Closed dragetd closed 3 weeks ago
My Service-Account should have IAM Manager permissions.
I tried it with the provider 1.3.0 as well. The error is a different one:
zitadel_org.tofutest_org: Creating...
2024-08-22T20:55:46.320+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Called provider defined Type Validate: tf_attribute_path=jwt_profile_file tf_mux_provider="*proto6server.Server" tf_rpc=ValidateProviderConfig @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwschemadata/data_value.go:80 @module=sdk.framework tf_provider_addr=registry.terraform.io/zitadel/zitadel tf_req_id=c9b8bb2d-36ce-1d10-69d9-6314ebdb3875 timestamp="2024-08-22T20:55:46.313+0200"
2024-08-22T20:55:46.320+0200 [INFO] Starting apply for zitadel_org.tofutest_org
2024-08-22T20:55:46.320+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Calling provider defined Type Validate: tf_rpc=ValidateProviderConfig @module=sdk.framework tf_provider_addr=registry.terraform.io/zitadel/zitadel tf_attribute_path=jwt_profile_json tf_mux_provider="*proto6server.Server" tf_req_id=c9b8bb2d-36ce-1d10-69d9-6314ebdb3875 @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwschemadata/data_value.go:78 timestamp="2024-08-22T20:55:46.313+0200"
2024-08-22T20:55:46.320+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Called provider defined Type Validate: @module=sdk.framework tf_attribute_path=jwt_profile_json tf_mux_provider="*proto6server.Server" tf_req_id=c9b8bb2d-36ce-1d10-69d9-6314ebdb3875 tf_rpc=ValidateProviderConfig @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwschemadata/data_value.go:80 tf_provider_addr=registry.terraform.io/zitadel/zitadel timestamp="2024-08-22T20:55:46.313+0200"
2024-08-22T20:55:46.320+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Calling provider defined Type Validate: tf_attribute_path=port tf_mux_provider="*proto6server.Server" tf_provider_addr=registry.terraform.io/zitadel/zitadel tf_req_id=c9b8bb2d-36ce-1d10-69d9-6314ebdb3875 @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwschemadata/data_value.go:78 @module=sdk.framework tf_rpc=ValidateProviderConfig timestamp="2024-08-22T20:55:46.313+0200"
2024-08-22T20:55:46.320+0200 [DEBUG] zitadel_org.tofutest_org: applying the planned Create change
2024-08-22T20:55:46.373+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Called provider defined Type Validate: tf_mux_provider="*proto6server.Server" tf_provider_addr=registry.terraform.io/zitadel/zitadel tf_rpc=ValidateProviderConfig @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwschemadata/data_value.go:80 @module=sdk.framework tf_attribute_path=port tf_req_id=c9b8bb2d-36ce-1d10-69d9-6314ebdb3875 timestamp="2024-08-22T20:55:46.313+0200"
2024-08-22T20:55:46.373+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Calling provider defined Type Validate: tf_req_id=c9b8bb2d-36ce-1d10-69d9-6314ebdb3875 @module=sdk.framework tf_mux_provider="*proto6server.Server" tf_rpc=ValidateProviderConfig @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwschemadata/data_value.go:78 tf_attribute_path=domain tf_provider_addr=registry.terraform.io/zitadel/zitadel timestamp="2024-08-22T20:55:46.313+0200"
2024-08-22T20:55:46.373+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Called provider defined Type Validate: tf_mux_provider="*proto6server.Server" tf_provider_addr=registry.terraform.io/zitadel/zitadel @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwschemadata/data_value.go:80 tf_attribute_path=domain tf_req_id=c9b8bb2d-36ce-1d10-69d9-6314ebdb3875 tf_rpc=ValidateProviderConfig @module=sdk.framework timestamp="2024-08-22T20:55:46.313+0200"
2024-08-22T20:55:46.374+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Calling provider defined Provider Configure: tf_mux_provider="*proto6server.Server" tf_provider_addr=registry.terraform.io/zitadel/zitadel tf_req_id=f0083ec0-8ef0-d292-c10b-1896ea141bd0 @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwserver/server_configureprovider.go:12 @module=sdk.framework tf_rpc=ConfigureProvider timestamp="2024-08-22T20:55:46.315+0200"
2024-08-22T20:55:46.374+0200 [DEBUG] provider.terraform-provider-zitadel_v1.3.0: Called provider defined Provider Configure: tf_req_id=f0083ec0-8ef0-d292-c10b-1896ea141bd0 tf_rpc=ConfigureProvider tf_mux_provider="*proto6server.Server" tf_provider_addr=registry.terraform.io/zitadel/zitadel @caller=github.com/hashicorp/terraform-plugin-framework@v0.15.0/internal/fwserver/server_configureprovider.go:20 @module=sdk.framework timestamp="2024-08-22T20:55:46.315+0200"
2024-08-22T20:55:46.375+0200 [INFO] provider.terraform-provider-zitadel_v1.3.0: started create: tf_req_id=9b3d2982-0d24-c4af-06d4-785a5af2c1d2 tf_resource_type=zitadel_org @module=zitadel tf_mux_provider=tf5to6server.v5tov6Server tf_provider_addr=registry.terraform.io/zitadel/zitadel tf_rpc=ApplyResourceChange @caller=github.com/zitadel/terraform-provider-zitadel/zitadel/org/funcs.go:38 timestamp="2024-08-22T20:55:46.375+0200"
