Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for customizing ADFS server lookup cookies #1298

Merged
merged 10 commits into from
Sep 10, 2024
Merged

Add support for customizing ADFS server lookup cookies #1298

merged 10 commits into from
Sep 10, 2024

Conversation

Didainius
Copy link
Collaborator

@Didainius Didainius commented Aug 2, 2024
edited
Loading

Ref: vmware/go-vcloud-director#637

Originated from vmware/go-vcloud-director#637

Adds a saml_adfs_cookie for provider configuration so that a custom cookie can be injected. {{.Org}} will be replaced with specified Org for auth during runtime.

No default tests as they require complex infrastructure.

@Didainius
Add support for customizing ADFS server lookup cookies
51ed902 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius
Docs, changelog
d908fac 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius
Fix HCL check
b849e32 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius Didainius marked this pull request as ready for review August 2, 2024 09:34
@Didainius Didainius mentioned this pull request Aug 2, 2024
Closed
@mnspodrska
Copy link

mnspodrska commented Aug 5, 2024
edited
Loading

My terraform looks like

terraform {
  required_providers {
    vcd = {
        source = "local/vmware/vcd"
        version = "3.14.1" # imaginary version
    }
  }
}

provider "vcd" {
    user                 = var.vcd_user
    password             = var.vcd_pass
    org                  = var.vcd_org
    url                  = var.vcd_url
    max_retry_timeout    = var.vcd_max_retry_timeout
    allow_unverified_ssl = var.vcd_allow_unverified_ssl
    auth_type            = "saml_adfs"
    saml_adfs_cookie     = "sso-preferred=yes; sso_redirect_org={{.Org}}"
}

resource "vcd_org" "org" {
    name              = var.tenant_org
    full_name         = var.tenant_org_full
    description       = "The pride of my work"
    is_enabled        = "true"
    delete_recursive  = "true"
    delete_force      = "true"

    vapp_lease {
        maximum_runtime_lease_in_sec          = 0
        power_off_on_runtime_lease_expiration = false
        maximum_storage_lease_in_sec          = 0
        delete_on_storage_lease_expiration    = false
    }

    vapp_template_lease {
        maximum_storage_lease_in_sec       = 0
        delete_on_storage_lease_expiration = false
    }

}

resource "vcd_org_user" "org-admin" {
    org = vcd_org.org.name
    name = var.tenant_org_admin_username
    password = var.tenant_org_admin_password
    description = "Organization Administrator"
    role = "Organization Administrator"
    enabled = true
}

Resource vcd_org is created sucessfull, but vcd_org_user is not:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # vcd_org.org will be created
  + resource "vcd_org" "org" {
      + can_publish_catalogs            = true
      + can_publish_external_catalogs   = false
      + can_subscribe_external_catalogs = false
      + delete_force                    = true
      + delete_recursive                = true
      + deployed_vm_quota               = 0
      + description                     = "The pride of my work"
      + full_name                       = "testiranje123"
      + id                              = (known after apply)
      + is_enabled                      = true
      + list_of_catalogs                = (known after apply)
      + list_of_vdcs                    = (known after apply)
      + metadata                        = (known after apply)
      + name                            = "testiranje123"
      + number_of_catalogs              = (known after apply)
      + number_of_vdcs                  = (known after apply)
      + stored_vm_quota                 = 0

      + vapp_lease {
          + delete_on_storage_lease_expiration    = false
          + maximum_runtime_lease_in_sec          = 0
          + maximum_storage_lease_in_sec          = 0
          + power_off_on_runtime_lease_expiration = false
        }

      + vapp_template_lease {
          + delete_on_storage_lease_expiration = false
          + maximum_storage_lease_in_sec       = 0
        }
    }

  # vcd_org_user.org-admin will be created
  + resource "vcd_org_user" "org-admin" {
      + deployed_vm_quota = (known after apply)
      + description       = "Organization Administrator"
      + email_address     = (known after apply)
      + enabled           = true
      + full_name         = (known after apply)
      + group_names       = (known after apply)
      + id                = (known after apply)
      + instant_messaging = (known after apply)
      + is_external       = false
      + is_group_role     = false
      + name              = "testiranje123admin"
      + org               = "testiranje123"
      + password          = (sensitive value)
      + provider_type     = "INTEGRATED"
      + role              = "Organization Administrator"
      + stored_vm_quota   = (known after apply)
      + take_ownership    = false
      + telephone         = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

vcd_org.org: Creating...
vcd_org.org: Creation complete after 4s [id=urn:vcloud:org:8a9ceb2a-4b10-4a1a-aa2a-354433f347f3]
vcd_org_user.org-admin: Creating...
╷
│ Error: [user read] error filling data error retrieving session info: error in HTTP GET request: NOT_AUTHENTICATED - [ 21-2024-08-05-15-22-27-731--eed18412-21c2-414c-9777-75a69fa18eab ] This operation is denied.
│
│   with vcd_org_user.org-admin,
│   on main.tf line 43, in resource "vcd_org_user" "org-admin":
│   43: resource "vcd_org_user" "org-admin" {
│

Cloud director log looks like:

==> /opt/vmware/vcloud-director/logs/2024_08_05.request.log <==
192.168.0.10 - - [05/Aug/2024:13:32:17 +0000] "GET /api/admin/org/283a591e-df4e-4c42-b635-6aac43baaba1 HTTP/1.1" 200 7564 "-" "terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)" 131
192.168.0.10 - - [05/Aug/2024:13:32:17 +0000] "GET /api/admin/user/7b285107-f1cb-4903-8d35-7d65fb448479 HTTP/1.1" 200 3867 "-" "terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)" 48
192.168.0.10 - - [05/Aug/2024:13:32:17 +0000] "GET /cloudapi/1.0.0/sessions/current HTTP/1.1" 401 163 "-" "terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)" 2

PS. Actually, even "testiranje123admin" vcd_org_user is created inside Cloud Director Organization "testiranje123", but terraform failed during creation.

@mnspodrska
Copy link

Here is tf debug log of the apply:

Plan: 2 to add, 0 to change, 0 to destroy.
2024-08-05T15:31:33.857+0200 [DEBUG] command: asking for input: "\nDo you want to perform these actions?"

