CODEWITHSUNDEEP
terraformdigital-ocean
ali haider
ali haider

Reputation: 20232

getting 401 with terraform 0.13.5 and digitalocean

I was previously able to use terraform 0.11 with digitalocean. I have since updated the terraform version to 0.13.5 and updated the digitalocean provider. However, after this change, I am not able to provision any resource as I am getting a 401 error from digitalocean. I have even tried using a new authentication token but that produced the same result.

Error: Error creating droplet: POST https://api.digitalocean.com/v2/droplets: 401 Unable to authenticate you

I have modified the TF_LOG value but that has not provided any additional details to help debug the issue. Any ideas on how to troubleshoot this further?

The token is valid as I am able to use it with curl but not with terraform 0.13.5 and digitalocean provider 2.2.0.

Upvotes: 1

Views: 2074

Answers (2)

viclec
viclec

Reputation: 21

Had the same issue and it turned out when I added alias it broke it: 

provider "digitalocean" {
  alias = "do" # This was the issue
  token = var.do_token
  spaces_access_id  = module.globals.digitalocean_spaces_access_key
  spaces_secret_key = var.do_spaces_secret
}

Upvotes: 2

Wakaru44
Wakaru44

Reputation: 453

What could be happening, is that after the upgrade, you are not loading the variable correctly. So the terraform it's passing an empty token to the provider. The provider then tries to authenticate with an empty/wrong token and fails resulting in 401.

If you are providing a default value, to confirm the issue, try removing the default value, and make it ask you instead.

Try Following this example

#Set the variable value in *.tfvars file
# or using -var="do_token=..." CLI option
variable "do_token" {}

# Configure the DigitalOcean Provider
provider "digitalocean" {
  token = var.do_token
}

# Create a web server
resource "digitalocean_droplet" "web" {
  # ...
}

And make sure you name your file whatever.auto.tfvars (auto.tfvars is the key) with the toke like this:

do_token = ua0uhk0a0ka0k7a0o90ia0oekadho0eka9

And it should work, or ask you for a token. To be noted: This is an API token, not your password. follow [this process]{https://docs.digitalocean.com/reference/api/create-personal-access-token/} if you have never created/used one.

Upvotes: 3

Related Questions