  = confluentcloud_api_key.dest_api_admin_access.key
  sasl_password  = confluentcloud_api_key.dest_api_admin_access.secret
  sasl_mechanism = "plain"
  timeout        = 10
}
####################################################################################

resource "kafka_acl" "LicenTopicAcl-Cluster-Create" {
  provider            = kafka.dest_cluster
  resource_name       = var.DEST_CLUSTER_ID
  resource_type       = "Cluster"
  acl_principal       = format("User:%d", confluentcloud_service_account.replicatorServiceAccount.id)
  acl_host            = "*"
  acl_operation       = "Create"
  acl_permission_type = "Allow" 
}

For the resource name neither the Cluster Id nor the Cluster Name worked. I get the following exception:

Error: kafka server: This most likely occurs because of a request being malformed by the client library or the message was sent to an incompatible broker. See the broker logs for more details. │ │ with kafka_acl.LicenTopicAcl-Cluster-Create, │ on license-topic-acls.tf line 48, in resource "kafka_acl" "LicenTopicAcl-Cluster-Create": │ 48: resource "kafka_acl" "LicenTopicAcl-Cluster-Create" { │

Can you please confirm what is wrong in the format of the message?

cvdv87 commented 3 years ago

Bug confirmed, hereby the debug log:

values removed for security reasons. 2021/06/22 09:37:43 [WARN] Provider "registry.terraform.io/mongey/kafka" produced an invalid plan for kafka_acl.test_acl_cluster, but we are tolerating it because it is using the legacy plugin SDK. The following problems may be the cause of any confusing errors from downstream operations: - .resource_pattern_type_filter: planned value cty.StringVal("Literal") does not match config value cty.NullVal(cty.String) kafka_acl.test_acl_cluster: Creating... 2021/06/22 09:37:43 [DEBUG] EvalApply: ProviderMeta config value set 2021/06/22 09:37:43 [DEBUG] kafka_acl.test_acl_cluster: applying the planned Create change 2021-06-22T09:37:43.715+0200 [DEBUG] plugin.terraform-provider-kafka_v0.2.11: 2021/06/22 09:37:43 [INFO] Creating ACL User:|*|Alter|Allow|Cluster||Literal 2021-06-22T09:37:43.715+0200 [DEBUG] plugin.terraform-provider-kafka_v0.2.11: 2021/06/22 09:37:43 [INFO] configuring bootstrap_servers {0xc000560940 10 ***** ***** true false ***** plain} 2021-06-22T09:37:43.715+0200 [DEBUG] plugin.terraform-provider-kafka_v0.2.11: 2021/06/22 09:37:43 [WARN] no CA file set skipping 2021-06-22T09:37:44.544+0200 [DEBUG] plugin.terraform-provider-kafka_v0.2.11: 2021/06/22 09:37:44 [DEBUG] retrieving supported APIs from broker: &[aws.confluent.cloud:9092] 2021-06-22T09:37:45.105+0200 [WARN] plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing" 2021-06-22T09:37:45.107+0200 [DEBUG] plugin: plugin process exited: path=.terraform/providers/registry.terraform.io/mongey/confluentcloud/0.0.10/darwin_amd64/terraform-provider-confluentcloud_v0.0.10 pid=18657 2021-06-22T09:37:45.107+0200 [DEBUG] plugin: plugin exited
bedzinsk commented 3 years ago

I think the problem is at resource_type must be "kafka-cluster". There is an issue with resolution under terraform-provider-kafka https://github.com/Mongey/terraform-provider-kafka/issues/155

kanthi-hpfc commented 3 years ago

That means we really cannot use it for confluent cloud right until that issue is resolved. For confluent cloud, we will want to give cluster level access to a specific named cluster

Islam-Alii commented 3 years ago

I think here resource_name = var.DEST_CLUSTER_ID you've to provide the Cluster Name not ID