Giters

PrefectHQ / terraform-provider-prefect

Terraform Provider for Prefect Cloud

Home Page:https://registry.terraform.io/providers/PrefectHQ/prefect/latest/docs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

403 error when running example

carlosjourdan opened this issue · comments

commented

Hello.

Im trying to run the terraform on the examples folder, but Im getting the following error message: "Could not create work pool, unexpected error: status code 403 Forbidden".

My provider initialization looks like this:

provider "prefect" {
endpoint = "https://api.prefect.cloud/api"
api_key = "{{api-key}}"
account_id = "{{account-id}}"
workspace_id="{{workspace-id}}"
}

And using prefect, I'm able to create a work pool resource by sending a post request to https://api.prefect.cloud/api/accounts/{{api-key}}/workspaces/{{workspace-id}}/work_pools/ with the {{api-key}} as a bearer token, so everything seems fine on the backend...

Any thoughts on how to troubleshoot this?

Best regards,
Carlos Jourdan

commented

Hey, thanks for the report, and for being an early adopter!

The provider is currently incomplete, and missing features that would make debugging easier (#42). It's also missing automated tests (#30) so it's possible that I broke this functionality without realizing it.

The only way to troubleshoot right now is to modify the source code to add logging, which is certainly not ideal. I'll look into this issue and get back to you.

commented

Hi Johnathan, thanks for the reply. I have zero experience in Go, but still I gave it a shot and managed to hack my way through it.

What I found out is that calls like the one below in the internal\provider\resources\work_pool.go file yielded objects that had empty ApiKey strings, not "inheriting" from the api.PrefectClient object that was part of the resource object.

client, err := r.client.WorkPools(model.AccountID.ValueUUID(), model.WorkspaceID.ValueUUID())

So I patched things up by explicitly passing on the ApiKey as an aditional argument to the client factory methods, such as

client, err := r.client.WorkPools(model.AccountID.ValueUUID(), model.WorkspaceID.ValueUUID(), r.client.ApiKey())

With that out of the way, I've been working on exposing additional resources, such as deployments and flows. It's not pretty, but it works. If you're in any way interested I can share it.

Best regards
Carlos Jourdan

commented

Thanks for the extra info @carlosjourdan 🤝

The API key is currently injected into the client here, and the logic for calculating it is here:

	// Extract the API Key from configuration or environment variable.
	var apiKey string
	if !config.APIKey.IsNull() {
		apiKey = config.APIKey.ValueString()
	} else if apiKeyEnvVar, ok := os.LookupEnv("PREFECT_API_KEY"); ok {
		apiKey = apiKeyEnvVar
	}

So if the API key isn't provided in the provider part of the Terraform config, it'll look for it from an environment variable.

That way, we don't need to inject it in the (many) client calls across the codebase.

We now have many tests running in CI, and tests we've run locally as well and they've all been working well - so I suspect whatever bug you hit in the past should be resolved by now.

I'm going to close this one for now, but if you find you're still able to replicate the error with the newest version of the code, please reach out and let us know.

With that out of the way, I've been working on exposing additional resources, such as deployments and flows. It's not pretty, but it works. If you're in any way interested I can share it.

Appreciate the offer for contribution 🤝 There are open PRs right now for Deployments and Flows, but if you have anything else we'd bee happy to take a look!