Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stuck with providing valid client credentials #175

Closed
bxn-ts opened this issue Aug 6, 2021 · 6 comments
Closed

Stuck with providing valid client credentials #175

bxn-ts opened this issue Aug 6, 2021 · 6 comments
Labels
bug Something isn't working

Comments

@bxn-ts
Copy link

bxn-ts commented Aug 6, 2021

Hi,

I'm playing around with your provider for commercetools on a playground. I created a test project in Commercetools and also an API user (scope: manage_project).

While I'm able to authenticate via curl, Terraform is throwing fits when trying to use the same credentials, scopes, URLs etc. in the provider block.

curl:

curl -s https://auth.europe-west1.gcp.commercetools.com/oauth/token -X POST --basic --user "foo:bar" -d "grant_type=client_credentials&scope=manage_project:playground"

{
  "access_token": "barfoo",
  "token_type": "Bearer",
  "expires_in": 172800,
  "scope": "manage_project:playground"
}

In Terraform I'm using the provider block and a basic tax category:

provider "commercetools" {
  client_id     = "foo"
  client_secret = "bar"
  project_key   = "playground"
  scopes        = "manage_project:playground"
  token_url     = "https://auth.europe-west1.gcp.commercetools.com"
  api_url       = "https://api.europe-west1.gcp.commercetools.com"
}

resource "commercetools_tax_category" "standard" {
  name = "Standard tax category"
}

Unfortunately Terraform is not creating the resource because either it's not transmitting the credentials correctly or CT is not accepting them.

$ terraform apply

  # commercetools_tax_category.standard will be created
  + resource "commercetools_tax_category" "standard" {
      + id      = (known after apply)
      + name    = "Standard tax category"
      + version = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

│ Error: Please provide valid client credentials using HTTP Basic Authentication.
│
│   with commercetools_tax_category.standard,
│   on main.tf line 30, in resource "commercetools_tax_category" "standard":
│   30: resource "commercetools_tax_category" "standard" {

I also tried to create the same resource without using the provider block and instead set environment variables like CTP_PROJECT_KEY etc. That works fine.

I'm using

terraform version
Terraform v0.15.1
on darwin_amd64
+ provider registry.terraform.io/labd/commercetools v0.30.0
@teperm
Copy link

teperm commented Sep 14, 2021

Also having this same issue.

Applying this configuration:

terraform {
  required_providers {
    commercetools = {
      source = "labd/commercetools"
    }
  }
}

provider "commercetools" {
  client_id     = "id"
  client_secret = "secret"
  project_key   = "my-project"
  scopes        = "manage_project:my-project"
  api_url       = "https://api.us-central1.gcp.commercetools.com"
  token_url     = "https://auth.us-central1.gcp.commercetools.com"
}

resource "commercetools_product_type" "apparel" {
  name        = "Apparel"
  description = "The generic product type."
  key         = "apparel"
}

Results in this error:

commercetools_product_type.apparel: Creating...
╷
│ Error: Please provide valid client credentials using HTTP Basic Authentication.
│
│   with commercetools_product_type.apparel,
│   on main.tf line 18, in resource "commercetools_product_type" "apparel":
│   18: resource "commercetools_product_type" "apparel" {
│
╵

Omitting the provider block and using environment variables results in the same error.

Terraform version:

Terraform v1.0.6
on windows_amd64
+ provider registry.terraform.io/labd/commercetools v0.30.0

@mvantellingen
Copy link
Member

We need to look into this. Do you see anything related when you run TF_LOG=1 CTP_DEBUG=1 terraform apply. That command should log all requests/responses cycles to the terminal

@teperm
Copy link

teperm commented Sep 15, 2021
edited
Loading

Logs say "encountered an error during creation".

2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: ---[ REQUEST ]--------------------------------------------------------
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: POST /develop/product-types HTTP/1.1
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: Host: api.us-central1.gcp.commercetools.com
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: User-Agent: commercetools-go-sdk/0.1.0 Go/go1.15.14 (windows; amd64) terraform-provider-commercetools (+https://labdigital.nl; [email protected])
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: Content-Length: 64
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: Accept: application/json; charset=utf-8
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: Content-Type: application/json; charset=utf-8
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: Accept-Encoding: gzip
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: 
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: {
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: 	"name": "Terraform Test",
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: 	"description": "Terraform test."
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: }
2021-09-15T07:56:19.629-0500 [DEBUG] provider.terraform-provider-commercetools_v0.30.0.exe: ----------------------------------------------------------------------
2021-09-15T07:56:19.879-0500 [TRACE] maybeTainted: commercetools_product_type.terraform-test encountered an error during creation, so it is now marked as tainted
2021-09-15T07:56:19.880-0500 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for commercetools_product_type.terraform-test
2021-09-15T07:56:19.880-0500 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for commercetools_product_type.terraform-test
2021-09-15T07:56:19.880-0500 [TRACE] evalApplyProvisioners: commercetools_product_type.terraform-test is tainted, so skipping provisioning
2021-09-15T07:56:19.880-0500 [TRACE] maybeTainted: commercetools_product_type.terraform-test was already tainted, so nothing to do
2021-09-15T07:56:19.880-0500 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for commercetools_product_type.terraform-test
2021-09-15T07:56:19.880-0500 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for commercetools_product_type.terraform-test
2021-09-15T07:56:19.880-0500 [TRACE] statemgr.Filesystem: not making a backup, because the new snapshot is identical to the old
2021-09-15T07:56:19.881-0500 [TRACE] statemgr.Filesystem: no state changes since last snapshot

The full output: out.txt

One thing that seemed strange was the "apparel" product type in my configuration above already exists in my CT project, yet terraform said it was planning to create the product type and not modify it. I'm new to terraform, so I'm not sure if this is expected behavior or not; regardless, I changed the resource to a type that doesn't exist and got the same error.

Edit: Not sure if this is logged or not, but I did not see a request to the CT token endpoint.

@mvantellingen mvantellingen added bug Something isn't working feedback needed labels Feb 19, 2022
@yousefcisco
Copy link

We also had this issue and found the solution was to have multiple scopes defined. We tried an empty string and "manage_project:my-project" but neither worked, here's the working provider we're using now:

provider "commercetools" {
  client_id     = var.commercetools_client_id
  client_secret = var.commercetools_client_secret
  project_key   = var.commercetools_project_key
  scopes = join(" ",
    formatlist(
      "%s:${var.commercetools_project_key}",
      [
        "manage_project_settings",
        "manage_states",
        "manage_subscriptions",
        "manage_types",
        "manage_extensions",
        "manage_api_clients",
        "manage_tax_categories",
        "manage_shipping_methods"
      ]
    )
  )
  api_url   = "https://api.europe-west1.gcp.commercetools.com"
  token_url = "https://auth.europe-west1.gcp.commercetools.com"
}

@mvantellingen
Copy link
Member

I can't reproduce this. Using the admin token works perfect here. Did you make sure that the scopes you define here match the scopes you defined when creating the token in the commercetools merchant center? The only explanation for me is that there is a mismatch there. Otherwise I think you need to get commercetools support involved.

@pimvernooij pimvernooij closed this as not planned Won't fix, can't repro, duplicate, stale Nov 28, 2022
@motizukilucas
Copy link

Managed to get a working setup with following terraform, by appending authentication in token_url example in this other issue:

#466 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mvantellingen @yousefcisco @pimvernooij @motizukilucas @teperm @bxn-ts