Open jsidney opened 1 month ago
Hello, the 409 status code represents an error inside the business logic. It can result from multiple causes, it would be very helpful if you could post here the body of the message. The body contains the exact error.
@valentindeaconu - i do not have easy access to the body of the message (but i will try and spin up a test environment inside a k8s cluster to replicate the situation). At the time, I do remember seeing some funny "AccessDenied" messages in AWS Cloudtrail (i am using S3 as the storage backend). We are using Service Accounts and OIDC roles for all of the tooling inside our cluster so I wonder if there is something to do with how the application is assuming the role?
Curently, we are running terralist inside a ECS/Fargate cluster and we are simply using the same IAM policy for both the ECS task's role as well as the K8s IRSA role - so i am pretty confident that it is not specifically the IAM permissions that are incorrect,
We are using Service Accounts and OIDC roles for all of the tooling inside our cluster so I wonder if there is something to do with how the application is assuming the role?
Terralist is not assuming any role. You can either configure it with a set of static credentials, or configure it to use the default credentials providers chain (which I guess is your case). To make it work with DCPC, all you have to do is to not configure any credentials (leave s3-access-key-id
and s3-secret-access-key
options unset).
As I said before, without some logs or an error, I'm not able to understand or reproduce the issue, I'm sorry.
Hi guys - I migrated our terralist setup to K8s yesterday and I am suddenly seeing some weird errors when trying to post new versions of a module to the registry. It seems as though the authentication is correct and all of that seems to be working, but the server is responding with a 409 error. We are running all of our services behind an Istio service mesh with STRICT mtls enabled (i honestly dont know if that could be the issue?) . i was wondering if anyone had seen this error before and how we could possibly solve it?
terralist version: 0.5.1 backend: s3 db: postgresql
the command i am running is:
here is the error:
here is the log from terralist and istio: Terralist:
istio: