Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

provider/pagerduty: Validate credentials #12854

Merged
merged 8 commits into from
Mar 19, 2017

Conversation

heimweh
Copy link
Contributor

@heimweh heimweh commented Mar 18, 2017

This PR adds token validation to the PagerDuty provider.

Previously if the token was missing (empty string) or invalid,
an error message like this was displayed to the user:

* data.pagerduty_user.me: Response did not contain formatted error: Could not decode JSON response: EOF. HTTP response code: 401. Raw response: &{Status:401 Unauthorized StatusCode:401 Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Connection:[keep-alive] X-Request-Id:[444f0bcbd1fc02a3ab93e8833c9e3c4c] Server:[nginx] Content-Type:[text/html; charset=utf-8] Status:[401 Unauthorized] X-Ua-Compatible:[IE=Edge,chrome=1] Cache-Control:[no-cache] Date:[Tue, 14 Mar 2017 22:01:56 GMT]] Body:0xc4201ce340 ContentLength:-1 TransferEncoding:[chunked] Close:false Uncompressed:false Trailer:map[] Request:0xc4200de300 TLS:0xc4200aa370}

To make the error a bit more user-friendly we instead display this error message if the token is missing or invalid:

No token

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

Error refreshing state: 1 error(s) occurred:

* provider.pagerduty:

No valid credentials found for PagerDuty provider.
Please see https://www.terraform.io/docs/providers/pagerduty/index.html
for more information on providing credentials for this provider.

Invalid token

$ terraform plan                                                                                                                                                          Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

Error refreshing state: 1 error(s) occurred:

* provider.pagerduty: Response did not contain formatted error: Could not decode JSON response: EOF. HTTP response code: 401. Raw response: &{Status:401 Unauthorized StatusCode:401 Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Connection:[keep-alive] Status:[401 Unauthorized] X-Ua-Compatible:[IE=Edge,chrome=1] Server:[nginx] Date:[Sun, 19 Mar 2017 13:14:46 GMT] X-Request-Id:[b3342ecc6a5a067dd1c048b4e7f62728] Content-Type:[text/html; charset=utf-8] Cache-Control:[no-cache]] Body:0xc420406080 ContentLength:-1 TransferEncoding:[chunked] Close:false Uncompressed:false Trailer:map[] Request:0xc4201fa600 TLS:0xc4201e53f0}


No valid credentials found for PagerDuty provider.
Please see https://www.terraform.io/docs/providers/pagerduty/index.html
for more information on providing credentials for this provider.

client := pagerduty.NewClient(c.Token)

// Validate the credentials by calling the abilities endpoint,
// if we get a 401 response back we return an error to the user
if _, err := client.ListAbilities(); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will all account types be able to access the Abilities endpoint?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All plans (except for the Lite plan which doesn't allow API access) should be able to call the Abilities endpoint.

I've tested this on a Basic and a Standard plan and I assume the Enterprise plan should work as well considering it has everything a Standard plan has.

I guess one thing we could do is adding something like SkipValidate which would allow the user to skip the validation? :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a ignore_credentials_validation field (similar to the one in the AWS provider) so the user can skip the validation against the PagerDuty API :)


"skip_credentials_validation": {
Type: schema.TypeBool,
Optional: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think we need to define a default here? We are using d.Get - what if the value isn't found?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch :) I'll push a fix for that

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

skip_credentials_validation should now default to false

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! thanks :)

@stack72
Copy link
Contributor

stack72 commented Mar 19, 2017

LGTM!

