Closed stripthesoul closed 2 years ago
Same problem here. A little more details in 0.5.0:
module.confluent_sa.confluentcloud_kafka_acl.all_access_cluster: Creating...
2022-05-03T17:01:17.008-0300 [INFO] Starting apply for module.confluent_sa.confluentcloud_kafka_acl.all_access_cluster
2022-05-03T17:01:17.008-0300 [DEBUG] module.confluent_sa.confluentcloud_kafka_acl.all_access_cluster: applying the planned Create change
2022-05-03T17:01:17.008-0300 [DEBUG] provider.terraform-provider-confluentcloud_0.5.0: 2022/05/03 17:01:17 [DEBUG] GET https://api.confluent.cloud/service_accounts
2022-05-03T17:01:23.173-0300 [DEBUG] provider.terraform-provider-confluentcloud_0.5.0: 2022/05/03 17:01:23 [DEBUG] POST https://pkc-abcde1.us-east-2.aws.confluent.cloud:443/kafka/v3/clusters/my-cluster-id/acls
2022-05-03T17:01:24.061-0300 [INFO] provider.terraform-provider-confluentcloud_0.5.0: 2022/05/03 17:01:24 [ERROR] Kafka ACL create failed {CLUSTER kafka-cluster LITERAL User:123456 * ALL ALLOW}, &{403 Forbidden 403 HTTP/2.0 2 0 map[Content-Type:[application/json] Date:[Tue, 03 May 2022 20:01:23 GMT]] {0x140004ba580} -1 [] false false map[] 0x140001b8700 0x1400041cd10}, 403 Forbidden: timestamp=2022-05-03T17:01:24.060-0300
2022-05-03T17:01:24.063-0300 [DEBUG] provider.terraform-provider-confluentcloud_0.5.0: panic: reflect: call of reflect.Value.FieldByName on zero Value
Actually, I commit a huge mistake, I was confusing cloud API keys
(the same configured in provider) with kafka api keys
.
The resource confluentcloud_kafka_acl
requires a kafka api key
with ALTER permission in cluster.
Reference: https://docs.confluent.io/cloud/current/access-management/authenticate/api-keys/api-keys.html
I used Kafka keys not cloud keys, so my issue still persists
@stripthesoul Is your Kafka key configured with ALTER permission for the cluster?
It might be useful to check that the owner of Kafka API Key (service account) has a corresponding role (CloudClusterAdmin
) / ACLs assigned.
@linouk23 the owner does have roles, but I will double check and get back to you! Thanks!
@stripthesoul we're very excited to let you know we've just published a new version of TF Provider that includes a lot of very very exciting improvements: it enables fully automated provisioning of our key Kafka workflows (see the demo) with no more manual intervention and makes it our biggest and most impactful release.
The only gotcha we've renamed it from confluentinc/confluentcloud
to confluentinc/confluent
but we published a migration guide so it should be fairly straightforward. The existing confluentinc/confluentcloud
will be deprecated soon so we'd recommend switching as soon as possible.
New confluentinc/confluent
provider also includes a lot of sample configurations so you won't need to write them from scratch. You can find them here, find a full list of changes here.
To be more specific, here's the example that shows how to setup ACLs & service accounts that might help.
Let us know if it helps!
@linouk23 I will test the changes this week and report back. Thank you!
@linouk23 - Seems to be some issues with the new provider - the reference is returning 404 confluentinc/terraform-provider-confluent#11
@linouk23 I'm very interested in the new solution, however the links you pasted here are broken: https://github.com/confluentinc/terraform-provider-confluent
I am attempting to create an ACL as follows (result from the plan):
when I attempt to create the ACL using confluent cloud provider 0.5.0, I get the following issue:
When I attempt to apply using 0.4.0: