Closed piotrgwiazda closed 1 year ago
We'll take a look, thank you for the details. That helps a great deal. FYI @PacoDw
Hello, are there any updates on that issue?
I believe I've faced a similar one (while performing a different action though, but the symptoms seem to be similar). When trying to import an existing Atlas Project (created manually from outside terraform), I'm getting 401 too:
terraform import mongodbatlas_project.atlas-test-project-imported 5a70XXXXXX
mongodbatlas_project.atlas-test-project-imported: Importing from ID "5a70XXXXXX"...
mongodbatlas_project.atlas-test-project-imported: Import prepared!
Prepared mongodbatlas_project for import
mongodbatlas_project.atlas-test-project-imported: Refreshing state... [id=5a70XXXXXX]
Error: error getting project(5a70XXXXXX): GET https://cloud.mongodb.com/api/atlas/v1.0/groups/5a70XXXXXX: 401 (request "Unauthorized") You are not authorized for this resource.
While trying to simulate a similar api call from curl, it works fine (200 response code is preceded by 401, similarly to what @piotrgwiazda reported above).
Also, when trying to create the project using mongodbatlas_project resource (instead of importing it), everything works fine.
@michaljrk no but that's helpful information so will add a link to the other issue to this one. It may help during attempted repro. Thank you!
@piotrgwiazda
The first 401 and then 200 response seen is due to the digest auth mechanism used by the Atlas API. However, please confirm if you are still facing this issue or has this resolved for you.
In case this is still the case, Please confirm the below details for the further troubleshooting here:
Thanks.
Is this still an issue? If not going to close it?
This is still an issue. I am using Terraform v0.13.6 and "mongodb/mongodbatlas" version = "1.1.1".
We have a public/private key-pair in project with full permissions on that project and at Organization level, that key-pair has 'Organization Member' access. No IP restriction applied.
We are trying to create alerts in Atlas via terraform, where we are getting following error, when Terraform is making POST call to /api/atlas/v1.0/groups//alertConfigs HTTP/1.1
mongodbatlas_alert_configuration.HOST_DOWN[0]: Creating...
2021/12/27 10:54:45 [DEBUG] EvalApply: ProviderMeta config value set
2021/12/27 10:54:45 [DEBUG] mongodbatlas_alert_configuration.HOST_DOWN[0]: applying the planned Create change
2021-12-27T10:54:45.161+0530 [INFO] plugin.terraform-provider-mongodbatlas_v1.1.1: 2021/12/27 10:54:45 [DEBUG] MongoDB Atlas API Request Details:
---[ REQUEST ]---------------------------------------
POST /api/atlas/v1.0/groups/<staging group id>/alertConfigs HTTP/1.1
Host: cloud.mongodb.com
User-Agent: terraform-provider-mongodbatlas/1.1.1 go-mongodbatlas/0.14.0 (darwin;amd64)
Content-Length: 156
Accept: application/json
Content-Type: application/json
Accept-Encoding: gzip
{
"eventTypeName": "HOST_DOWN",
"enabled": true,
"notifications": [
{
"delayMin": 0,
"emailEnabled": false,
"intervalMin": 15,
"smsEnabled": false,
"typeName": "WEBHOOK"
}
]
}
-----------------------------------------------------: timestamp=2021-12-27T10:54:45.161+0530
2021-12-27T10:54:46.539+0530 [INFO] plugin.terraform-provider-mongodbatlas_v1.1.1: 2021/12/27 10:54:46 [DEBUG] MongoDB Atlas API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 401 Unauthorized
Content-Length: 106
Content-Type: application/json
Date: Mon, 27 Dec 2021 05:24:46 GMT
Server: envoy
Www-Authenticate: Digest realm="MMS Public API", domain="", nonce="HHKNxxxxxxxxxxJ+C1W3", algorithm=MD5, qop="auth", stale=false
X-Envoy-Upstream-Service-Time: 26
{
"error" : 401,
"reason" : "Unauthorized",
"detail" : "You are not authorized for this resource."
}
-----------------------------------------------------: timestamp=2021-12-27T10:54:46.538+0530
2021/12/27 10:54:46 [DEBUG] mongodbatlas_alert_configuration.HOST_DOWN[0]: apply errored, but we're indicating that via the Error pointer rather than returning it: error creating Alert Configuration information: POST https://cloud.mongodb.com/api/atlas/v1.0/groups/<staging group id>/alertConfigs: 401 (request "") You are not authorized for this resource.
2021/12/27 10:54:46 [ERROR] eval: *terraform.EvalApplyPost, err: error creating Alert Configuration information: POST https://cloud.mongodb.com/api/atlas/v1.0/groups/<staging group id>/alertConfigs: 401 (request "") You are not authorized for this resource.
2021/12/27 10:54:46 [ERROR] eval: *terraform.EvalSequence, err: error creating Alert Configuration information: POST https://cloud.mongodb.com/api/atlas/v1.0/groups/<staging group id>/alertConfigs: 401 (request "") You are not authorized for this resource.
Error: error creating Alert Configuration information: POST https://cloud.mongodb.com/api/atlas/v1.0/groups/<staging group id>/alertConfigs: 401 (request "") You are not authorized for this resource.
on main.tf line 1, in resource "mongodbatlas_alert_configuration" "HOST_DOWN":
1: resource "mongodbatlas_alert_configuration" "HOST_DOWN" {
2021-12-27T10:54:46.568+0530 [WARN] plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-12-27T10:54:46.571+0530 [DEBUG] plugin: plugin process exited: path=.terraform/plugins/registry.terraform.io/mongodb/mongodbatlas/1.1.1/darwin_amd64/terraform-provider-mongodbatlas_v1.1.1 pid=22524
2021-12-27T10:54:46.571+0530 [DEBUG] plugin: plugin exited
However, when I run the curl command against the same API, with that public-private key pair as POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/
@vikassinha2019 this is not the same issue as reported here. Without your configuration or other details I can't tell you why you aren't having success with Terraform. I would suggest reaching out to Atlas support for assistance.
@themantissa I have the same issue while calling modify cluster through the API.
Request:
curl -u "xxxxx:yyyyyy" --digest \
--header "Content-Type: application/json" \
--include \
--request PATCH "https://cloud.mongodb.com/api/atlas/v1.5/groups/ccccccccc/clusters/xxxxxx?pretty=true" --data '
{"@provider":"AZURE","backupEnabled":false,"biConnector":{"enabled":false,"readPreference":"secondary"},"clusterTags":[],"clusterType":"REPLICASET","continuousDeliveryFCV":null,"deleteAfterDate":null,"deploymentClusterName":"atlas-42k40e","deploymentItemName":"atlas-42k40e-shard-0","diskBackupEnabled":true,"diskSizeGB":32,"encryptionAtRestProvider":"NONE","fixedMongoDBFCV":null,"forceReplicaSetReconfig":false,"geoSharding":{"customZoneMapping":{},"managedNamespaces":[]},"groupId":"61fa70187434774be5631324","hostnameSchemeForAgents":"INTERNAL","hostnameSubdomainLevel":"MONGODB","isCrossCloudCluster":false,"isMongoDBVersionFixed":false,"isMonitoringPaused":false,"isNvme":false,"isPaused":