search

ionos-cloud / terraform-provider-ionoscloud

The IonosCloud Terraform provider gives the ability to deploy and configure resources using the IonosCloud APIs.
Mozilla Public License 2.0
34 stars 23 forks source link

Terraform apply/ plan: net/http: invalid header field value for "Authorization" #655

Closed cmllr closed 1 week ago

cmllr commented 2 weeks ago

Description

terraform apply/ plan calls getting aborted due to │ Error: an error occurred while fetching a LAN 7: Get "https://api.ionos.com/cloudapi/v6/<resource>?depth=0&pretty=true": net/http: invalid header field value for "Authorization" .

Expected behavior

The resources should be refreshed/ applied without errors.

Environment

Terraform version: 

1.9.5

Provider version: initally discovered appeared in 6.4.13, also persisting after upgrade to 6.5.0

OS:

Debian GNU/Linux 12 (WSL)

Configuration Files

We are reading the token from an file (ionos_auth_file). I already replaced the token with a fresh one (generated from DCD). The file has only the plain token, without any kind of (Bearer-)Prefix.

provider "ionoscloud" {
  token = file("${var.ionos_auth_file}")
}

We are using a modular approach, having a submodule which also uses the ionoscloud-provider. These modules have also been updated to 6.5.0 and are using the same file contents for authentification.

How to Reproduce

Unfortunately, I cannot provide the entire configuration due to cooperate restrictions here. But for example, having a terraform-created ionoscloud_lan within a VDC will cause the process to fail.

  1. Run terraform apply within a tenant having any kind of IONOS-managed ressource (VDC, LAN)
  2. During refresh, the process will fail.

Error and Debug Output

Example for terraform apply on a existing VDC with multiple managed kubernetes instances, multiple LAN's and other resources. The VDC also has virtual machines, but they are not touched by a change of the terraform apply.

╷
│ Error: an error occurred while fetching an ip block ID <id> Get "https://api.ionos.com/cloudapi/v6/ipblocks/<id>?depth=0&pretty=true": net/http: invalid header field value for "Authorization"
│ 
│   with ionoscloud_ipblock.prod_cluster_block1,
│   on ip.tf line 2, in resource "ionoscloud_ipblock" "prod_cluster_block1":
│    2: resource "ionoscloud_ipblock" "prod_cluster_block1" {
│ 
╵
╷
│ Error: an error occurred while fetching a LAN 7: Get "https://api.ionos.com/cloudapi/v6/datacenters/<id>/lans/7?depth=0&pretty=true": net/http: invalid header field value for "Authorization"
│ 
│   with module.kubernetes_cluster.ionoscloud_lan.kubernetes_lan,
│   on ../modules/kubernetes_cluster/network.tf line 2, in resource "ionoscloud_lan" "kubernetes_lan":
│    2: resource "ionoscloud_lan" "kubernetes_lan" {
│ 
╵
╷
│ Error: an error occurred while fetching a User ID <someid> Get "https://api.ionos.com/cloudapi/v6/um/users/<someid>?depth=1&pretty=true": net/http: invalid header field value for "Authorization"
│ 
│   with module.serviceaccount.ionoscloud_user.serviceaccount,
│   on ../modules/somename_serviceaccount/serviceaccount.tf line 8, in resource "ionoscloud_user" "serviceaccount":
│    8: resource "ionoscloud_user" "serviceaccount" {

Additional Notes

We've seen this error while refreshing the state of LAN's, VDC or any kind of IONOS-managed resource. When applying only to managed Kubernetes, the apply works, but when IONOS-managed ressources, like a LAN are referred, the process will fail.

References

cristiGuranIonos commented 2 weeks ago

Was not able to reproduce with token stored in file. If you store token in IONOS_TOKEN env variable, does this reproduce? Another way to debug is to enable TF_LOG=debug and IONOS_LOG_LEVE=trace. This way you can actually see your token in the http request and see if maybe some garbage chars were added while in the file. Also you can try to use the same token with ionosctl or postman and see if you still get the same error, just to make sure it's not terraform related.

cmllr commented 1 week ago

Was not able to reproduce with token stored in file. If you store token in IONOS_TOKEN env variable, does this reproduce? Another way to debug is to enable TF_LOG=debug and IONOS_LOG_LEVE=trace. This way you can actually see your token in the http request and see if maybe some garbage chars were added while in the file. Also you can try to use the same token with ionosctl or postman and see if you still get the same error, just to make sure it's not terraform related.

Thank you for the hint with the IONOS_LOG_LEVEL flag! I did another test and saw in the now more verbose log that there were unexpected HTTP 401 errors present. I created another token directly from the DCD (and downloaded the token file instead of copying it from the text box), which resulted in the terraform calls to be working again!

Thank you for your help! And sorry for the time waste, as this seems to be an user or client error on my side here.