search

tailscale / terraform-provider-tailscale

Terraform provider for Tailscale
https://registry.terraform.io/providers/tailscale/tailscale
MIT License
264 stars 47 forks source link

Invalid Actor / Failed to update tailnet settings #440

Closed boomam closed 1 month ago

boomam commented 1 month ago

Describe the bug Running a terraform apply the last 2-3x days generates an initial error of - 

Error: Failed to update tailnet settings

  with tailscale_tailnet_settings.tailnet_settings,
  on tailnet-settings.tf line 1, in resource "tailscale_tailnet_settings" "tailnet_settings":
   1: resource "tailscale_tailnet_settings" "tailnet_settings" {

invalid actor (500)

This error does not occur during a plan.

To Reproduce Run terraform apply.

Expected behaviour The terraform to apply.

Desktop (please complete the following information):

Additional context Full error with debug turned on - 

2024-09-28T15:54:46.676Z [INFO]  Starting apply for tailscale_tailnet_settings.tailnet_settings
2024-09-28T15:54:46.677Z [DEBUG] tailscale_tailnet_settings.tailnet_settings: applying the planned Create change
Error: -28T15:54:47.410Z [ERROR] provider.terraform-provider-tailscale_v0.17.1: Response contains error diagnostic: tf_provider_addr=provider tf_resource_type=tailscale_tailnet_settings tf_rpc=ApplyResourceChange @module=sdk.proto diagnostic_detail="invalid actor (500)" diagnostic_severity=ERROR diagnostic_summary="Failed to update tailnet settings" tf_proto_version=5.6 tf_req_id=ed8301c8-6318-abff-d77d-6aef24ba97dd @caller=github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 timestamp=2024-09-28T15:54:47.409Z
2024-09-28T15:54:47.415Z [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
Error: -28T15:54:47.415Z [ERROR] vertex "tailscale_tailnet_settings.tailnet_settings" error: Failed to update tailnet settings

Error: Failed to update tailnet settings

  with tailscale_tailnet_settings.tailnet_settings,
  on tailnet-settings.tf line 1, in resource "tailscale_tailnet_settings" "tailnet_settings":
   1: resource "tailscale_tailnet_settings" "tailnet_settings" {

invalid actor (500)
2024-09-28T15:54:47.582Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-09-28T15:54:47.583Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/tailscale/tailscale/0.17.1/linux_amd64/terraform-provider-tailscale_v0.17.1 id=1630
2024-09-28T15:54:47.583Z [DEBUG] provider: plugin exited

Full set of TF files being used -

provider.tf 

terraform {
  required_providers {
    tailscale = {
      source  = "tailscale/tailscale"
    }
  }
}

provider "tailscale" {
  oauth_client_id = var.tailscale_oauth_client_id
  oauth_client_secret = var.tailscale_oauth_client_secret
  tailnet = var.tailscale_tailnet
}

tailnet-settings.tf 

resource "tailscale_tailnet_settings" "tailnet_settings" {
  devices_approval_on                         = true
  devices_auto_updates_on                     = true
  devices_key_duration_days                   = 180
  users_approval_on                           = true
  users_role_allowed_to_join_external_tailnet = "member"
  posture_identity_collection_on              = false
}

Checks on the OAuth permissions have been tested, to no effect.
Only notable change to the TS side of things is me flipping the account from the business trial, to just a normal personal account.

mpminardi commented 1 month ago

Thank you for the detailed report @boomam! This looks to have been an issue with OAuth for the underlying endpoint in the control plane that should now be fixed.

boomam commented 1 month ago

Great! I will test this evening and report back!

boomam commented 1 month ago

I can confirm that the issue is now resolved.
Thanks for getting it fixed!