false,"labels":[],"lastUpdateDate":"2022-02-15T14:12:23Z","maxIncomingConns":3000,"mongoDBMajorVersion":"4.4","mongoDBUriHosts":["xxxx-shard-00-00.x7fjr.mongodb.net:27017","xxxx-shard-00-01.x7fjr.mongodb.net:27017","xxxx-shard-00-02.x7fjr.mongodb.net:27017","xxxxx-shard-00-03.x7fjr.mongodb.net:27017","xxxxx-shard-00-04.x7fjr.mongodb.net:27017"],"mongoDBUriHostsLastUpdateDate":"2022-02-15T14:25:15Z","name":"Cluxxxxster0","needsMongoDBConfigPublishAfter":null,"pitEnabled":false,"privateLinkMongoDBUriHosts":{},"privateLinkSrvAddresses":{},"privateMongoDBUriHosts":["xxxx-shard-00-00-pri.x7fjr.mongodb.net:27017","xxxxx-shard-00-01-pri.x7fjr.mongodb.net:27017","xxx-shard-00-02-pri.x7fjr.mongodb.net:27017","xxxx-shard-00-03-pri.x7fjr.mongodb.net:27017","xxxx-shard-00-04-pri.x7fjr.mongodb.net:27017"],"privateSrvAddress":"xxxx-pri.x7fjr.mongodb.net","replicationSpecList":[{"id":"620b832cfc45ea4a60d2ab7c","numShards":1,"regionConfigs":[{"analyticsSpecs":{"diskIOPS":120,"diskType":"P4","instanceSize":"M30","nodeCount":0},"autoScaling":{"autoIndex":{"enabled":false},"compute":{"enabled":false,"maxInstanceSize":null,"minInstanceSize":null,"scaleDownEnabled":false},"diskGB":{"enabled":true}},"cloudProvider":"AZURE","electableSpecs":{"diskIOPS":120,"diskType":"P4","instanceSize":"M30","nodeCount":2},"priority":7,"readOnlySpecs":{"diskIOPS":120,"diskType":"P4","instanceSize":"M30","nodeCount":0},"regionName":"US_EAST_2","regionView":{"continent":"North America","isRecommended":true,"key":"US_EAST_2","latitude":36.6770547,"location":"Virginia-East2","longitude":-78.3790247,"name":"eastus2","provider":"AZURE"}},{"analyticsSpecs":{"diskIOPS":120,"diskType":"P4","instanceSize":"M30","nodeCount":0},"autoScaling":{"autoIndex":{"enabled":false},"compute":{"enabled":false,"maxInstanceSize":null,"minInstanceSize":null,"scaleDownEnabled":false},"diskGB":{"enabled":false}},"cloudProvider":"AZURE","electableSpecs":{"diskIOPS":120,"diskType":"P4","instanceSize":"M30","nodeCount":3},"priority":6,"readOnlySpecs":{"diskIOPS":120,"diskType":"P4","instanceSize":"M30","nodeCount":0},"regionName":"US_EAST","regionView":{"continent":"North America","isRecommended":true,"key":"US_EAST","latitude":37.926868,"location":"Virginia","longitude":-78.024902,"name":"eastus","provider":"AZURE"}}],"zoneName":"Zone 1"}],"restrictedEmployeeAccessBypassDate":null,"resurrectOptions":null,"resurrectRequested":null,"rootCertType":"ISRGROOTX1","srvAddress":"xxxxxx.x7fjr.mongodb.net","state":"UPDATING","tenantAccessRevokedForPause":false,"tenantUpgrading":false,"uniqueId":"620b839519bad52e92acf972","userNotifiedAboutPauseDate":null,"versionReleaseSystem":"LTS"}'
Actual Response got:
www-authenticate: Digest realm="MMS Public API", domain="", nonce="hTpUs4JXZ2Eoh/qdDGDlLPqRBF2noG5J", algorithm=MD5, qop="auth", stale=false
content-length: 0
x-envoy-upstream-service-time: 2
date: Thu, 17 Feb 2022 11:38:26 GMT
server: envoy
HTTP/2 200
date: Thu, 17 Feb 2022 11:38:27 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