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

2024-08-05T15:32:12.832+0200 [INFO]  backend/local: apply calling Apply
2024-08-05T15:32:12.832+0200 [DEBUG] Building and walking apply graph for NormalMode plan
2024-08-05T15:32:12.832+0200 [DEBUG] Resource state not found for node "vcd_org_user.org-admin", instance vcd_org_user.org-admin
2024-08-05T15:32:12.832+0200 [DEBUG] Resource state not found for node "vcd_org.org", instance vcd_org.org
2024-08-05T15:32:12.832+0200 [DEBUG] ProviderTransformer: "vcd_org.org (expand)" (*terraform.nodeExpandApplyableResource) needs provider["local/vmware/vcd"]
2024-08-05T15:32:12.832+0200 [DEBUG] ProviderTransformer: "vcd_org.org" (*terraform.NodeApplyableResourceInstance) needs provider["local/vmware/vcd"]
2024-08-05T15:32:12.832+0200 [DEBUG] ProviderTransformer: "vcd_org_user.org-admin (expand)" (*terraform.nodeExpandApplyableResource) needs provider["local/vmware/vcd"]
2024-08-05T15:32:12.832+0200 [DEBUG] ProviderTransformer: "vcd_org_user.org-admin" (*terraform.NodeApplyableResourceInstance) needs provider["local/vmware/vcd"]
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "provider[\"local/vmware/vcd\"]" references: [var.vcd_org var.vcd_user var.vcd_url var.vcd_auth var.vcd_max_retry_timeout var.vcd_allow_unverified_ssl var.vcd_pass]
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "vcd_org_user.org-admin (expand)" references: [var.tenant_org_admin_password var.tenant_org_admin_username vcd_org.org (expand) vcd_org.org vcd_org.org]
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.tenant_org_admin_username" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "vcd_org_user.org-admin" references: [var.tenant_org_admin_username var.tenant_org_admin_password vcd_org.org (expand) vcd_org.org vcd_org.org]
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.tenant_org_full" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "vcd_org.org (expand)" references: [var.tenant_org var.tenant_org_full]
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.tenant_org_admin_password" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.vcd_allow_unverified_ssl" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.vcd_pass" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.vcd_url" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.vcd_max_retry_timeout" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.tenant_org" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "vcd_org.org" references: [var.tenant_org var.tenant_org_full]
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.vcd_org" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.vcd_auth" references: []
2024-08-05T15:32:12.833+0200 [DEBUG] ReferenceTransformer: "var.vcd_user" references: []
2024-08-05T15:32:12.834+0200 [DEBUG] Starting graph walk: walkApply
2024-08-05T15:32:12.835+0200 [DEBUG] created provider logger: level=debug
2024-08-05T15:32:12.835+0200 [INFO]  provider: configuring client automatic mTLS
2024-08-05T15:32:12.841+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/local/vmware/vcd/3.14.1/linux_amd64/terraform-provider-vcd_v3.14.1 args=[".terraform/providers/local/vmware/vcd/3.14.1/linux_amd64/terraform-provider-vcd_v3.14.1"]
2024-08-05T15:32:12.846+0200 [DEBUG] provider: plugin started: path=.terraform/providers/local/vmware/vcd/3.14.1/linux_amd64/terraform-provider-vcd_v3.14.1 pid=108775
2024-08-05T15:32:12.846+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/local/vmware/vcd/3.14.1/linux_amd64/terraform-provider-vcd_v3.14.1
2024-08-05T15:32:12.860+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: configuring server automatic mTLS: timestamp="2024-08-05T15:32:12.860+0200"
2024-08-05T15:32:12.875+0200 [DEBUG] provider: using plugin: version=5
2024-08-05T15:32:12.875+0200 [DEBUG] provider.terraform-provider-vcd_v3.14.1: plugin address: address=/tmp/plugin2767448320 network=unix timestamp="2024-08-05T15:32:12.874+0200"
2024-08-05T15:32:12.896+0200 [WARN]  ValidateProviderConfig from "provider[\"local/vmware/vcd\"]" changed the config value, but that value is unused
2024-08-05T15:32:13.401+0200 [WARN]  Provider "local/vmware/vcd" produced an invalid plan for vcd_org.org, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .can_publish_catalogs: planned value cty.True for a non-computed attribute
      - .deployed_vm_quota: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .stored_vm_quota: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .can_subscribe_external_catalogs: planned value cty.False for a non-computed attribute
      - .can_publish_external_catalogs: planned value cty.False for a non-computed attribute
      - .metadata_entry: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
vcd_org.org: Creating...
2024-08-05T15:32:13.401+0200 [INFO]  Starting apply for vcd_org.org
2024-08-05T15:32:13.402+0200 [DEBUG] vcd_org.org: applying the planned Create change
2024-08-05T15:32:13.404+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:13 [DEBUG] setting computed for "list_of_catalogs" from ComputedKeys: timestamp="2024-08-05T15:32:13.403+0200"
2024-08-05T15:32:13.404+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:13 [DEBUG] setting computed for "list_of_vdcs" from ComputedKeys: timestamp="2024-08-05T15:32:13.403+0200"
2024-08-05T15:32:13.404+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:13 [DEBUG] setting computed for "metadata" from ComputedKeys: timestamp="2024-08-05T15:32:13.403+0200"
2024-08-05T15:32:13.404+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:13 [DEBUG] setting computed for "metadata_entry" from ComputedKeys: timestamp="2024-08-05T15:32:13.403+0200"
2024-08-05T15:32:13.404+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:13 [TRACE] Creating Org: testiranje123: timestamp="2024-08-05T15:32:13.403+0200"
2024-08-05T15:32:16.614+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:16 [TRACE] Org testiranje123 created with id: urn:vcloud:org:283a591e-df4e-4c42-b635-6aac43baaba1: timestamp="2024-08-05T15:32:16.614+0200"
2024-08-05T15:32:16.614+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:16 [TRACE] Reading Org urn:vcloud:org:283a591e-df4e-4c42-b635-6aac43baaba1: timestamp="2024-08-05T15:32:16.614+0200"
2024-08-05T15:32:16.801+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:16 [TRACE] Org with id urn:vcloud:org:283a591e-df4e-4c42-b635-6aac43baaba1 found: timestamp="2024-08-05T15:32:16.800+0200"
2024-08-05T15:32:16.801+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:16 [DEBUG] Locking "metadata": timestamp="2024-08-05T15:32:16.801+0200"
2024-08-05T15:32:16.801+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:16 [DEBUG] Locked "metadata": timestamp="2024-08-05T15:32:16.801+0200"
2024-08-05T15:32:16.835+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:16 [DEBUG] Unlocking "metadata": timestamp="2024-08-05T15:32:16.835+0200"
2024-08-05T15:32:16.835+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:16 [DEBUG] Unlocked "metadata": timestamp="2024-08-05T15:32:16.835+0200"
2024-08-05T15:32:16.868+0200 [WARN]  Provider "provider[\"local/vmware/vcd\"]" produced an unexpected new value for vcd_org.org, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .delay_after_power_on_seconds: was null, but now cty.NumberIntVal(0)
vcd_org.org: Creation complete after 4s [id=urn:vcloud:org:283a591e-df4e-4c42-b635-6aac43baaba1]
2024-08-05T15:32:16.871+0200 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-05T15:32:16.877+0200 [WARN]  Provider "local/vmware/vcd" produced an invalid plan for vcd_org_user.org-admin, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .is_group_role: planned value cty.False for a non-computed attribute
      - .provider_type: planned value cty.StringVal("INTEGRATED") for a non-computed attribute
      - .take_ownership: planned value cty.False for a non-computed attribute
      - .is_external: planned value cty.False for a non-computed attribute
vcd_org_user.org-admin: Creating...
2024-08-05T15:32:16.877+0200 [INFO]  Starting apply for vcd_org_user.org-admin
2024-08-05T15:32:16.878+0200 [DEBUG] vcd_org_user.org-admin: applying the planned Create change
2024-08-05T15:32:16.879+0200 [INFO]  provider.terraform-provider-vcd_v3.14.1: 2024/08/05 15:32:16 [DEBUG] setting computed for "group_names" from ComputedKeys: timestamp="2024-08-05T15:32:16.879+0200"
2024-08-05T15:32:17.888+0200 [ERROR] provider.terraform-provider-vcd_v3.14.1: Response contains error diagnostic: tf_provider_addr=provider @caller=/home/marko/go/pkg/mod/github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_summary="[user read] error filling data error retrieving session info: error in HTTP GET request: NOT_AUTHENTICATED - [ 21-2024-08-05-15-32-17-872--47a11122-69f4-420c-b82b-84627571ccb9 ] This operation is denied." tf_req_id=f970c24e-884d-e276-d388-338c4194bfc2 @module=sdk.proto diagnostic_severity=ERROR tf_proto_version=5.6 tf_rpc=ApplyResourceChange diagnostic_detail="" tf_resource_type=vcd_org_user timestamp="2024-08-05T15:32:17.888+0200"
2024-08-05T15:32:17.889+0200 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-05T15:32:17.889+0200 [ERROR] vertex "vcd_org_user.org-admin" error: [user read] error filling data error retrieving session info: error in HTTP GET request: NOT_AUTHENTICATED - [ 21-2024-08-05-15-32-17-872--47a11122-69f4-420c-b82b-84627571ccb9 ] This operation is denied.
╷
│ Error: [user read] error filling data error retrieving session info: error in HTTP GET request: NOT_AUTHENTICATED - [ 21-2024-08-05-15-32-17-872--47a11122-69f4-420c-b82b-84627571ccb9 ] This operation is denied.
│
│   with vcd_org_user.org-admin,
│   on main.tf line 44, in resource "vcd_org_user" "org-admin":
│   44: resource "vcd_org_user" "org-admin" {
│
╵
2024-08-05T15:32:17.894+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-08-05T15:32:17.898+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/local/vmware/vcd/3.14.1/linux_amd64/terraform-provider-vcd_v3.14.1 pid=108775
2024-08-05T15:32:17.898+0200 [DEBUG] provider: plugin exited

@Didainius
Copy link
Collaborator Author

Thank you - the first question to check - does the same script work if you don't use saml/adfs auth?

@mnspodrska
Copy link

Yes it does.
Isn't it interesting that /api calls work, and /cloudapi urls of VCD does not.
I can test and report if other terraform modules work or not and what urls they hit if you think that is a good way to go...

@mnspodrska
Copy link

I have tested resources

  • vcd_org_vdc
  • vcd_nsxt_edgegateway

and data sources:

  • nsxt_policy_edge_cluster
  • vcd_org
  • vcd_provider_vdc
  • vcd_vm_placement_policy
  • vcd_vm_sizing_policy
  • vcd_external_network_v2

It seems that besides /cloudapi/1.0.0/sessions/current which was called from "vcd_org_user" resource,
"vcd_external_network_v2" also has problems with url /cloudapi/1.0.0/externalNetworks/?filter=...&pageSize=128

So in summary, situation is:
URLs working:
GET /api/admin/extension/networkPool/...
GET /api/admin/extension/providervdc/...
GET /api/admin/org/...
GET /api/admin/org/.../metadata/
GET /api/admin/providervdc/...
GET /api/admin/providervdc/.../metadata/
GET /api/admin/vdc/...
GET /api/admin/vdc/.../metadata/
GET /api/admin/vdcStorageProfile/...
GET /api/org
GET /api/org/...
GET /api/query
GET /api/task/...
GET /api/vdc/...
GET /api/versions
GET /cloudapi/1.0.0/edgeGateways/urn:vcloud:gateway:...
GET /cloudapi/1.0.0/edgeGateways/urn:vcloud:gateway:.../usedIpAddresses
GET /cloudapi/1.0.0/vdcComputePolicies/?filter=...
GET /cloudapi/1.0.0/vdcs/urn%3Avcloud%3Avdc%3A.../capabilities
GET /cloudapi/1.0.0/vdcs/urn:vcloud:vdc:.../networkProfile
GET /cloudapi/2.0.0/vdcComputePolicies/?filter=...
GET /cloudapi/2.0.0/vdcs/urn:vcloud:vdc:.../computePolicies
GET /cloud/org/System/saml/metadata/alias/vcd
POST /api/sessions
PUT /api/admin/vdc/.../computePolicies

URLs not working (HTTP 401):
GET /cloudapi/1.0.0/sessions/current
GET /cloudapi/1.0.0/externalNetworks/?filter=...&pageSize=128

Is this helpful in any way?

@Didainius
Copy link
Collaborator Author

Hmm. This is very confusing at first looks. I have double checked and at first looks the ones that don't work use the same core low level API functions that handle headers.

Could you try to run terraform with GOVCD_LOG_PASSWORDS=1 environment variable set and also https://registry.terraform.io/providers/vmware/vcd/latest/docs#logging enabled.

This should dump all headers (including the token, not the password as the variable hints). I wonder if the token is present in the API calls that fail. I don't expect you to share this as this will not hide sensitive data. What I am interested is why it fails, because in essence even when you do ADFS+SAML - it should just exchange token and use it in the end. It shouldn't differ that much after the initial negotiation.

@mnspodrska
Copy link

Hope this helps:

2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: govcd.(*Client).vcdFetchSupportedVersions-->govcd.executeRequestWithApiVersion-->govcd.executeRequestWithApiVersion-->govcd.executeRequestCustomErr-->govcd.executeRequestCustomErr-->govcd.(*Client).newRequest
2024/08/06 22:50:04 GET https://HIDDEN_VCD_URL/api/versions
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [1-2024-08-06-22-50-04-345-]
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).vcdloginurl-->govcd.(*Client).validateAPIVersion-->govcd.(*Client).vcdFetchSupportedVersions-->govcd.(*Client).executeRequest-->govcd.decodeBody
2024/08/06 22:50:04 Response status 200 OK
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Execution-Time: [1]
2024/08/06 22:50:04     Cache-Control: [no-store, must-revalidate]
2024/08/06 22:50:04     Vary: [Accept-Encoding]
2024/08/06 22:50:04     Content-Length: [4203]
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Id: [1-2024-08-06-22-50-04-345--5e8f240c-162c-458c-82bf-8df9f5b8ec05]
2024/08/06 22:50:04     Content-Type: [text/xml]
2024/08/06 22:50:04 Response text: [4203]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SupportedVersions ...
...
</SupportedVersions>

