search

salesforce / terraform-provider-policyguru

Terraform provider for Policy Sentry (IAM least privilege generator and auditor)
https://registry.terraform.io/providers/salesforce/policyguru
MIT License
30 stars 8 forks source link

provider throwing internal server error #9

Closed reetasingh closed 3 years ago

reetasingh commented 3 years ago 
make: *** [terraform-demo] Error 1
reetasingh-ltm8:terraform-provider-policyguru reetasingh$ make clean
make: *** No rule to make target `clean'.  Stop.
reetasingh-ltm8:terraform-provider-policyguru reetasingh$ make terraform-demo
go build -o terraform-provider-policyguru
mv terraform-provider-policyguru ~/.terraform.d/plugins
cd examples && terraform init && terraform apply

Initializing the backend...

Initializing provider plugins...
- Using previously-installed hashicorp/aws v3.21.0
- Using previously-installed salesforce/policyguru v2.0.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
data.policyguru_document.example: Refreshing state...

Error: status: 500, body: {"message":"Internal Server Error"}

make: *** [terraform-demo] Error 1
reetasingh-ltm8:terraform-provider-policyguru reetasingh$
reetasingh commented 3 years ago

this is a problem on API side. we are working on fix for it in the API repo

reetasingh commented 3 years ago

this issue is resolved on API side repo

reetasingh commented 3 years ago

terraform-provider is working now

reetasingh commented 3 years ago 
reetasingh-ltm8:terraform-provider-policyguru reetasingh$ make terraform-demo
go build -o terraform-provider-policyguru
mv terraform-provider-policyguru ~/.terraform.d/plugins
cd examples && terraform init && terraform apply

Initializing the backend...

Initializing provider plugins...
- Finding salesforce/policyguru versions matching "2.0.4"...
- Finding hashicorp/aws versions matching "~> 3.0"...
- Installing salesforce/policyguru v2.0.4...
- Installed salesforce/policyguru v2.0.4 (self-signed, key ID E7494D9EF9590F1F)
- Installing hashicorp/aws v3.22.0...
- Installed hashicorp/aws v3.22.0 (signed by HashiCorp)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/plugins/signing.html

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
data.policyguru_document.example: Refreshing state...

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.policyguru_document.example will be read during apply
  # (config refers to values not yet known)
 <= data "policyguru_document" "example"  {
      ~ id   = "1609789420" -> "1609789421"
        json = jsonencode(
            {
                Statement = [
                    {
                        Action   = [
                            "s3:GetAccelerateConfiguration",
                            "s3:GetAnalyticsConfiguration",
                            "s3:GetBucketAcl",
                            "s3:GetBucketCORS",
                            "s3:GetBucketLocation",
                            "s3:GetBucketLogging",
                            "s3:GetBucketNotification",
                            "s3:GetBucketObjectLockConfiguration",
                            "s3:GetBucketOwnershipControls",
                            "s3:GetBucketPolicy",
                            "s3:GetBucketPolicyStatus",
                            "s3:GetBucketPublicAccessBlock",
                            "s3:GetBucketRequestPayment",
                            "s3:GetBucketTagging",
                            "s3:GetBucketVersioning",
                            "s3:GetBucketWebsite",
                            "s3:GetEncryptionConfiguration",
                            "s3:GetInventoryConfiguration",
                            "s3:GetLifecycleConfiguration",
                            "s3:GetMetricsConfiguration",
                            "s3:GetReplicationConfiguration",
                        ]
                        Effect   = "Allow"
                        Resource = [
                            "arn:aws:s3:::mybucket",
                        ]
                        Sid      = "S3ReadBucket"
                    },
                ]
                Version   = "2012-10-17"
            }
        )

        actions_for_resources_at_access_level {
            list                   = []
            permissions_management = []
            read                   = [
                "arn:aws:s3:::mybucket",
            ]
            tagging                = []
            write                  = []
        }
    }

  # aws_iam_policy.policy will be created
  + resource "aws_iam_policy" "policy" {
      + arn         = (known after apply)
      + description = "this uses policyguru document"
      + id          = (known after apply)
      + name        = "sample2"
      + path        = "/"
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "s3:GetAccelerateConfiguration",
                          + "s3:GetAnalyticsConfiguration",
                          + "s3:GetBucketAcl",
                          + "s3:GetBucketCORS",
                          + "s3:GetBucketLocation",
                          + "s3:GetBucketLogging",
                          + "s3:GetBucketNotification",
                          + "s3:GetBucketObjectLockConfiguration",
                          + "s3:GetBucketOwnershipControls",
                          + "s3:GetBucketPolicy",
                          + "s3:GetBucketPolicyStatus",
                          + "s3:GetBucketPublicAccessBlock",
                          + "s3:GetBucketRequestPayment",
                          + "s3:GetBucketTagging",
                          + "s3:GetBucketVersioning",
                          + "s3:GetBucketWebsite",
                          + "s3:GetEncryptionConfiguration",
                          + "s3:GetInventoryConfiguration",
                          + "s3:GetLifecycleConfiguration",
                          + "s3:GetMetricsConfiguration",
                          + "s3:GetReplicationConfiguration",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:s3:::mybucket",
                        ]
                      + Sid      = "S3ReadBucket"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes
jelledv commented 3 years ago

I am still getting "Error: status: 500, body: {"message":"Internal Server Error"}" after executing terraform plan

rhnasc commented 3 years ago

@reetasingh I'm still receiving that error... is this provider ready for production?

Also, are you guys planning on open-sourcing the REST API? This would be make the provider more interesting for adoption, security-wise