500 error trying to run example
jaknn opened this issue · 3 comments
jaknn commented
I'm trying to run the example code but get a 500 error. I can curl https://api.policyguru.io/docs using the sample POST request generated at https://api.policyguru.io/docs#/default/write_iam_policy_write_iam_policy_post from the same terminal session where I am trying to run terraform plan. Details are below.
terraform {
required_providers {
policyguru = {
source = "salesforce/policyguru"
version = "~>2.0.5"
}
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
# Configure the AWS Provider
provider "aws" {
region = "us-east-1"
}
# This creates the policy document.
data "policyguru_document" "example" {
actions_for_resources_at_access_level {
read = tolist(["arn:aws:s3:::mybucket/*"])
}
actions_for_service_without_resource_constraint_support {
include_single_actions = ["ssm:GetParameter"]
}
exclude_actions = tolist(["kms:Decrypt*", "kms:Delete*", "kms:Disable", "kms:Schedule*"])
}
# This creates an IAM Policy leveraging policyguru
resource "aws_iam_policy" "policy" {
name = "policyguru-example"
path = "/"
description = "this uses the policyguru document data source"
policy = data.policyguru_document.example.json
}
# This shows you the output value
output "policy_document_json" {
value = data.policyguru_document.example.json
}
➜ terraform --version
Terraform v1.1.3
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.71.0
+ provider registry.terraform.io/salesforce/policyguru v2.0.5➜ terraform plan
╷
│ Error: status: 500, body: {"message":"Internal Server Error"}
│
│ with data.policyguru_document.example,
│ on main.tf line 29, in data "policyguru_document" "example":
│ 29: data "policyguru_document" "example" {
│
╵kmcquade commented
Weird. I tried triggering it from the docs and it looks like it should be okay.
Here's the curl command so it is clear that the API is looking like it works. Maybe it's an issue with the Terraform provider itself?
curl -X 'POST' \
'https://api.policyguru.io/write-iam-policy' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"name": "string",
"actions_for_resources_at_access_level": {
"read": ["arn:aws:s3:::mybucket/*"],
"write": [],
"permissions_management": [],
"tagging": [],
"list_access": []
},
"actions_for_services_without_resource_constraint_support": {
"single_actions": [],
"read": [],
"write": [],
"permissions_management": [],
"tagging": [],
"list_access": []
},
"skip_resource_constraints": [],
"exclude_actions": []
}'@reetasingh any ideas?
jaknn commented
Confirming that curl works from the same shell:
➜ curl -X 'POST' \
'https://api.policyguru.io/write-iam-policy' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"name": "string",
"actions_for_resources_at_access_level": {
"read": ["arn:aws:s3:::mybucket/*"],
"write": ["arn:aws:kms:us-east-1:123456789012:key/*"],
"permissions_management": [],
"tagging": [],
"list_access": []
},
"actions_for_services_without_resource_constraint_support": {
"single_actions": [],
"read": [],
"write": [],
"permissions_management": [],
"tagging": [],
"list_access": []
},
"skip_resource_constraints": [],
"exclude_actions": ["kms:Decrypt*", "kms:Delete*", "kms:Disable", "kms:Schedule*"]
}'{"Version":"2012-10-17","Statement":[{"Sid":"S3ReadObject","Effect":"Allow","Action":["s3:GetObject","s3:GetObjectAcl","s3:GetObjectLegalHold","s3:GetObjectRetention","s3:GetObjectTagging","s3:GetObjectTorrent","s3:GetObjectVersion","s3:GetObjectVersionAcl","s3:GetObjectVersionForReplication","s3:GetObjectVersionTagging","s3:GetObjectVersionTorrent"],"Resource":["arn:aws:s3:::mybucket/*"]},{"Sid":"KmsWriteKey","Effect":"Allow","Action":["kms:CancelKeyDeletion","kms:CreateAlias","kms:DisableKey","kms:DisableKeyRotation","kms:EnableKey","kms:EnableKeyRotation","kms:Encrypt","kms:GenerateDataKey","kms:GenerateDataKeyPair","kms:GenerateDataKeyPairWithoutPlaintext","kms:GenerateDataKeyWithoutPlaintext","kms:ImportKeyMaterial","kms:ReEncryptFrom","kms:ReEncryptTo","kms:Sign","kms:UpdateAlias","kms:UpdateKeyDescription","kms:Verify"],"Resource":["arn:aws:kms:us-east-1:123456789012:key/*"]}]}