x-mongodb-service-version: gitHash=ce32f58d12d5f58688149ca3774f769b3b48da2f; versionString=v20220216
content-type: application/json
x-frame-options: DENY
content-length: 2645
x-envoy-upstream-service-time: 309
server: envoy
{
"backupEnabled" : false,
"biConnector" : {
"enabled" : false,
"readPreference" : "secondary"
},
"clusterType" : "REPLICASET",
"connectionStrings" : {
"private" : "mongodb://xxxxx-shard-00-00-pri.x7fjr.mongodb.net:27017,xxxxx-shard-00-01-pri.x7fjr.mongodb.net:27017,xxxxx-shard-00-02-pri.x7fjr.mongodb.net:27017,xxxxx-shard-00-03-pri.x7fjr.mongodb.net:27017,xxxxx-shard-00-04-pri.x7fjr.mongodb.net:27017/?ssl=true&authSource=admin&replicaSet=atlas-42k40e-shard-0",
"privateSrv" : "mongodb+srv://xxxx-pri.x7fjr.mongodb.net",
"standard" : "mongodb://xxxx-shard-00-00.x7fjr.mongodb.net:27017,xxxxx-shard-00-01.x7fjr.mongodb.net:27017,xxxx-shard-00-02.x7fjr.mongodb.net:27017,xxxxx-shard-00-03.x7fjr.mongodb.net:27017,xxxxx-shard-00-04.x7fjr.mongodb.net:27017/?ssl=true&authSource=admin&replicaSet=atlas-42k40e-shard-0",
"standardSrv" : "mongodb+srv://xxxxx.x7fjr.mongodb.net"
},
"createDate" : "2022-02-15T10:42:29Z",
"diskSizeGB" : 32.0,
"encryptionAtRestProvider" : "NONE",
"groupId" : "61fa70187434774be5631324",
"id" : "620b839519bad52e92acf972",
"labels" : [ ],
"mongoDBMajorVersion" : "4.4",
"mongoDBVersion" : "4.4.12",
"name" : "xxxxxx",
"paused" : false,
"pitEnabled" : false,
"replicationSpecs" : [ {
"id" : "620b832cfc45ea4a60d2ab7c",
"numShards" : 1,
"regionConfigs" : [ {
"analyticsSpecs" : {
"instanceSize" : "M30",
"nodeCount" : 0
},
"autoScaling" : {
"compute" : {
"enabled" : false,
"scaleDownEnabled" : false
},
"diskGB" : {
"enabled" : true
}
},
"electableSpecs" : {
"instanceSize" : "M30",
"nodeCount" : 2
},
"priority" : 7,
"providerName" : "AZURE",
"readOnlySpecs" : {
"instanceSize" : "M30",
"nodeCount" : 0
},
"regionName" : "US_EAST_2"
}, {
"analyticsSpecs" : {
"instanceSize" : "M30",
"nodeCount" : 0
},
"autoScaling" : {
"compute" : {
"enabled" : false,
"scaleDownEnabled" : false
},
"diskGB" : {
"enabled" : false
}
},
"electableSpecs" : {
"instanceSize" : "M30",
"nodeCount" : 3
},
"priority" : 6,
"providerName" : "AZURE",
"readOnlySpecs" : {
"instanceSize" : "M30",
"nodeCount" : 0
},
"regionName" : "US_EAST"
} ],
"zoneName" : "Zone 1"
} ],
"rootCertType" : "ISRGROOTX1",
"stateName" : "UPDATING",
"versionReleaseSystem" : "LTS"
}```
Expected Response should be 200 for both the API.
Not the same issue above. I'm closing this out. Any related issues should be open as a fresh issue and include the information we request to investigate, including the tf config and any logs. Thanks!
I am trying to setup Encryption at rest with Azure using Terraform. In general it works when calling Mongo DB Atlas REST API with CURL, but does not work via Terraform.
Here is Terraform code
Terraform fails with 401 error Terraform logs (sensitive data removed)
However, when I take the same JSON and run it via CLI it works.
The curl output shows 401 response as a first response as well, but then 202.