Skip to content

[Bug] HTTP 400 Bad Request When Creating elasticstack_kibana_security_role #933

New issue
New issue
Closed
Closed
[Bug] HTTP 400 Bad Request When Creating elasticstack_kibana_security_role#933
Labels
bugSomething isn't working
@browol

Description

@browol
browol
opened on Nov 27, 2024

Describe the bug

I encountered an error while attempting to create the elasticstack_kibana_security_role resource. Although the Kibana role appears to be created successfully, the Terraform resource (elasticstack_kibana_security_role.role) fails to be created.

Upon reviewing the Kibana logs, it seems the issue is caused by a 400 Bad Request response. Specifically:

  1. A PUT request to /api/security/role/developer_role?createOnly=true is successfully processed.
  2. Immediately afterward, a GET request to /api/security/role/developer_role?createOnly=true is sent, which results in a 400 Bad Request error from the Kibana server.

This behavior suggests that the provider's code is making an unnecessary or improperly formatted GET request after the successful PUT.

I believe the problem is related to the implementation at the following code location:

https://github.com/elastic/terraform-provider-elasticstack/blob/v0.11.11/internal/kibana/role.go#L273

Could you please investigate and provide a solution?

To Reproduce
Steps to reproduce the behavior:

  1. TF configuration used '...'
resource "elasticstack_kibana_security_role" "role" {
  name = "developer_role"

  elasticsearch {
    cluster = []
    indices {
      names      = ["application-dev-*"]
      privileges = ["read"]
    }
    run_as = []
  }

  kibana {
    feature {
      name       = "dashboard"
      privileges = ["minimal_read"]
    }

    feature {
      name       = "discover"
      privileges = ["minimal_read"]
    }

    spaces = ["default"]
  }
}
  1. TF operations to execute to get the error '...'
tofu apply
  1. See the error in the output '...'
2024-11-27T18:30:42.394+0700 [ERROR] provider.terraform-provider-elasticstack_v0.11.11: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov6/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="400 Bad Request" tf_resource_type=elasticstack_kibana_security_role diagnostic_detail="" tf_provider_addr=registry.terraform.io/elastic/elasticstack tf_rpc=ApplyResourceChange tf_proto_version=6.6 tf_req_id=da98b79c-16ca-15e9-6e5f-c3b209d16c3c timestamp="2024-11-27T18:30:42.394+0700"
2024-11-27T18:30:42.400+0700 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-11-27T18:30:42.400+0700 [ERROR] vertex "elasticstack_kibana_security_role.role" error: 400 Bad Request
╷
│ Error: 400 Bad Request
│ 
│   with elasticstack_kibana_security_role.role,
│   on main.tf line 72, in resource "elasticstack_kibana_security_role" "role":
│   72: resource "elasticstack_kibana_security_role" "role" {
│ 
╵
2024-11-27T18:30:42.408+0700 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-11-27T18:30:42.409+0700 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/elastic/elasticstack/0.11.11/darwin_arm64/terraform-provider-elasticstack_v0.11.11 pid=74063
2024-11-27T18:30:42.409+0700 [DEBUG] provider: plugin exited

Expected behavior
Expected to able to create Kibana role without any errors.

Debug output
Run terraform command with TF_LOG=debug and provide extended information on TF operations. Please ensure you redact any base64 encoded credentials from your output.
eg

2024-11-27T18:30:42.394+0700 [ERROR] provider.terraform-provider-elasticstack_v0.11.11: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov6/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="400 Bad Request" tf_resource_type=elasticstack_kibana_security_role diagnostic_detail="" tf_provider_addr=registry.terraform.io/elastic/elasticstack tf_rpc=ApplyResourceChange tf_proto_version=6.6 tf_req_id=da98b79c-16ca-15e9-6e5f-c3b209d16c3c timestamp="2024-11-27T18:30:42.394+0700"
2024-11-27T18:30:42.400+0700 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-11-27T18:30:42.400+0700 [ERROR] vertex "elasticstack_kibana_security_role.role" error: 400 Bad Request
╷
│ Error: 400 Bad Request
│ 
│   with elasticstack_kibana_security_role.role,
│   on main.tf line 72, in resource "elasticstack_kibana_security_role" "role":
│   72: resource "elasticstack_kibana_security_role" "role" {
│ 
╵
2024-11-27T18:30:42.408+0700 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-11-27T18:30:42.409+0700 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/elastic/elasticstack/0.11.11/darwin_arm64/terraform-provider-elasticstack_v0.11.11 pid=74063
2024-11-27T18:30:42.409+0700 [DEBUG] provider: plugin exited

Screenshots
If applicable, add screenshots to help explain your problem.

Image

Image

Versions (please complete the following information):

  • OS: MacOS M1
  • Opentofu Version: 1.6.2
  • Provider version: 0.11.11
  • Kibana Version: 8.16.0

Additional context

It appears that the Kibana Role API (v8) does not support the createOnly query parameter in the GET method.

https://www.elastic.co/docs/api/doc/kibana/v8/operation/operation-get-security-role-name

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions