search

opensearch-project / terraform-provider-opensearch

https://registry.terraform.io/providers/opensearch-project/opensearch
Apache License 2.0
73 stars 55 forks source link

[BUG] With version 2.3.0 of the provider, the ressource opensearch_channel_configuration cannot be applied when assuming an iam role in the provider #200

Open Jaewongtongsoup opened 3 weeks ago

Jaewongtongsoup commented 3 weeks ago

What is the bug?

With version 2.3.0 of the provider, the ressource opensearch_channel_configuration cannot be applied when assuming an iam role in the provider like so : image image

Do you have any screenshots?

image provider.terraform-provider-opensearch_v2.3.0: Response contains error diagnostic: diagnostic_severity=ERROR tf_proto_version=5.4 tf_provider_addr=provider tf_resource_type=opensearch_channel_configuration @module=sdk.proto diagnostic_detail= tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.22.2/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_summary="HTTP 403 Forbidden: Permission denied. Please ensure that the correct credentials are being used to access the cluster." tf_req_id=4c4f9019-ad7d-e488-f5e9-008d96464823 timestamp=2024-06-20T17:46:03.247Z

It works perfectly when I force version 2.2.0 of the provider.

Other ressources that also uses this provider configs with version 2.3.0 doesnt seems to be affected and works perfectly like : image

rblcoder commented 3 weeks ago

The following terraform code works for me 

terraform {
  required_providers {
    opensearch = {
      source = "opensearch-project/opensearch"
      version = "2.3.0"
    }
  }
}

provider "opensearch" {
  url = "url"
  healthcheck        = "false"
  aws_region          = "region"
  aws_assume_role_arn = "assume role arn"
  aws_assume_role_external_id = "external id"
  version_ping_timeout = "10"

}

resource "opensearch_index" "index" {
  name = "sample"
  number_of_replicas = "1"
  number_of_shards = "1"

}

resource "opensearch_channel_configuration" "webhook_channel_configuration" {
  body = <<EOF
{
  "id": "sample-webhook-id",
  "name": "sample-name",
  "config": {
    "name": "Sample Webhook Channel",
    "description": "Sample webhook description",
    "config_type": "webhook",
    "is_enabled": true,
    "webhook": {
      "url": "https://www.example.com"
    }
  }
}
EOF
}
Jaewongtongsoup commented 3 weeks ago

Can you try using an AWS SNS channel instead of a webhook?

rblcoder commented 3 weeks ago

The following works for me

terraform {
  required_providers {
    opensearch = {
      source = "opensearch-project/opensearch"
      version = "2.3.0"
    }
  }
}

provider "opensearch" {
  url = "url"
  healthcheck        = "false"
  aws_region          = "region"
  aws_assume_role_arn = "role arn"
  aws_assume_role_external_id = "opensearch-external"
  version_ping_timeout = "10"

}

resource "opensearch_index" "index" {
  name = "sample"
  number_of_replicas = "1"
  number_of_shards = "1"

}

resource "opensearch_channel_configuration" "sns_channel_configuration" {
  body = <<EOF
{
  "id": "sample-sns-id",
  "name": "sample-name",
  "config": {
      "name": "sns-channel",  
      "config_type": "sns",  
        "sns": {  
          "topic_arn": "topic arn",  
          "role_arn": "role arn"  
        } 

      }
}
EOF
}