On error 401 - precheck does not respond with an access denied
LaurentLesle opened this issue · 2 comments
If there is an object that was previously pre-checked successfully. On the sub-sequent run, with an invalid authentication token, the provider will display:
Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: Pre-checking 0-th check (api) failure
│
│ with data.restful_resource.check_cache_propagation["tenant_root"],
│ on azuread_applications.tf line 109, in data "restful_resource" "check_cache_propagation":
│ 109: data "restful_resource" "check_cache_propagation" {
│
│ No status value found from body.requiredResourceAccess.#.resourceAccess.#(id==06b708a9-e830-4db3-a914-8e69da51d44f).id|0
Trace from proxy
Code:
data "restful_resource" "check_cache_propagation" {
provider = restful.msgraph
for_each = local.azuread_applications
id = format("/v1.0/applications/%s", module.application[each.key].object_id)
precheck = [
for role_id in toset(each.value.api_access.role_ids) : {
api = {
path = format("/v1.0/applications/%s", module.application[each.key].object_id)
# Search for the resourceAppId first then check each resource access are in the response
status_locator = "body.requiredResourceAccess.#.resourceAccess.#(id==${role_id}).id|0"
status = {
success = "${role_id}"
pending = [""]
}
}
}
]
depends_on = [
azuread_application_api_access.this
]
}@LaurentLesle I'm not sure if I understand correctly, you were reporting that when the precheck call hits some non-2xx status code, the error message should tell the api request failure, instead of telling the status locating failure, even though it is still failing the run?
@magodo I think the access token was empty (missing in the call of the provider) was expecting the 401 (unauthorised) of the API call to returned instead of the assertion failing.
Maybe returning both errors? If I did not have mitmproxy opened I could have interpreted this error as an error in my gjson query.