2024-08-22T20:55:49.096+0200 [ERROR] provider.terraform-provider-zitadel_v1.3.0: Response contains error diagnostic: diagnostic_summary="rpc error: code = Unimplemented desc = unexpected HTTP status code received from server: 404 (Not Found); transport: received unexpected content-type \"application/json\"" tf_resource_type=zitadel_org diagnostic_severity=ERROR tf_proto_version=6.3 tf_provider_addr=registry.terraform.io/zitadel/zitadel @module=sdk.proto diagnostic_detail="" tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov6/internal/diag/diagnostics.go:55 tf_req_id=9b3d2982-0d24-c4af-06d4-785a5af2c1d2 timestamp="2024-08-22T20:55:49.096+0200"
2024-08-22T20:55:49.096+0200 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-22T20:55:49.096+0200 [ERROR] vertex "zitadel_org.tofutest_org" error: rpc error: code = Unimplemented desc = unexpected HTTP status code received from server: 404 (Not Found); transport: received unexpected content-type "application/json"
╷
│ Error: rpc error: code = Unimplemented desc = unexpected HTTP status code received from server: 404 (Not Found); transport: received unexpected content-type "application/json"
│
│ with zitadel_org.tofutest_org,
│ on main.tf line 23, in resource "zitadel_org" "tofutest_org":
│ 23: resource "zitadel_org" "tofutest_org" {
│
╵
2024-08-22T20:55:49.118+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-08-22T20:55:49.121+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/zitadel/zitadel/1.3.0/linux_amd64/terraform-provider-zitadel_v1.3.0 pid=175237
2024-08-22T20:55:49.121+0200 [DEBUG] provider: plugin exited
My reverse-proxy even shows acticity then! But strangely, an action call for ManagementSerice AddOrg seems return 404. I think I am doing something stupidly wrong. :S
From my reverse-proxy
172.19.0.1 - - [22/Aug/2024:18:57:07 +0000] "GET /.well-known/openid-configuration HTTP/2.0" 200 2111 "-" "-" 12786 "zitadel@docker" "http://172.18.0.2:8080" 75ms
172.19.0.1 - - [22/Aug/2024:18:57:09 +0000] "POST /oauth/v2/token HTTP/2.0" 200 1516 "-" "-" 12787 "zitadel@docker" "http://172.18.0.2:8080" 418ms
172.19.0.1 - - [22/Aug/2024:18:57:09 +0000] "POST /zitadel.management.v1.ManagementService/AddOrg HTTP/2.0" 404 33 "-" "-" 12788 "zitadel@docker" "http://172.18.0.2:8080" 3ms
I am deeply sorry and apologize for having @ mentions in the output and randomly pinging a bunch of people! I did not mean to! Sorry. :-(
I'm having the same issue when migrating to provider v2.0.0. No issue when rollback to v1.3.0.
Error: failed to start zitadel client: Get "https://id.foo.bar/.well-known/openid-configuration": context canceled
.
We were just setting up a dev environment and ran into this when upgrading from 1.2.0
to 2.0.0
.
Okay, I made it work with < 2.0.0
The thing that I was messing up: The API is gRPC, while my reverse-proxy was only supporting the HTTP(S) Scheme. I was using traefik. And the documentation page for traefik is a bit hard to read: https://zitadel.com/docs/self-hosting/manage/reverseproxy/traefik
The key was: I had to set the scheme of the load-balancer to h2c://! The regular http did work for the UI and everything, just the API would return a 404. For those interested on how to configure it via traefik labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik-zitadel"
- "traefik.http.routers.zitadel.rule=Host(`id.example.com`)"
- "traefik.http.routers.zitadel.tls=true"
- "traefik.http.services.zitadel.loadbalancer.server.port=8080"
- "traefik.http.services.zitadel.loadbalancer.server.scheme=h2c"
It works perfectly with the zitadel provider 1.2.0 and 1.3.0, but upgrading to 2.0.0 does not work with the current zitadal.
Error output:
zitadel_org.tofutest_org: Creating...
╷
│ Error: failed to start zitadel client: Get "https://id.example.com/.well-known/openid-configuration": context canceled
│
│ with zitadel_org.tofutest_org,
│ on main.tf line 28, in resource "zitadel_org" "tofutest_org":
│ 28: resource "zitadel_org" "tofutest_org" {
│
I have the same problem after updating to the 2.0.0
provider.
Updating to 2.0.1
fixes the issue for me.
Thank you!
Updating to
2.0.1
fixes the issue for me.Thank you!
Happy to help, totally missed to write here, will close this issue if any error come up besides it, please just create a new issue.
Preflight Checklist
Version
2.0.0
ZITADEL Version
2.56.0
Describe the problem caused by this bug
I am unable to connect to my zitadel and do anything.
My reverse proxy does not show any attempts of connecting.
To reproduce
My terraform config:
Screenshots
No response
Expected behavior
No response
Relevant Configuration
No response
Additional Context
No response