Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error getting project 403 (request IP_ADDRESS_NOT_ON_ACCESS_LIST) even if whitelisted IP #1048

Closed
divyangjp opened this issue Feb 7, 2023 · 6 comments
Closed

error getting project 403 (request IP_ADDRESS_NOT_ON_ACCESS_LIST) even if whitelisted IP #1048

divyangjp opened this issue Feb 7, 2023 · 6 comments

Comments

@divyangjp
Copy link

Terraform CLI and Terraform MongoDB Atlas Provider Version

▶ terraform --version
Terraform v1.3.3
on darwin_arm64
+ provider registry.terraform.io/confluentinc/confluent v1.23.0
+ provider registry.terraform.io/hashicorp/google v4.51.0
+ provider registry.terraform.io/hashicorp/google-beta v4.45.0
+ provider registry.terraform.io/mongodb/mongodbatlas v1.8.0

Terraform Configuration File

# Copy-paste your configuration info here

Steps to Reproduce

Expected Behavior

Using environment variables MONGODB_ATLAS_PUBLIC_KEY and MONGODB_ATLAS_PRIVATE_KEY for auth
IP address already whitelisted. Tried with world access (0.0.0.0/0) to see if that resolves issue. But no success
terraform plan successful

Actual Behavior

terraform plan failing with below error

Error: error getting project(xxx): GET https://cloud.mongodb.com/api/atlas/v1.0/groups/xxx: 403 (request "IP_ADDRESS_NOT_ON_ACCESS_LIST") IP address `xx.yy.zz.aa` is not allowed to access this resource.
│
│   with module.mongodb_atlas_instance[0].mongodbatlas_project.proj1,
│   on ../../modules/mongdb_atlas/main.tf line 1, in resource "mongodbatlas_project" "proj1":1: resource "mongodbatlas_project" "proj1" {

Debug Output

Crash Output

Additional Context

References
@martinstibbe
Copy link
Contributor

@divyangjp Would you have a bit more terraform example of your module to try to recreate this structure ?

@divyangjp
Copy link
Author

@martinstibbe
Here's the code block. Redacted privacy sensitive stuff.

resource "mongodbatlas_project" "proj1" {
  provider         = mongodbatlas
  name             = var.project_name
  org_id           = "xxxxxx"
  project_owner_id = "xxxxx"

  teams {
    team_id    = "xxxxxx"
    role_names = ["GROUP_OWNER"]
  }

  is_collect_database_specifics_statistics_enabled = true
  is_data_explorer_enabled                         = true
  is_performance_advisor_enabled                   = true
  is_realtime_performance_panel_enabled            = true
  is_schema_advisor_enabled                        = true
}

resource "mongodbatlas_advanced_cluster" "proj1-cluster" {
  provider                       = mongodbatlas
  project_id                     = mongodbatlas_project.proj1.id
  name                           = var.mongodb_cluster_name
  cluster_type                   = "REPLICASET"
  backup_enabled                 = true
  disk_size_gb                   = 40
  termination_protection_enabled = true

  advanced_configuration {
    javascript_enabled           = true
    minimum_enabled_tls_protocol = "TLS1_2"
  }
  replication_specs {
    region_configs {
      electable_specs {
        instance_size = "M30"
        node_count    = 3
      }
      provider_name = "GCP"
      priority      = 7
      region_name   = "AUSTRALIA_SOUTHEAST_1"

      auto_scaling {
        disk_gb_enabled            = true
        compute_enabled            = true
        compute_scale_down_enabled = true
        compute_min_instance_size  = "M30"
        compute_max_instance_size  = "M300"
      }
    }
  }

  lifecycle {
    ignore_changes = all
  }

  depends_on = [
    mongodbatlas_project.proj1
  ]
}

@martinstibbe
Copy link
Contributor

@divyangjp I was able to apply this terraform example so issue appears to be on Atlas configuration side of Organization API key ... my key is setup like this as an example in Organization Access Manager/API keys section of Atlas Portal

API Access List | Last Used | Created On | Last IP Used-- | -- | -- | --
0.0.0.0/1 | 02/08/23 - 03:17:25 PM | 07/22/22 - 01:00:59 AM | 47.225.xxx.xxx
128.0.0.0/1 | N/A | 07/22/22 - 01:01:13 AM | N/A
47.225.xxx.xxx | N/A | 07/22/22 - 01:00:37 AM | N/A

@divyangjp
Copy link
Author

@martinstibbe
I tried by creating new API key. It worked!
But that's more worrying thing. The existing API key is not working from terraform.
What if that happens with the application using the existing API key!

@Zuhairahmed
Copy link
Collaborator

Thanks @divyangjp can you share more details on "The existing API key is not working from terraform" and concerns if that happens with application? I'm glad new key worked, suggested for existing API Key you add "0.0.0.0/1" and "128.0.0.0/1" to IP Access List to properly open to entire world if that is what you trying to do. Happy to help if you need anything else here.

@Zuhairahmed
Copy link
Collaborator

@divyangjp closing this issue as you appear to be unblocked, but feel free to re-open if you need anything else

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@divyangjp @martinstibbe @Zuhairahmed