2024/08/06 22:50:04 [DEBUG] supported API versions : 35.0,35.2,36.0,36.1,36.2,36.3,37.0,37.1,37.2,37.3,38.0,38.1
2024/08/06 22:50:04 [TRACE] API version 35.0.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 35.2.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 36.0.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 36.1.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 36.2.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 36.3.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [INFO] API version 37.0.0 satisfies constraints '= 37.0'
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: govcd.getSamlEntityId-->govcd.executeRequestWithApiVersion-->govcd.executeRequestWithApiVersion-->govcd.executeRequestCustomErr-->govcd.executeRequestCustomErr-->govcd.(*Client).newRequest
2024/08/06 22:50:04 GET https://HIDDEN_VCD_URL/cloud/org/System/saml/metadata/alias/vcd
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [2-2024-08-06-22-50-04-418-]
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller vcd.ProviderAuthenticate-->vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).authorizeSamlAdfs-->govcd.getSamlEntityId-->govcd.(*Client).executeRequest-->govcd.decodeBody
2024/08/06 22:50:04 Response status 200 OK
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Id: [2-2024-08-06-22-50-04-418--bc926dcf-3077-461f-81be-3494a8771e1f]
2024/08/06 22:50:04     Content-Disposition: [attachment; filename="spring_saml_metadata.xml"]
2024/08/06 22:50:04     Strict-Transport-Security: [max-age=31536000 ; includeSubDomains]
2024/08/06 22:50:04     X-Xss-Protection: [1; mode=block]
2024/08/06 22:50:04     Vary: [Accept-Encoding]
2024/08/06 22:50:04     Content-Length: [4272]
2024/08/06 22:50:04     X-Frame-Options: [SAMEORIGIN]
2024/08/06 22:50:04     Content-Type: [application/samlmetadata+xml;charset=utf-8]
2024/08/06 22:50:04     X-Content-Type-Options: [nosniff]
2024/08/06 22:50:04     Content-Security-Policy: [default-src *  data: blob: 'unsafe-inline' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval' connect-src * 'unsafe-inline' img-src * data: blob: 'unsafe-inline' frame-src *; style-src * data: blob: 'unsafe-inline' font-src * data: blob: 'unsafe-inline';]
2024/08/06 22:50:04 Response text: [4272]
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor ...
...
</md:EntityDescriptor>
2024/08/06 22:50:04 [DEBUG] SAML got entity ID: https://HIDDEN_VCD_URL
2024/08/06 22:50:04 [DEBUG] SAML looking up IdP (ADFS) host redirect in: https://HIDDEN_VCD_URL/login/System/saml/login/alias/vcd
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: vcd.ProviderAuthenticate-->vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).authorizeSamlAdfs-->govcd.getSamlAdfsServer-->govcd.getSamlAdfsServer-->govcd.(*Client).newRequest
2024/08/06 22:50:04 GET https://HIDDEN_VCD_URL/login/System/saml/login/alias/vcd?&service=tenant:System
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [3-2024-08-06-22-50-04-472-]
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller vcd.providerConfigure-->vcd.(*Config).Client-->vcd.ProviderAuthenticate-->vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).authorizeSamlAdfs-->govcd.getSamlAdfsServer-->govcd.decodeBody
2024/08/06 22:50:04 Response status 302 Found
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     Expires: [Thu, 01 Jan 1970 00:00:00 GMT]
2024/08/06 22:50:04     Cache-Control: [no-cache, no-store]
2024/08/06 22:50:04     X-Xss-Protection: [1; mode=block]
2024/08/06 22:50:04     Content-Security-Policy: [default-src *  data: blob: 'unsafe-inline' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval' connect-src * 'unsafe-inline' img-src * data: blob: 'unsafe-inline' frame-src *; style-src * data: blob: 'unsafe-inline' font-src * data: blob: 'unsafe-inline';]
2024/08/06 22:50:04     Location: [https://HIDDEN_ADFS_URL/adfs/ls/?SAMLRequest=...]
2024/08/06 22:50:04     Content-Length: [0]
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04     Set-Cookie: [sso_redirect_org=; Path=/login; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure]
2024/08/06 22:50:04     Pragma: [no-cache]
2024/08/06 22:50:04     Strict-Transport-Security: [max-age=31536000 ; includeSubDomains]
2024/08/06 22:50:04     X-Content-Type-Options: [nosniff]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Id: [3-2024-08-06-22-50-04-472--e0b90cab-65c3-46a5-9888-b2b171fa8b35]
2024/08/06 22:50:04     X-Frame-Options: [SAMEORIGIN]
2024/08/06 22:50:04 Response text: [0]
2024/08/06 22:50:04 [DEBUG] SAML got IdP login endpoint: https://HIDDEN_ADFS_URL/adfs/services/trust/13/usernamemixed
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).authorizeSamlAdfs-->govcd.getSamlAuthToken-->govcd.(*Client).newRequest
2024/08/06 22:50:04 POST https://HIDDEN_ADFS_URL/adfs/services/trust/13/usernamemixed
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [4-2024-08-06-22-50-04-527-]
2024/08/06 22:50:04 Request data: [1880]
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
...
</s:Envelope>
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller vcd.providerConfigure-->vcd.(*Config).Client-->vcd.ProviderAuthenticate-->vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).authorizeSamlAdfs-->govcd.getSamlAuthToken-->govcd.decodeBody
2024/08/06 22:50:04 Response status 200 OK
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     Content-Length: [11361]
2024/08/06 22:50:04     Content-Type: [application/soap+xml; charset=utf-8]
2024/08/06 22:50:04     Server: [Microsoft-HTTPAPI/2.0]
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04 Response text: [11361]
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
...
</s:Envelope>
2024/08/06 22:50:04 [DEBUG] SAML got SIGN token from IdP 'https://HIDDEN_ADFS_URL/adfs/services/trust/13/usernamemixed' for entity with ID 'https://HIDDEN_VCD_URL'
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: vcd.providerConfigure-->vcd.(*Config).Client-->vcd.ProviderAuthenticate-->vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).authorizeSamlAdfs-->govcd.authorizeSignToken-->govcd.(*Client).newRequest
2024/08/06 22:50:04 POST https://HIDDEN_VCD_URL/api/sessions
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     Accept: [application/*+xml;version=37.0]
2024/08/06 22:50:04     Authorization: [SIGN token="...",org="System"]
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [5-2024-08-06-22-50-04-585-]
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller vcd.providerConfigure-->vcd.(*Config).Client-->vcd.ProviderAuthenticate-->vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).authorizeSamlAdfs-->govcd.authorizeSignToken-->govcd.decodeBody
2024/08/06 22:50:04 Response status 200 OK
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Id: [5-2024-08-06-22-50-04-585--7346098d-896d-421f-bc02-26f680688bd9]
2024/08/06 22:50:04     X-Vmware-Vcloud-Token-Type: [Bearer]
2024/08/06 22:50:04     Content-Type: [application/vnd.vmware.vcloud.session+xml;version=37.0]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Execution-Time: [193]
2024/08/06 22:50:04     Content-Length: [3791]
2024/08/06 22:50:04     Cache-Control: [no-store, must-revalidate]
2024/08/06 22:50:04     Vary: [Accept-Encoding]
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04     Set-Cookie: [vcloud_jwt=...; Path=/; Secure; HttpOnly vcloud_session_id=...; Path=/; Secure; HttpOnly]
2024/08/06 22:50:04     Expires: [Thu, 01 Jan 1970 00:00:00 GMT]
2024/08/06 22:50:04     X-Vmware-Vcloud-Access-Token: [...]
2024/08/06 22:50:04     X-Vcloud-Authorization: [...]
2024/08/06 22:50:04 Response text: [3791]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Session xmlns="http://www.vmware.com/vcloud/v1.5"...
    <Link rel="down" href="https://HIDDEN_VCD_URL/api/org/" type="application/vnd.vmware.vcloud.orgList+xml"/>
...
    <AuthorizedLocations>
        <Location>
            <LocationId>...</LocationId>
            <SiteName>HIDDEN_VCD_URL</SiteName>
            <OrgName>System</OrgName>
            <RestApiEndpoint>https://HIDDEN_VCD_URL</RestApiEndpoint>
            <UIEndpoint>https://HIDDEN_VCD_URL</UIEndpoint>
            <AuthContext>System</AuthContext>
            <ApiVersion>38.1</ApiVersion>
        </Location>
    </AuthorizedLocations>
</Session>

2024/08/06 22:50:04 [DEBUG] SAML - setting access token for further requests
2024/08/06 22:50:04 [TRACE] skipping fetch of versions because 12 are stored
2024/08/06 22:50:04 [TRACE] API version 35.0.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 35.2.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 36.0.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 36.1.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 36.2.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [TRACE] API version 36.3.0 does not satisfy constraints '= 37.0'
2024/08/06 22:50:04 [INFO] API version 37.0.0 satisfies constraints '= 37.0'
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: govcd.(*VCDClient).SetToken-->govcd.(*VCDClient).SetToken-->govcd.executeRequestWithApiVersion-->govcd.executeRequestWithApiVersion-->govcd.executeRequestCustomErr-->govcd.executeRequestCustomErr-->govcd.(*Client).newRequest
2024/08/06 22:50:04 GET https://HIDDEN_VCD_URL/api/org
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     Accept: [application/*+xml;version=37.0]
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [6-2024-08-06-22-50-04-794-]
2024/08/06 22:50:04     X-Vcloud-Authorization: [...]
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller vcd.ProviderAuthenticate-->vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).authorizeSamlAdfs-->govcd.(*VCDClient).SetToken-->govcd.(*VCDClient).SetToken-->govcd.(*Client).executeRequest-->govcd.decodeBody
2024/08/06 22:50:04 Response status 200 OK
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     Vary: [Accept-Encoding]
2024/08/06 22:50:04     Content-Length: [5609]
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Id: [6-2024-08-06-22-50-04-794--6dcccaeb-3f70-451f-9559-78a7b2bc4104]
2024/08/06 22:50:04     Content-Type: [application/vnd.vmware.vcloud.orglist+xml;version=37.0]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Execution-Time: [15]
2024/08/06 22:50:04     Cache-Control: [no-store, must-revalidate]
2024/08/06 22:50:04 Response text: [5609]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OrgList ...
...
</OrgList>

