Invalid authentication credentials

r8or0pz commented 3 years ago

After some time the deployment broke up...

Terraform Version

0.11.8

Kong Provider Version

"~> 1.9"

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

provider "kong" {

   kong_admin_uri = "https://api.${lookup(var.env_prefix, terraform.env)}.com/api-admin"
   kong_api_key   = "${data.terraform_remote_state.foo-admin-kong.admin-key}"

}

resource "kong_plugin" "api-admin" {
    name   = "key-auth"
    service_id = "${kong_service.api-admin.id}"
    config {
      hide_credentials = "true"
    }
}

resource "kong_plugin" "acl-admin" {
    name   = "acl"
    service_id = "${kong_service.api-admin.id}"
    config {
      whitelist = "admins"
    }
}

resource "kong_consumer" "api-admin" {
    username  = "api-admin"
    custom_id = "100"
}

resource "random_string" "admin-random-key" {
  length = 32
  special = false
  min_numeric = 6
  min_lower = 6
  min_upper = 6
}

resource "kong_consumer_plugin_config" "acl-admin" {
    consumer_id = "${kong_consumer.api-admin.id}"
    plugin_name = "acls"
    config = {
      group = "admins"
    }
}

resource "kong_consumer_plugin_config" "apikey_api-admin" {
    consumer_id = "${kong_consumer.api-admin.id}"
    plugin_name = "key-auth"
    config = {
      key = "${random_string.admin-random-key.result}"
    }
}

resource "kong_service" "api-admin" {
   name         = "api-admin"
   protocol     = "http"
   host         = "foo-admin.${lookup(var.local_domain, terraform.env)}"
   port         = 8080
   retries      = 5
   connect_timeout = 10000
   write_timeout   = 10000
   read_timeout    = 10000
}

resource "kong_route" "api-admin" {
  protocols     = [ "https" ]
  hosts     = [ "api.${lookup(var.env_prefix, terraform.env)}.com" ]
  paths     = [ "/api-admin" ]
  strip_path    = true
  preserve_host = false
  service_id    = "${kong_service.api-admin.id}"
}

output "admin-key" {
 value = "${random_string.admin-random-key.result}"
}

##################################################

resource "kong_service" "foo-bar" {
  name      = "foo-bar"
  protocol  = "http"
  host      = "foo-bar.${lookup(var.local_domain, terraform.env)}"
  port      = 8080
  retries   = 5
  connect_timeout = 60000
  write_timeout   = 60000
  read_timeout    = 60000
}

resource "kong_route" "foo-bar" {
  protocols     = [ "https" ]
  methods   = [ "GET" ]
  hosts     = [ "api.${lookup(var.env_prefix, terraform.env)}.com" ]
  paths     = [ "/v1/foo", "/v1/bar" ]
  strip_path    = false
  preserve_host = false
  service_id    = "${kong_service.foo-bar.id}"
}

resource "kong_plugin" "foo-bar" {
  name   = "key-auth"
  service_id = "${kong_service.foo-bar.id}"
  config {
    hide_credentials = "true"
  }
}

resource "kong_plugin" "acl-foo-bar" {
  name   = "acl"
  service_id = "${kong_service.foo-bar.id}"
  config {
    whitelist = "crm-dev"
  }
}

resource "kong_consumer" "swagger-ui-crm" {
    username  = "swagger-ui-crm"
    custom_id = "103"
}

resource "kong_consumer_plugin_config" "basic-auth_api-crm" {
    consumer_id = "${kong_consumer.swagger-ui-crm.id}"
    plugin_name = "basic-auth"
    config = {
      username = "${kong_consumer.swagger-ui-crm.username}"
      password = "${random_string.random-key_api-crm.result}"
    }
}

resource "kong_consumer_plugin_config" "acl-api-crm" {
    consumer_id = "${kong_consumer.swagger-ui-crm.id}"
    plugin_name = "acls"
    config = {
      group = "swagger-ui"
    }
}

Debug Output

Coming soon...

Actual Behavior

kong_service.foo-bar: 1 error(s) occurred:
kong_service.foo-bar: kong_service.foo-bar: could not find kong service: not authorised, message from kong: {"message":"Invalid authentication credentials"}
kong_consumer.swagger-ui-crm: 1 error(s) occurred:
kong_consumer.swagger-ui-crm: kong_consumer.swagger-ui-crm: could not find kong consumer with id: 296365d4-192c-456b-8c8a-c8f8331fd00a error: not authorised, message from kong: {"message":"Invalid authentication credentials"}

kevholditch-f3 commented 3 years ago

Hey, this looks like an issue with authorisation using your api endpoint, can you check your api key and endpoint are correct?

kevholditch-f3 commented 3 years ago

Is this Kong Enterprise? If so then I believe you need to set kong_admin_token and not kong_api_key

kevholditch commented 3 years ago

This is fixed by PR #140

kevholditch / terraform-provider-kong