scaleway/scaleway-sdk-go

403 Forbidden with CreateSSHKey

ztl8702 opened this issue · 8 comments

ztl8702 commented

I am trying to use this API:

scaleway-sdk-go/api/account/v2alpha1/account_sdk.go

Line 203 in fbe3615

func (s *API) CreateSSHKey(req *CreateSSHKeyRequest, opts ...scw.RequestOption) (*SSHKey, error) {

with the code:

        accountApi := account.NewAPI(client)
	response, err := accountApi.CreateSSHKey(&account.CreateSSHKeyRequest{
		PublicKey: pubKey,
	})
	if err != nil {
		panic(err)
	}

And I got:

panic: scaleway-sdk-go: http error 403 Forbidden: permission denied

The same client works with baremetal and instance APIs, so I assume the credentials are valid.

Is this intentional? Can I use the account APIs?

jerome-quere commented

Hi @ztl8702,

Even if this API is in alpha the CreateSSHKey should work fine.
I cannot reproduce your issue on my side.

Could you run your code with the environment variable SCW_DEBUG=true and add logs in this issue?

ztl8702 commented

This is the debug output when attempting to call CreateSSHKey:

Creating SSH Key...
DEBUG: 2020/01/13 02:28:01 creating POST request on https://api.scaleway.com/account/v2alpha1/ssh-keys
DEBUG: 2020/01/13 02:28:01 
--------------- Scaleway SDK REQUEST 1 : ---------------
POST /account/v2alpha1/ssh-keys HTTP/1.1
Host: api.scaleway.com
User-Agent: scaleway-sdk-go/v1.0.0-beta.5+dev (go1.12.6; darwin; amd64)
Content-Length: 483
Content-Type: application/json
X-Auth-Token: 03ea9508-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Accept-Encoding: gzip

{"name":"","public_key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJLJphZCZ0mzqeGcK+SvJ1Ys3dvOw8LHLykkkmMSFL6a+6eNw1Yppq2Jmf0AI0YzoRgc1V7LJiEdR8mT63CVm9q95tF6hjPBcJjqx+vfWvQZHkWv156bqmKxfHAbQuLW57AUOOohdyz+THAiP2owQ/O9LZe6GoWqi59q6Cz31MAMZAwP+YXX925zeUz6Twm9t7ZvVnxATkGvqNY9qwPxXTg2SRBpmekas658l4S9zDCjSGxSfuhRve8EBT6B5R1/0aih6RW/a7xT+JCDRtFCyfcvsIr5Fm9i8Oq6GlWFjw0Txl5HZKIIocvnXLUegDV7BQY/ZIlyAOA6s7kVsiYExV ztl8702@machine","organization_id":"<omitted>"}
---------------------------------------------------------
DEBUG: 2020/01/13 02:28:02 
--------------- Scaleway SDK RESPONSE 1 : ---------------
HTTP/2.0 403 Forbidden
Content-Length: 31
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
Content-Type: application/json
Date: Sun, 12 Jan 2020 15:28:02 GMT
Server: scaleway_api
Strict-Transport-Security: max-age=63072000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: d54de3e9-a4a4-4e16-9324-ced97bb87a3d

{"message":"Permission denied"}
----------------------------------------------------------
panic: scaleway-sdk-go: http error 403 Forbidden: permission denied

whereas calling other API methods with the same credential works:

DEBUG: 2020/01/13 02:29:42 client: using sdk version v1.0.0-beta.5+dev
DEBUG: 2020/01/13 02:29:42 creating GET request on https://api.scaleway.com/baremetal/v1alpha1/zones/fr-par-2/servers?order_by=created_at_asc
DEBUG: 2020/01/13 02:29:42 
--------------- Scaleway SDK REQUEST 1 : ---------------
GET /baremetal/v1alpha1/zones/fr-par-2/servers?order_by=created_at_asc HTTP/1.1
Host: api.scaleway.com
User-Agent: scaleway-sdk-go/v1.0.0-beta.5+dev (go1.12.6; darwin; amd64)
X-Auth-Token: 03ea9508-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Accept-Encoding: gzip


---------------------------------------------------------
DEBUG: 2020/01/13 02:29:44 
--------------- Scaleway SDK RESPONSE 1 : ---------------
HTTP/2.0 200 OK
Content-Length: 30
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
Content-Type: application/json
Date: Sun, 12 Jan 2020 15:29:43 GMT
Server: scaleway_api
Strict-Transport-Security: max-age=63072000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: e57c996f-6437-4a0a-9372-6c3070b0e160

{"total_count":0,"servers":[]}
----------------------------------------------------------
0 baremetal servers:
ID      Name    Status
MetalGuardian commented

I have exactly the same issue. Is there any solution yet?

george-oakling commented

Is there any progress on it? Can we somehow help with the issue?

jerome-quere commented

Hello @george-oakling, account-team is working on a major rework of these endpoints. Hopefully, this will fix the problem and if not, we should have much better-debugging information.
🤞 the fix should be deployed by the end of the week. As all changes will be made API-side this should not affect the SDK code. I will update this issue when I have more information.

  • 👍1
jerome-quere commented

Hi, The problem should be fixed. Can you git it a try?

george-oakling commented

will look at it, thanks for letting me know :)

remyleone commented

Hello @george-oakling I'm closing this issue for now. Feel free to open a new open if the current version of the SDK and the current account API is not working as intended.