2024/08/06 22:50:04 [TRACE] Getting item from endpoint https://HIDDEN_VCD_URL/cloudapi/1.0.0/sessions/current with expected response of type *types.CurrentSessionInfo
2024/08/06 22:50:04 [TRACE] skipping fetch of versions because 12 are stored
2024/08/06 22:50:04 [TRACE] checking max API version against constraints '>= 31'
2024/08/06 22:50:04 [INFO] API version 38.1.0 satisfies constraints '>= 31'
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: govcd.(*VCDClient).authorizeSamlAdfs-->govcd.(*VCDClient).SetToken-->govcd.(*VCDClient).LogSessionInfo-->govcd.(*VCDClient).GetExtendedSessionInfo-->govcd.(*Client).OpenApiGetItem-->govcd.(*Client).GetSessionInfo-->govcd.(*Client).OpenApiGetItemAndHeaders-->govcd.(*Client).newOpenApiRequest
2024/08/06 22:50:04 GET https://HIDDEN_VCD_URL/cloudapi/1.0.0/sessions/current
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [7-2024-08-06-22-50-04-825-]
2024/08/06 22:50:04     X-Vcloud-Authorization: [...]
2024/08/06 22:50:04     Accept: [application/json;version=38.1]
2024/08/06 22:50:04     Content-Type: [application/json]
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller govcd.(*VCDClient).LogSessionInfo-->govcd.(*VCDClient).GetExtendedSessionInfo-->govcd.(*Client).OpenApiGetItem-->govcd.(*Client).GetSessionInfo-->govcd.(*Client).OpenApiGetItemAndHeaders-->govcd.checkRespWithErrType-->govcd.ParseErr-->govcd.decodeBody
2024/08/06 22:50:04 Response status 401 Unauthorized
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Id: [7-2024-08-06-22-50-04-825--8c18ce7b-b757-4f2d-8e46-c3a9972b79d1]
2024/08/06 22:50:04     Content-Type: [application/json]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Execution-Time: [2]
2024/08/06 22:50:04     Cache-Control: [no-store, must-revalidate]
2024/08/06 22:50:04 Response text: [175]
{
  "minorErrorCode": "NOT_AUTHENTICATED",
  "message": "[ 7-2024-08-06-22-50-04-825--8c18ce7b-b757-4f2d-8e46-c3a9972b79d1 ] This operation is denied.",
  "stackTrace": null
}
2024/08/06 22:50:04 no session info collected: error in HTTP GET request: NOT_AUTHENTICATED - [ 7-2024-08-06-22-50-04-825--8c18ce7b-b757-4f2d-8e46-c3a9972b79d1 ] This operation is denied.
2024/08/06 22:50:04 [TRACE] Getting item from endpoint https://HIDDEN_VCD_URL/cloudapi/1.0.0/sessions/current with expected response of type *types.CurrentSessionInfo
2024/08/06 22:50:04 [TRACE] skipping fetch of versions because 12 are stored
2024/08/06 22:50:04 [TRACE] checking max API version against constraints '>= 31'
2024/08/06 22:50:04 [INFO] API version 38.1.0 satisfies constraints '>= 31'
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: vcd.ProviderAuthenticate-->govcd.(*VCDClient).GetAuthResponse-->govcd.(*VCDClient).LogSessionInfo-->govcd.(*VCDClient).GetExtendedSessionInfo-->govcd.(*Client).OpenApiGetItem-->govcd.(*Client).GetSessionInfo-->govcd.(*Client).OpenApiGetItemAndHeaders-->govcd.(*Client).newOpenApiRequest
2024/08/06 22:50:04 GET https://HIDDEN_VCD_URL/cloudapi/1.0.0/sessions/current
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [8-2024-08-06-22-50-04-841-]
2024/08/06 22:50:04     X-Vcloud-Authorization: [...]
2024/08/06 22:50:04     Accept: [application/json;version=38.1]
2024/08/06 22:50:04     Content-Type: [application/json]
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller govcd.(*VCDClient).LogSessionInfo-->govcd.(*VCDClient).GetExtendedSessionInfo-->govcd.(*Client).OpenApiGetItem-->govcd.(*Client).GetSessionInfo-->govcd.(*Client).OpenApiGetItemAndHeaders-->govcd.checkRespWithErrType-->govcd.ParseErr-->govcd.decodeBody
2024/08/06 22:50:04 Response status 401 Unauthorized
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Id: [8-2024-08-06-22-50-04-841--9fab60fe-00d4-4357-891c-36b67a3446ab]
2024/08/06 22:50:04     Content-Type: [application/json]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Execution-Time: [2]
2024/08/06 22:50:04     Cache-Control: [no-store, must-revalidate]
2024/08/06 22:50:04 Response text: [175]
{
  "minorErrorCode": "NOT_AUTHENTICATED",
  "message": "[ 8-2024-08-06-22-50-04-841--9fab60fe-00d4-4357-891c-36b67a3446ab ] This operation is denied.",
  "stackTrace": null
}
2024/08/06 22:50:04 no session info collected: error in HTTP GET request: NOT_AUTHENTICATED - [ 8-2024-08-06-22-50-04-841--9fab60fe-00d4-4357-891c-36b67a3446ab ] This operation is denied.
2024/08/06 22:50:04 [DEBUG] Checking if elevated API versions are defined for endpoint '1.0.0/externalNetworks/'
2024/08/06 22:50:04 [TRACE] skipping fetch of versions because 12 are stored
2024/08/06 22:50:04 [TRACE] checking max API version against constraints '< 33.0'
2024/08/06 22:50:04 [TRACE] API version 38.1.0 does not satisfy constraints '< 33.0'
2024/08/06 22:50:04 [TRACE] checking current API version against constraints '> 33.0'
2024/08/06 22:50:04 [INFO] API version 37.0.0 satisfies constraints '> 33.0'
2024/08/06 22:50:04 [DEBUG] Found '4' (35.0, 36.0, 37.1, 38.1) elevated API versions for endpoint '1.0.0/externalNetworks/'
2024/08/06 22:50:04 [DEBUG] Checking if elevated version '38.1' is supported by VCD instance for endpoint '1.0.0/externalNetworks/'
2024/08/06 22:50:04 [TRACE] skipping fetch of versions because 12 are stored
2024/08/06 22:50:04 [TRACE] checking max API version against constraints '>= 38.1'
2024/08/06 22:50:04 [INFO] API version 38.1.0 satisfies constraints '>= 38.1'
2024/08/06 22:50:04 [TRACE] checking current API version against constraints '> 38.1'
2024/08/06 22:50:04 [TRACE] API version 37.0.0 does not satisfy constraints '> 38.1'
2024/08/06 22:50:04 [DEBUG] Elevated version '38.1' is supported by VCD instance for endpoint '1.0.0/externalNetworks/'
2024/08/06 22:50:04 [DEBUG] Will use elevated version '38.1 for endpoint '1.0.0/externalNetworks/'
2024/08/06 22:50:04 [TRACE] Getting all items from endpoint https://HIDDEN_VCD_URL/cloudapi/1.0.0/externalNetworks/ for parsing into *[]*types.ExternalNetworkV2 type
2024/08/06 22:50:04 [TRACE] skipping fetch of versions because 12 are stored
2024/08/06 22:50:04 [TRACE] checking max API version against constraints '>= 31'
2024/08/06 22:50:04 [INFO] API version 38.1.0 satisfies constraints '>= 31'
2024/08/06 22:50:04 [TRACE] Will use 'pageSize=128'
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Request caller: schema.(*Resource).ReadDataApply-->schema.(*Resource).read-->vcd.datasourceVcdExternalNetworkV2Read-->govcd.GetExternalNetworkV2ByName-->govcd.GetAllExternalNetworksV2-->govcd.(*Client).OpenApiGetAllItems-->govcd.(*Client).openApiGetAllPages-->govcd.(*Client).newOpenApiRequest
2024/08/06 22:50:04 GET https://HIDDEN_VCD_URL/cloudapi/1.0.0/externalNetworks/?filter=name%3D%3Dnsx-t0-1&pageSize=128
2024/08/06 22:50:04 --------------------------------------------------------------------------------
2024/08/06 22:50:04 Req header:
2024/08/06 22:50:04     X-Vmware-Vcloud-Client-Request-Id: [9-2024-08-06-22-50-04-864-]
2024/08/06 22:50:04     X-Vcloud-Authorization: [...]
2024/08/06 22:50:04     Accept: [application/json;version=38.1]
2024/08/06 22:50:04     Content-Type: [application/json]
2024/08/06 22:50:04     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response caller vcd.datasourceVcdExternalNetworkV2Read-->govcd.GetExternalNetworkV2ByName-->govcd.GetAllExternalNetworksV2-->govcd.(*Client).OpenApiGetAllItems-->govcd.(*Client).openApiGetAllPages-->govcd.checkRespWithErrType-->govcd.ParseErr-->govcd.decodeBody
2024/08/06 22:50:04 Response status 401 Unauthorized
2024/08/06 22:50:04 ################################################################################
2024/08/06 22:50:04 Response header:
2024/08/06 22:50:04     Date: [Tue, 06 Aug 2024 20:50:04 GMT]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Id: [9-2024-08-06-22-50-04-864--3f23d791-8987-4adb-a1f1-858bc0a92d83]
2024/08/06 22:50:04     Content-Type: [application/json]
2024/08/06 22:50:04     X-Vmware-Vcloud-Request-Execution-Time: [3]
2024/08/06 22:50:04     Cache-Control: [no-store, must-revalidate]
2024/08/06 22:50:04 Response text: [175]
{
  "minorErrorCode": "NOT_AUTHENTICATED",
  "message": "[ 9-2024-08-06-22-50-04-864--3f23d791-8987-4adb-a1f1-858bc0a92d83 ] This operation is denied.",
  "stackTrace": null
}

