search

scylladb / terraform-provider-scylladbcloud

Terraform provider for ScyllaDB Cloud.
https://registry.terraform.io/providers/scylladb/scylladbcloud/latest
Apache License 2.0
11 stars 10 forks source link

Token #99

Closed Kikivsantos closed 10 months ago

Kikivsantos commented 11 months ago

Hi there.

I'm trying to create my first resource (a serverless cluster) using terraform. But something is not right with my autentication.

What I'm running:

 terragrunt plan
Acquiring state lock. This may take a few moments...

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: could not build Cloudmeta: failed to read scylla versions: Get "https://api.cloud.scylladb.com/deployment/scylla-versions?defaults=true": tls: failed to verify certificate: x509: certificate signed by unknown authority
│
│   with provider["registry.terraform.io/scylladb/scylladbcloud"],
│   on provider.tf line 2, in provider "scylladbcloud":
│    2:     provider "scylladbcloud" {
│
╵
ERRO[0006] Terraform invocation failed in 
ERRO[0006] 1 error occurred:
        * ...] exit status 1

I also tryied to run the command below, without success:


curl --url https://api.cloud.scylladb.com/deployment/cloud-providers --header 'Authorization: Bearer MY_TOKEN'

The command below worked:

curl --url https://api.cloud.scylladb.com/deployment/cloud-providers --header 'Authorization: Bearer MY_TOKEN' --insecure

Is there a way to pass to terraform the insecure? What should i do to this to work?

Thanks, Cristiana Santos

nuivall commented 11 months ago

Hello, first make sure that your system is recognising our certificate chain (looks like it's not). You can inspect the certificate even in the browser visiting e.g. https://api.cloud.scylladb.com/deployment/cloud-providers and clicking the lock icon or something similar.

We use Let's Encrypt and I think their chain is described here https://letsencrypt.org/certificates/.

Kikivsantos commented 11 months ago

The link worked just fine for me, resulting in:

{"data":{"cloudProviders":[{"id":1,"name":"AWS","rootAccountId":"696340704738"},{"id":2,"name":"GCP","rootAccountId":"scylladb-cloud"}]}}

So, i thing it seems to be something between windows and WSL. As if WSL couldn't access the certificates from wind. Or am i wrong?

Thanks,

mrVanboy commented 11 months ago

So, i thing it seems to be something between windows and WSL. As if WSL couldn't access the certificates from wind. Or am i wrong?

I doubt that WSL has access to the certificates from the host's Windows machine at all. At least based on what is discussed here: https://github.com/microsoft/WSL/issues/3161

rjeczalik commented 10 months ago

I see it was answered in the linked issue. Closing