Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

401 Unauthorised when importing Organization, but other resources import successfully #1622

Open
seddy opened this issue Nov 14, 2023 · 5 comments
Open

401 Unauthorised when importing Organization, but other resources import successfully #1622

seddy opened this issue Nov 14, 2023 · 5 comments
Labels
bug not_stale Not stale issue or PR

Comments

@seddy
Copy link

seddy commented Nov 14, 2023

Terraform CLI and Terraform MongoDB Atlas Provider Version

Terraform v1.6.2
on linux_amd64
+ provider registry.terraform.io/mongodb/mongodbatlas v1.12.3

Terraform Configuration File

# main.tf
terraform {
  required_providers {
    mongodbatlas = {
      source = "mongodb/mongodbatlas"
    }
  }
}

provider "mongodbatlas" {
  public_key  = "<public-api-key>"
  private_key = "<private-api-key>"
}

Steps to Reproduce

We're attempting to import an existing Organization into the state. This fails on a 401. However, other state imports (e.g. of projects) work fine. The API key being used has all permissions, we've tried with multiple different keys and it's the same behaviour each time.

For this example, we can just use following configuration:

resource "mongodbatlas_organization" "seddys_org" {
}

resource "mongodbatlas_project" "seddys_project" {
}

The API key we're using has all permissions at the Organization level and all permissions at the Project level. The behaviour is the same if it just has the Owner permission on both.

I've used the same API key to get the organization details using the API and it returns successfully, so I'm reasonably certain this is not a configuration issue with permissions on the API key.

Expected Behavior

Running both of these two commands should succeed:

terraform import mongodbatlas_organization.seddys_org <org-id>
terraform import mongodbatlas_project.seddys_project <project-id>

Both should succeed with:

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Actual Behavior

The Project import works fine, the Organization import fails with:

│ Error: error reading organization information: GET https://cloud.mongodb.com/api/atlas/v1.0/orgs/<org-id>: 401 (request "") You are not authorized for this resource.

References

This is very similar to the issue outlined in #385, however that was two years ago and resolved outside of github. There were no potential fixes in there, so I'm re-raising it as a separate issue.
@github-actions GitHub Actions
Copy link
Contributor

Thanks for opening this issue! Please make sure you've followed our guidelines when opening the issue. In short, to help us reproduce the issue we need:

  • Terraform configuration file used to reproduce the issue
  • Terraform log files from the run where the issue occurred
  • Terraform Atlas provider version used to reproduce the issue
  • Terraform version used to reproduce the issue
  • Confirmation if Terraform OSS, Terraform Cloud, or Terraform Enterprise deployment

The ticket INTMDB-1288 was created for internal tracking.

@AgustinBettati
Copy link
Member

Hello @seddy, thank you for the details provided.

I was able to reproduce the error, and identified an issue with how we are handling the import logic in this resource. We will keep you updated with any progress made in INTMDB-1288.

@AgustinBettati AgustinBettati added bug not_stale Not stale issue or PR labels Nov 17, 2023
@AgustinBettati
Copy link
Member

Hello @seddy, I wanted to follow up on this issue to gain more understanding on your use case for importing this resource.
I am asking this because there are existing terraform resources we might be able to leverage depending on the attributes you are looking to obtain or modify.

@seddy
Copy link
Author

seddy commented Jan 5, 2024
edited
Loading

Nothing too crazy @AgustinBettati as there's not tons to manage on this resource. What I'm interested in is:

  1. I'd rather not use magic var strings for critical things like organisation ID. I'd rather have that maintained inside the terraform state if I can and refer to it with mongodbatlas_organization.org.id
  2. I may want to change things like the description, and more importantly the owner of the organization which is a critical change that I'd like to be able to track in terraform
  3. The documentation says I should be able to do this, and importing terraform state is a fairly core to terraform, so if it's not possible for some reason that should be clearly explained in the docs.

@AgustinBettati
Copy link
Member

With regards to being able to reference mongodbatlas_organization.org.id, I can suggest making use of the data source to have a single place were the id is defined while also ensuring the id is valid.

We have recently updated our documentation in #1806 to clarify the limitation, this will be present the coming release.
Being able to support the import feature for organization resource will require a change from the API side which is currently planned in the long term. Will leave this github issue open in the interim, internal tracking ticket CLOUDP-215155.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug not_stale Not stale issue or PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seddy @AgustinBettati