search

uptime-com / terraform-provider-uptime

A Terraform provider that provisions checks via the Uptime.com REST API
MIT License
20 stars 18 forks source link

Authentication Error on Terraform Apply #29

Closed cirojas-spaceiq closed 1 year ago

cirojas-spaceiq commented 1 year ago

I'm getting errors when uptime modules are invoked from pipeline agents, running locally it works out as expected. The plan is executed it successfully, however on Terraform Apply I got this:

│ Error: Create failed
│ 
│   with uptime_check_http.http,
│   on main.tf line 1, in resource "uptime_check_http" "http":
│    1: resource "uptime_check_http" "http" {
│ 
│ POST https://uptime.com/api/v1/checks/add-http/ failed:
│ Code=NOT_AUTHENTICATED Message=Access denied.

Terragrunt Plan


      + headers                   = (known after apply)
      + id                        = (known after apply)
      + include_in_global_metrics = (known after apply)
      + interval                  = 5
      + is_paused                 = (known after apply)
      + locations                 = [
          + "France",
          + "Italy",
          + "Spain",
        ]
      + name                      = "XXXXXX"
      + notes                     = (known after apply)
      + num_retries               = (known after apply)
      + password                  = (sensitive value)
      + port                      = (known after apply)
      + proxy                     = (known after apply)
      + send_string               = (known after apply)
      + sensitivity               = (known after apply)
      + status_code               = "200"
      + tags                      = [
          + "xxx",
        ]
      + threshold                 = (known after apply)
      + url                       = (known after apply)
      + username                  = (known after apply)
      + version                   = (known after apply)
    }
Plan: 3 to add, 0 to change, 0 to destroy.

I'm using the same uptime token for the plan and apply

mikluko commented 1 year ago

Can you provide minimal configuration to reproduce that please?

Are you sure API token is propagated properly to your pipeline agent?

cirojas-spaceiq commented 1 year ago

The pipeline API token is working properly provided that the terraform plan is running.

The module I have for this is the following: 

terraform {
  required_providers {
    uptime = {
      source  = "uptime-com/uptime"
      version = "~> 2.0"
    }
  }
}

provider "uptime" {
  token = var.uptime_token
}

resource "uptime_check_http" "http" {
  name           = var.name
  interval       = var.interval
  address        = var.address
  contact_groups = var.contact_groups
  locations      = var.locations
  tags           = var.tags
  username       = var.username
  password       = var.password
  send_string    = var.send_string
  expect_string  = var.expect_string
  proxy          = var.proxy
  status_code    = var.status_code

  lifecycle {
    ignore_changes = [
      encryption, headers
    ]
  }
}

resource "null_resource" "encryption" {
  depends_on = [uptime_check_http.http]

  triggers = {
    value = var.encryption
  }
  provisioner "local-exec" {
    command = <<-EOT
      curl --location --request PATCH 'https://uptime.com/api/v1/checks/${uptime_check_http.http.id}' \
      --header 'Content-Type: application/json' \
      --header 'Authorization: Token ${var.uptime_token}' \
      --data '{
          "msp_encryption": "${var.encryption?"SSL_TLS":""}"
      }'
    EOT
  }
}

resource "null_resource" "headers" {
  depends_on = [uptime_check_http.http]

  triggers = {
    value = var.headers
  }
  provisioner "local-exec" {
    command = <<-EOT
      curl --location --request PATCH 'https://uptime.com/api/v1/checks/${uptime_check_http.http.id}' \
      --header 'Content-Type: application/json' \
      --header 'Authorization: Token ${var.uptime_token}' \
      --data '{
          "msp_headers": "${var.headers}"
      }'
    EOT
  }
}

variable "uptime_token" {
  type = string
  sensitive = true
}

variable "name" {
  type = string
}

variable "address" {
  type = string
}

variable "interval" {
  type = number
}

variable "contact_groups" {
  type = set(string)
}

variable "locations" {
  type = set(string)  
}

variable "tags" {
  type = set(string)
}

variable "username" {
   type = string
   default = null
}

variable "password" {
  type = string
  default = null
}

variable "send_string" {
  type = string
  default = null
}

variable "expect_string" {
  type = string
  default = null
}

variable "proxy" {
  type = string
  default = null
}

variable "encryption" {
  type = bool
  default = false
}

variable "status_code" {
  type = string
}

variable "headers" {
  type = string
  default = ""
}

The failure is during terraform apply only, I'm sure I'm passing the token correctly because the terraform plan is working as expected.

cirojas-spaceiq commented 1 year ago

I had a misconfiguration in the pipeline, closing the issue.