terraform-provider-netbox icon indicating copy to clipboard operation
terraform-provider-netbox copied to clipboard

Published 20 hours ago verified publisher icon e-breuninger

Usage of NETBOX_API_TOKEN leads to error 403

Open wuetz opened this issue 1 year ago • 4 comments

Hello everyone,

i'm facing an issue, that the NETBOX_API_TOKEN env variable seems to not work. Yes i ensured that NETBOX_API_TOKEN env var is exported and present and has no space in it.
The error i see in terraform apply is:

╷
│ Error: [GET /status/][403] status_list default  map[detail:Invalid token header. Token string should not contain spaces.]
│
│   with provider["registry.terraform.io/e-breuninger/netbox"],
│   on provider.tf line 14, in provider "netbox":
│   14: provider "netbox" {
│
╵

To ensure my config has not other failure, I did set the api_token in the provider. With this api_token the config is working, but as soon as I switch to NETBOX_API_TOKEN env var it is broken.

Terraform Configuration Files

As you see I try to pass the provider into mymodule.

provider "netbox" {
  server_url           = "https://<REDACTED>"  
  allow_insecure_https = true  
  # Use env var NETBOX_API_TOKEN to authenticate
  # api_token = "REDACTED"
}

module "mymodule" {
  source         = "REDACTED"
  [ ...]
  
  providers = {
    netbox = netbox
  }  
}

Expected Behavior

NETBOX_API_TOKEN should work.

Actual Behavior

Error from abbove.

Terraform version

Terraform v1.3.4
on linux_amd64
+ provider registry.terraform.io/e-breuninger/netbox v3.1.0
[...]

Your version of Terraform is out of date! The latest version
is 1.4.1. You can update by downloading from https://www.terraform.io/downloads.html

wuetz avatar Mar 16 '23 12:03 wuetz

This is definitely an error on your side. The functionality works and is tested permanently when the test suite runs.

As for the error: I assume that your actual token does not really contain a space, so you either export an empty string or you have a leading or trailing space in your token string.

fbreckle avatar Mar 16 '23 14:03 fbreckle

Thx for the feedback.

As for the error: I assume that your actual token does not really contain a space --> that is correct so you either export an empty string or you have a leading or trailing space in your token string --> I double checked that and dont think so.

If I do an echo "\"$NETBOX_API_TOKEN\"" I can verify no space leading or trailing exists. I have also another provider in place which uses the same mechanism of using env vars, where it works. So the env var's seems to work generally

wuetz avatar Mar 16 '23 14:03 wuetz

Hm. As seen in https://github.com/e-breuninger/terraform-provider-netbox/blob/master/GNUmakefile#L7, we use this feature to pass the test token to the local netbox when running the test suite in every commit.

I'm honestly at a loss here. You could try re-generating your token, if there are special chars in it. Inspect your TCP traffic to see what is actually passed as a token. Use another shell. Try in a container... :shrug:

fbreckle avatar Mar 16 '23 15:03 fbreckle

Make sure you aren't using quotes in your ENV value. I just tried this and specifically

export NETBOX_API_TOKEN="<yourtokenhere>"

should work perfectly. Confirmed this is the case. Also

echo $NETBOX_API_TOKEN

should return your API token without quotes. If you have anything but the token, the export is incorrect.

zeddD1abl0 avatar Apr 08 '23 10:04 zeddD1abl0