@mnspodrska
Copy link

And here are some that work well:

2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Request caller: govcd.getOrgHREFById-->govcd.getOrgHREFById-->govcd.executeRequestWithApiVersion-->govcd.executeRequestWithApiVersion-->govcd.executeRequestCustomErr-->govcd.executeRequestCustomErr-->govcd.(*Client).newRequest
2024/08/06 xx:xx:xx GET https://HIDDEN_VCD_URL/api/org
2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Req header:
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Client-Request-Id: [9-2024-08-06-23-54-22-943-]
2024/08/06 xx:xx:xx     X-Vcloud-Authorization: [...]
2024/08/06 xx:xx:xx     Accept: [application/*+xml;version=37.0]
2024/08/06 xx:xx:xx     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response caller govcd.(*VCDClient).GetAdminOrgByNameOrId-->govcd.getEntityByNameOrId-->govcd.(*VCDClient).GetAdminOrgByNameOrId.func2-->govcd.(*VCDClient).GetAdminOrgById-->govcd.getOrgHREFById-->govcd.getOrgHREFById-->govcd.(*Client).executeRequest-->govcd.decodeBody
2024/08/06 xx:xx:xx Response status 200 OK
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response header:
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Execution-Time: [13]
2024/08/06 xx:xx:xx     Cache-Control: [no-store, must-revalidate]
2024/08/06 xx:xx:xx     Vary: [Accept-Encoding]
2024/08/06 xx:xx:xx     Content-Length: [5609]
2024/08/06 xx:xx:xx     Date: [Tue, 06 Aug 2024 21:54:22 GMT]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Id: [9-2024-08-06-23-54-22-943--d8e81e05-f11d-4346-9505-deb943907ac2]
2024/08/06 xx:xx:xx     Content-Type: [application/vnd.vmware.vcloud.orglist+xml;version=37.0]
2024/08/06 xx:xx:xx Response text: [5609]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OrgList xmlns="http://www.vmware.com/vcloud/v1.5"
...
</OrgList>

2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Request caller: govcd.getOrgHREF-->govcd.getOrgHREF-->govcd.executeRequestWithApiVersion-->govcd.executeRequestWithApiVersion-->govcd.executeRequestCustomErr-->govcd.executeRequestCustomErr-->govcd.(*Client).newRequest
2024/08/06 xx:xx:xx GET https://HIDDEN_VCD_URL/api/org
2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Req header:
2024/08/06 xx:xx:xx     X-Vcloud-Authorization: [...]
2024/08/06 xx:xx:xx     Accept: [application/*+xml;version=37.0]
2024/08/06 xx:xx:xx     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Client-Request-Id: [10-2024-08-06-23-54-22-971-]
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response caller govcd.(*VCDClient).GetAdminOrgByNameOrId-->govcd.getEntityByNameOrId-->govcd.(*VCDClient).GetAdminOrgByNameOrId.func1-->govcd.(*VCDClient).GetAdminOrgByName-->govcd.getOrgHREF-->govcd.getOrgHREF-->govcd.(*Client).executeRequest-->govcd.decodeBody
2024/08/06 xx:xx:xx Response status 200 OK
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response header:
2024/08/06 xx:xx:xx     Cache-Control: [no-store, must-revalidate]
2024/08/06 xx:xx:xx     Vary: [Accept-Encoding]
2024/08/06 xx:xx:xx     Content-Length: [5609]
2024/08/06 xx:xx:xx     Date: [Tue, 06 Aug 2024 21:54:22 GMT]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Id: [10-2024-08-06-23-54-22-971--27d6d44a-b06f-402c-9efb-c4e57792bb71]
2024/08/06 xx:xx:xx     Content-Type: [application/vnd.vmware.vcloud.orglist+xml;version=37.0]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Execution-Time: [14]
2024/08/06 xx:xx:xx Response text: [5609]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OrgList xmlns="http://www.vmware.com/vcloud/v1.5"
...
</OrgList>

2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Request caller: govcd.(*VCDClient).GetAdminOrgByName-->govcd.executeRequestWithApiVersion-->govcd.executeRequestWithApiVersion-->govcd.executeRequestCustomErr-->govcd.executeRequestCustomErr-->govcd.(*Client).newRequest
2024/08/06 xx:xx:xx GET https://HIDDEN_VCD_URL/api/admin/org/...
2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Req header:
2024/08/06 xx:xx:xx     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Client-Request-Id: [11-2024-08-06-23-54-23-001-]
2024/08/06 xx:xx:xx     X-Vcloud-Authorization: [...]
2024/08/06 xx:xx:xx     Accept: [application/*+xml;version=37.0]
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response caller vcd.datasourceVcdOrgRead-->govcd.(*VCDClient).GetAdminOrgByNameOrId-->govcd.getEntityByNameOrId-->govcd.(*VCDClient).GetAdminOrgByNameOrId.func1-->govcd.(*VCDClient).GetAdminOrgByName-->govcd.(*Client).executeRequest-->govcd.decodeBody
2024/08/06 xx:xx:xx Response status 200 OK
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response header:
2024/08/06 xx:xx:xx     Date: [Tue, 06 Aug 2024 21:54:23 GMT]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Id: [11-2024-08-06-23-54-23-001--bb66eb52-2c8f-4144-ba4e-4faec5524ad3]
2024/08/06 xx:xx:xx     Content-Type: [application/vnd.vmware.admin.organization+xml;version=37.0]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Execution-Time: [173]
2024/08/06 xx:xx:xx     Cache-Control: [no-store, must-revalidate]
2024/08/06 xx:xx:xx     Vary: [Accept-Encoding]
2024/08/06 xx:xx:xx Response text: [63902]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AdminOrg xmlns="http://www.vmware.com/vcloud/v1.5"
...
</AdminOrg>

2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Request caller: govcd.getMetadata-->govcd.getMetadata-->govcd.executeRequestWithApiVersion-->govcd.executeRequestWithApiVersion-->govcd.executeRequestCustomErr-->govcd.executeRequestCustomErr-->govcd.(*Client).newRequest
2024/08/06 xx:xx:xx GET https://HIDDEN_VCD_URL/api/admin/org/.../metadata/
2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Req header:
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Client-Request-Id: [12-2024-08-06-23-54-23-202-]
2024/08/06 xx:xx:xx     X-Vcloud-Authorization: [...]
2024/08/06 xx:xx:xx     Accept: [application/*+xml;version=37.0]
2024/08/06 xx:xx:xx     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response caller vcd.setOrgData-->vcd.updateMetadataInStateDeprecated-->vcd.updateMetadataInStateDeprecated.func1-->govcd.(*AdminOrg).GetMetadata-->govcd.getMetadata-->govcd.getMetadata-->govcd.(*Client).executeRequest-->govcd.decodeBody
2024/08/06 xx:xx:xx Response status 200 OK
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response header:
2024/08/06 xx:xx:xx     Date: [Tue, 06 Aug 2024 21:54:23 GMT]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Id: [12-2024-08-06-23-54-23-202--2d8c7781-f57f-49e8-82c4-44287126cf2a]
2024/08/06 xx:xx:xx     Content-Type: [application/vnd.vmware.vcloud.metadata+xml;version=37.0]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Execution-Time: [18]
2024/08/06 xx:xx:xx     Cache-Control: [no-store, must-revalidate]
2024/08/06 xx:xx:xx     Vary: [Accept-Encoding]
2024/08/06 xx:xx:xx     Content-Length: [2874]
2024/08/06 xx:xx:xx Response text: [2874]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Metadata xmlns="http://www.vmware.com/vcloud/v1.5"
...
</Metadata>

