Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating a VPC with IBMCLOUD_VISIBILITY=private seems to require a call to public IAM API #2925

Closed
l2fprod opened this issue Aug 2, 2021 · 3 comments
Closed

Creating a VPC with IBMCLOUD_VISIBILITY=private seems to require a call to public IAM API #2925

l2fprod opened this issue Aug 2, 2021 · 3 comments
Labels
Visibility

Comments

@l2fprod
Copy link
Member

l2fprod commented Aug 2, 2021
edited
Loading

Template

terraform {
  required_providers {
    ibm = {
      source  = "IBM-Cloud/ibm"
      version = ">= 1.29"
    }
  }
}

provider "ibm" {
  visibility = "private"
}

resource "random_string" "random" {
  length = 8
  special = false
  lower = true
  upper = false
  number = false
}

resource "ibm_resource_group" "group" {
  name = "${random_string.random.result}-group"
}

resource "ibm_is_vpc" "vpc" {
  name = "${random_string.random.result}-vpc"
  resource_group = ibm_resource_group.group.id
}

Terraform Version

$ terraform version
Terraform v1.0.3
on linux_amd64
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/ibm-cloud/ibm v1.29.0

Failure if iam.cloud.ibm.com is overridden to 127.0.0.1

│ Error: Error while creating VPC {
│     "Message": "An error occurred while performing the 'authenticate' step: Post \"https://iam.cloud.ibm.com/identity/token\": dial tcp 127.0.0.1:443: connect: connection refused",
│     "StatusCode": 0,
│     "Result": null
│ }
│
│
│   with module.vpc_d.ibm_is_vpc.vpc,
│   on vpc/main.tf line 1, in resource "ibm_is_vpc" "vpc":1: resource "ibm_is_vpc" "vpc" {
│
╵

Similar issue as #2890
@l2fprod
Copy link
Member Author

l2fprod commented Aug 2, 2021

^ @hkantare

@l2fprod
Copy link
Member Author

l2fprod commented Aug 3, 2021

I've not been able to produce this in my test -- closing for now

@l2fprod l2fprod closed this as completed Aug 3, 2021
@l2fprod
Copy link
Member Author

l2fprod commented Aug 3, 2021

for reference, capturing tcpdump shows these hosts:

bss.us-south.proxy.serviceendpoint.cloud.ibm.com
ghost.us-south.proxy.serviceendpoint.cloud.ibm.com
iaas.us-south.proxy.serviceendpoint.cloud.ibm.com
private.us-south.iam.cloud.ibm.com
private.us-south.resource-controller.cloud.ibm.com
tags.private.us-south.global-search-tagging.cloud.ibm.com
us-south.private.iaas.cloud.ibm.com

using these commands (running terraform in a Docker container so it is easier to track DNS lookups)

tcpdump udp port 53 > tcpdump.apply.txt &
terraform apply
pkill tcpdump
cat tcpdump.apply.txt | sed -n -r "s/^.* (.*ibm\.com). .*$/\1/p" | sort -u

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Visibility
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@l2fprod @kavya498