Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Service Account error message not descriptive #671

Closed
evandbrown opened this issue Nov 2, 2017 · 3 comments
Closed

Service Account error message not descriptive #671

evandbrown opened this issue Nov 2, 2017 · 3 comments

Comments

@evandbrown
Copy link
Contributor

Version: 0.10.2
Resources: google_service_account

If the account_id property of a google_service_account is invalid, the error message returned by Terraform is generic and doesn't surface the helpful message returned by the API. For example, an account_id > 30 characters returns this message in Terraform:

Error creating service account: googleapi: Error 400: Request contains an invalid argument., badRequest

The message returned by the API is helpful, but buried by Terraform:

Service account name must be between 6 and 30 characters (inclusive), must begin with a lowercase letter, and consist of alphanumeric characters that can be separated by hyphens.

Passing through the detailed error message from the API is the expected behavior.

Thanks!

@danawillow
Copy link
Contributor

So the actual solution to this that I think we should do is to provide a ValidateFunc so we don't even make it past plan with an invalid name. I would love to fix the message from the API, but the actual iam service isn't helping us out much with this. This is their server response:

2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google: {
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:   "error": {
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:     "code": 400,
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:     "message": "Request contains an invalid argument.",
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:     "errors": [
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:       {
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:         "message": "Request contains an invalid argument.",
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:         "domain": "global",
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:         "reason": "badRequest",
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:         "debugInfo": "detail: \"[ORIGINAL ERROR] generic::invalid_argument: a1234567890123456789012345678901234567890 does not have a length between 6 and 30\"\n"
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:       }
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:     ],
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:     "status": "INVALID_ARGUMENT"
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google:   }
2017-11-02T11:16:36.484-0700 [DEBUG] plugin.terraform-provider-google: }

The error message that's actually useful is hanging out in the debugInfo field, which I don't want to necessarily always return because more often that's populated with internal-style debug info.

Compare that to a similar error struct returned from the compute API:

2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google: {
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:  "error": {
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:   "errors": [
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:    {
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:     "domain": "global",
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:     "reason": "invalid",
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:     "message": "Invalid value for field 'resource.name': 'dsajfklsdjfkasdhfawihpfuweaifhajsdfhuadifohweruirq340yruq34iohtuieohtvuer8tyiueorhuiewphrxuq3ioytu3iwrothuveirothvu'. Must be a match of regex '(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)'",
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:     "debugInfo": [hidden because I'm not sure whether it actually shows up for everyone or just because i'm on the corp network but it has a full stack trace]
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:    }
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:   ],
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:   "code": 400,
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:   "message": "Invalid value for field 'resource.name': 'dsajfklsdjfkasdhfawihpfuweaifhajsdfhuadifohweruirq340yruq34iohtuieohtvuer8tyiueorhuiewphrxuq3ioytu3iwrothuveirothvu'. Must be a match of regex '(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)'"
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google:  }
2017-11-02T11:25:32.278-0700 [DEBUG] plugin.terraform-provider-google: }

I'll go ahead and add the ValidateFunc because that's easy enough, but for the more general issue I think we should follow up with the IAM team. Do you want to do that or should I?

@danawillow
Copy link
Contributor

Fixed in #793

@rosbo rosbo closed this as completed Nov 29, 2017
luis-silva pushed a commit to luis-silva/terraform-provider-google that referenced this issue May 21, 2019
@ghost
Copy link

ghost commented Mar 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants