Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] HTTP 400 Bad Request When Creating elasticstack_kibana_security_role #933

Closed
browol opened this issue Nov 27, 2024 · 8 comments
Closed

[Bug] HTTP 400 Bad Request When Creating elasticstack_kibana_security_role #933

browol opened this issue Nov 27, 2024 · 8 comments
Labels
bug Something isn't working

Comments

@browol
Copy link

browol commented Nov 27, 2024
edited
Loading

Describe the bug

I encountered an error while attempting to create the elasticstack_kibana_security_role resource. Although the Kibana role appears to be created successfully, the Terraform resource (elasticstack_kibana_security_role.role) fails to be created.

Upon reviewing the Kibana logs, it seems the issue is caused by a 400 Bad Request response. Specifically:

  1. A PUT request to /api/security/role/developer_role?createOnly=true is successfully processed.
  2. Immediately afterward, a GET request to /api/security/role/developer_role?createOnly=true is sent, which results in a 400 Bad Request error from the Kibana server.

This behavior suggests that the provider's code is making an unnecessary or improperly formatted GET request after the successful PUT.

I believe the problem is related to the implementation at the following code location:

https://github.com/elastic/terraform-provider-elasticstack/blob/v0.11.11/internal/kibana/role.go#L273

Could you please investigate and provide a solution?

To Reproduce
Steps to reproduce the behavior:

  1. TF configuration used '...'
resource "elasticstack_kibana_security_role" "role" {
  name = "developer_role"

  elasticsearch {
    cluster = []
    indices {
      names      = ["application-dev-*"]
      privileges = ["read"]
    }
    run_as = []
  }

  kibana {
    feature {
      name       = "dashboard"
      privileges = ["minimal_read"]
    }

    feature {
      name       = "discover"
      privileges = ["minimal_read"]
    }

    spaces = ["default"]
  }
}
  1. TF operations to execute to get the error '...'
tofu apply
  1. See the error in the output '...'
2024-11-27T18:30:42.394+0700 [ERROR] provider.terraform-provider-elasticstack_v0.11.11: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov6/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="400 Bad Request" tf_resource_type=elasticstack_kibana_security_role diagnostic_detail="" tf_provider_addr=registry.terraform.io/elastic/elasticstack tf_rpc=ApplyResourceChange tf_proto_version=6.6 tf_req_id=da98b79c-16ca-15e9-6e5f-c3b209d16c3c timestamp="2024-11-27T18:30:42.394+0700"
2024-11-27T18:30:42.400+0700 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-11-27T18:30:42.400+0700 [ERROR] vertex "elasticstack_kibana_security_role.role" error: 400 Bad Request
╷
│ Error: 400 Bad Request
│ 
│   with elasticstack_kibana_security_role.role,
│   on main.tf line 72, in resource "elasticstack_kibana_security_role" "role":
│   72: resource "elasticstack_kibana_security_role" "role" {
│ 
╵
2024-11-27T18:30:42.408+0700 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-11-27T18:30:42.409+0700 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/elastic/elasticstack/0.11.11/darwin_arm64/terraform-provider-elasticstack_v0.11.11 pid=74063
2024-11-27T18:30:42.409+0700 [DEBUG] provider: plugin exited

Expected behavior
Expected to able to create Kibana role without any errors.

Debug output
Run terraform command with TF_LOG=debug and provide extended information on TF operations. Please ensure you redact any base64 encoded credentials from your output.
eg

2024-11-27T18:30:42.394+0700 [ERROR] provider.terraform-provider-elasticstack_v0.11.11: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov6/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="400 Bad Request" tf_resource_type=elasticstack_kibana_security_role diagnostic_detail="" tf_provider_addr=registry.terraform.io/elastic/elasticstack tf_rpc=ApplyResourceChange tf_proto_version=6.6 tf_req_id=da98b79c-16ca-15e9-6e5f-c3b209d16c3c timestamp="2024-11-27T18:30:42.394+0700"
2024-11-27T18:30:42.400+0700 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-11-27T18:30:42.400+0700 [ERROR] vertex "elasticstack_kibana_security_role.role" error: 400 Bad Request
╷
│ Error: 400 Bad Request
│ 
│   with elasticstack_kibana_security_role.role,
│   on main.tf line 72, in resource "elasticstack_kibana_security_role" "role":
│   72: resource "elasticstack_kibana_security_role" "role" {
│ 
╵
2024-11-27T18:30:42.408+0700 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-11-27T18:30:42.409+0700 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/elastic/elasticstack/0.11.11/darwin_arm64/terraform-provider-elasticstack_v0.11.11 pid=74063
2024-11-27T18:30:42.409+0700 [DEBUG] provider: plugin exited

Screenshots
If applicable, add screenshots to help explain your problem.

Image

Image

Versions (please complete the following information):

  • OS: MacOS M1
  • Opentofu Version: 1.6.2
  • Provider version: 0.11.11
  • Kibana Version: 8.16.0

Additional context

It appears that the Kibana Role API (v8) does not support the createOnly query parameter in the GET method.

https://www.elastic.co/docs/api/doc/kibana/v8/operation/operation-get-security-role-name
@browol browol added the bug Something isn't working label Nov 27, 2024
@lockness-Ko
Copy link

Seeing the same thing here, same symptoms, same error, with version 8.17.0 on docker compose (https://elastic.co/start-local) with provider version 0.11.11:

Image

@jakubpetrovic
Copy link

Facing the same problem with new elastic cloud deployments.

Os: Mac 15.2 & Ubuntu 22.04
Deployment version: 8.17.0
Terraform version: 1.9.8
Provider version: 0.11.11 & 0.11.12

@jelmokri
Copy link

have same issue with Elastic 8.16.0 & provider: 0.11.6
terraform verison: 1.10.2

@biscout42 biscout42 mentioned this issue Dec 18, 2024
Merged
3 tasks
@biscout42
Copy link
Contributor

I assume it will be fixed in the linked PR above.

@tobio
Copy link
Member

tobio commented Jan 11, 2025

@biscout42 are we able to close this issue out now?

@biscout42
Copy link
Contributor

Yep, the fix for createOnly should be in linked PR. Folks, could you try again with the v0.11.13? In case of errors feel free to create a new issue.

@jakubpetrovic
Copy link

Seems to work fine now on 8.17, thanks for the fix.

@biscout42
Copy link
Contributor

Thanks for verifying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tobio @browol @lockness-Ko @jakubpetrovic @jelmokri @biscout42