% make testacc TEST=./builtin/providers/pagerduty                                                   ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/19 17:31:11 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/pagerduty -v  -timeout 120m
=== RUN   TestConfigEmptyToken
--- PASS: TestConfigEmptyToken (0.00s)
=== RUN   TestConfigSkipCredsValidation
2017/03/19 17:31:17 [INFO] PagerDuty client configured
--- PASS: TestConfigSkipCredsValidation (0.00s)
=== RUN   TestAccDataSourcePagerDutyEscalationPolicy_Basic
--- PASS: TestAccDataSourcePagerDutyEscalationPolicy_Basic (12.92s)
=== RUN   TestAccDataSourcePagerDutySchedule_Basic
--- PASS: TestAccDataSourcePagerDutySchedule_Basic (11.02s)
=== RUN   TestAccDataSourcePagerDutyUser_Basic
--- PASS: TestAccDataSourcePagerDutyUser_Basic (8.34s)
=== RUN   TestAccDataSourcePagerDutyVendor_Basic
--- PASS: TestAccDataSourcePagerDutyVendor_Basic (4.32s)
=== RUN   TestAccPagerDutyEscalationPolicy_import
--- PASS: TestAccPagerDutyEscalationPolicy_import (10.47s)
=== RUN   TestAccPagerDutySchedule_import
--- PASS: TestAccPagerDutySchedule_import (10.17s)
=== RUN   TestAccPagerDutyServiceIntegration_import
--- PASS: TestAccPagerDutyServiceIntegration_import (15.98s)
=== RUN   TestAccPagerDutyService_import
--- PASS: TestAccPagerDutyService_import (11.54s)
=== RUN   TestAccPagerDutyServiceWithIncidentUrgency_import
--- PASS: TestAccPagerDutyServiceWithIncidentUrgency_import (13.01s)
=== RUN   TestAccPagerDutyTeam_import
--- PASS: TestAccPagerDutyTeam_import (6.02s)
=== RUN   TestAccPagerDutyUser_import
--- PASS: TestAccPagerDutyUser_import (6.94s)
=== RUN   TestProvider
--- PASS: TestProvider (0.00s)
=== RUN   TestProviderImpl
--- PASS: TestProviderImpl (0.00s)
=== RUN   TestAccPagerDutyAddon_Basic
--- PASS: TestAccPagerDutyAddon_Basic (9.34s)
=== RUN   TestAccPagerDutyEscalationPolicy_Basic
--- PASS: TestAccPagerDutyEscalationPolicy_Basic (13.56s)
=== RUN   TestAccPagerDutyEscalationPolicyWithTeams_Basic
--- PASS: TestAccPagerDutyEscalationPolicyWithTeams_Basic (15.85s)
=== RUN   TestAccPagerDutySchedule_Basic
--- PASS: TestAccPagerDutySchedule_Basic (13.41s)
=== RUN   TestAccPagerDutySchedule_BasicWeek
--- PASS: TestAccPagerDutySchedule_BasicWeek (14.60s)
=== RUN   TestAccPagerDutySchedule_Multi
--- PASS: TestAccPagerDutySchedule_Multi (10.26s)
=== RUN   TestAccPagerDutyServiceIntegration_Basic
--- PASS: TestAccPagerDutyServiceIntegration_Basic (24.65s)
=== RUN   TestAccPagerDutyServiceIntegrationGeneric_Basic
--- PASS: TestAccPagerDutyServiceIntegrationGeneric_Basic (23.90s)
=== RUN   TestAccPagerDutyService_Basic
--- PASS: TestAccPagerDutyService_Basic (18.19s)
=== RUN   TestAccPagerDutyService_BasicWithIncidentUrgencyRules
--- PASS: TestAccPagerDutyService_BasicWithIncidentUrgencyRules (19.16s)
=== RUN   TestAccPagerDutyService_FromBasicToCustomIncidentUrgencyRules
--- PASS: TestAccPagerDutyService_FromBasicToCustomIncidentUrgencyRules (18.63s)
=== RUN   TestAccPagerDutyTeam_Basic
--- PASS: TestAccPagerDutyTeam_Basic (9.29s)
=== RUN   TestAccPagerDutyUser_Basic
--- PASS: TestAccPagerDutyUser_Basic (10.17s)
=== RUN   TestAccPagerDutyUserWithTeams_Basic
--- PASS: TestAccPagerDutyUserWithTeams_Basic (22.47s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/pagerduty	334.231s

@stack72 stack72 merged commit ca51754 into hashicorp:master Mar 19, 2017
@heimweh heimweh deleted the pg-validate-creds branch March 20, 2017 16:49
mbfrahry pushed a commit that referenced this pull request Mar 28, 2017
* Validate credentials

* Add ability to skip validation

* Update provider documentation

* invalidCredentials -> invalidCreds

* Include original error message

* Update description for skip_credentials_validation

* Add config test

* set skip_credentials_validation default to false
@ghost
Copy link

ghost commented Apr 15, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants