terraform-provider-splunk icon indicating copy to clipboard operation
terraform-provider-splunk copied to clipboard

Published 20 hours ago verified publisher icon splunk

Receive 403 when trying to create a scheduled search/alert

Open reachuttam opened this issue 1 year ago • 1 comments

We use a Splunk restapi user that can authentocate to Splunk fine but receive a 403 when trying to create a scheduled search/alert.

Further research shows that the terraform user is hitting the rest endpoint of "GET /servicesNS/admin/launcher/saved/searches" for which it is not authorized. Only Splunk Admins can reach "GET /servicesNS/admin/launcher/saved/searches".

How can we switch the rest endpoint for terraform user to use "GET /servicesNS/user/launcher/saved/searches" instead of "GET /servicesNS/admin/launcher/saved/searches".

Thank you

reachuttam avatar Jun 06 '23 19:06 reachuttam

@reachuttam try setting the acl object on the resource. Example would be:

 acl {
    owner   = "user"
    app     = "launcher"
  }

The above acl object would generate an address like: /servicesNS/user/launcher/saved/searches

cbaxtersf avatar Jul 17 '23 20:07 cbaxtersf