2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Request caller: govcd.getMetadata-->govcd.getMetadata-->govcd.executeRequestWithApiVersion-->govcd.executeRequestWithApiVersion-->govcd.executeRequestCustomErr-->govcd.executeRequestCustomErr-->govcd.(*Client).newRequest
2024/08/06 xx:xx:xx GET https://HIDDEN_VCD_URL/api/admin/org/.../metadata/
2024/08/06 xx:xx:xx --------------------------------------------------------------------------------
2024/08/06 xx:xx:xx Req header:
2024/08/06 xx:xx:xx     X-Vcloud-Authorization: [...]
2024/08/06 xx:xx:xx     Accept: [application/*+xml;version=37.0]
2024/08/06 xx:xx:xx     User-Agent: [terraform-provider-vcd/v3.5.0-312-gb849e32 (linux/amd64; isProvider:true)]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Client-Request-Id: [13-2024-08-06-23-54-23-235-]
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response caller vcd.setOrgData-->vcd.updateMetadataInStateDeprecated-->vcd.updateMetadataInState-->govcd.(*AdminOrg).GetMetadata-->govcd.getMetadata-->govcd.getMetadata-->govcd.(*Client).executeRequest-->govcd.decodeBody
2024/08/06 xx:xx:xx Response status 200 OK
2024/08/06 xx:xx:xx ################################################################################
2024/08/06 xx:xx:xx Response header:
2024/08/06 xx:xx:xx     Cache-Control: [no-store, must-revalidate]
2024/08/06 xx:xx:xx     Vary: [Accept-Encoding]
2024/08/06 xx:xx:xx     Content-Length: [2874]
2024/08/06 xx:xx:xx     Date: [Tue, 06 Aug 2024 21:54:23 GMT]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Id: [13-2024-08-06-23-54-23-235--42e0d1f4-a0c7-488b-a51a-b588e26fe153]
2024/08/06 xx:xx:xx     Content-Type: [application/vnd.vmware.vcloud.metadata+xml;version=37.0]
2024/08/06 xx:xx:xx     X-Vmware-Vcloud-Request-Execution-Time: [17]
2024/08/06 xx:xx:xx Response text: [2874]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Metadata xmlns="http://www.vmware.com/vcloud/v1.5"
...
</Metadata>

@mnspodrska
Copy link

@Didainius do you need me to run some other tests?
It seems that requests with Accept: [application/json;version=38.1] fail

@Didainius
Copy link
Collaborator Author

@Didainius do you need me to run some other tests? It seems that requests with Accept: [application/json;version=38.1] fail

Yeah, I still have to look at what could go wrong here. You're on 10.5.1, right?

@Didainius
Copy link
Collaborator Author

BTW. The X-Vcloud-Authorization have the same tokens in all cases, right?

@mnspodrska
Copy link

Yes, VCD is 10.5.1, and X-Vcloud-Authorization is the same in all requests, 200 or 401

@Didainius Didainius marked this pull request as draft August 13, 2024 09:33
@Didainius
Copy link
Collaborator Author

@mnspodrska ,
Tricky to find the cause. One query though - did this work with your original PR? vmware/go-vcloud-director#637

@mnspodrska
Copy link

mnspodrska commented Aug 13, 2024
edited
Loading

It couldn't work because we were not upgraded to VCD 10.5.1 as it was just published at the time.

@Didainius
Copy link
Collaborator Author

It couldn't work because we were not upgraded to VCD 10.5.1 as it was just published at the time.

Ok, just in case - could you try our PR branch now? If you need - I can make a branch of Terraform that would consume yours. I am just curious if something slipped in the cracks of my implementation or it is instead a general issue that has to be tackled

@mnspodrska
Copy link

You want me to test if vmware/go-vcloud-director#637 works with 10.5.1? I will try do it by friday.

@mnspodrska
Copy link

@Didainius Sorry I couldn't get back on this as I promised. I have tested now to compile latest https://github.com/vmware/terraform-provider-vcd compiled with vmware/go-vcloud-director#637 and the results are the same as we saw in this PR - requests with Accept: [application/*+xml;version=37.0] are working, and requests with Accept: [application/json;version=38.1] are failing with "Response status 401 Unauthorized" and message
{
"minorErrorCode": "NOT_AUTHENTICATED",
"message": "[ 8-2024-08-20-01-13-04-187--61bae5d1-6195-4b8a-b2df-077c5f183845 ] This operation is denied.",
"stackTrace": null
}

@Didainius
Copy link
Collaborator Author

@Didainius Sorry I couldn't get back on this as I promised. I have tested now to compile latest https://github.com/vmware/terraform-provider-vcd compiled with vmware/go-vcloud-director#637 and the results are the same as we saw in this PR - requests with Accept: [application/*+xml;version=37.0] are working, and requests with Accept: [application/json;version=38.1] are failing with "Response status 401 Unauthorized" and message { "minorErrorCode": "NOT_AUTHENTICATED", "message": "[ 8-2024-08-20-01-13-04-187--61bae5d1-6195-4b8a-b2df-077c5f183845 ] This operation is denied.", "stackTrace": null }

Thank you! I will try to find out more about this.

@Didainius
Switch tokens
7ebb6c3 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius Didainius force-pushed the adfs-saml-customisation branch from 5139ed5 to 7ebb6c3 Compare August 21, 2024 08:35
@Didainius
Copy link
Collaborator Author

@mnspodrska,
I suspect I know what is wrong. Newer API versions expect bearer token. I have adjusted the code - could you try out latest branches?

@mnspodrska
Copy link

It works! Than you very much!

@mnspodrska
Copy link

@Didainius feel free to tell me if you need me to provide more information or if anything else needs to be tested.

@Didainius
Bump sdk
3f8cb10 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius
merge up main
c4e0f7e 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius
Improve changelog
ff8d6ca 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius
Copy link
Collaborator Author

@Didainius feel free to tell me if you need me to provide more information or if anything else needs to be tested.

I have improved tests in the SDK and will open up for final team reviews now. It should be good after that

@Didainius Didainius marked this pull request as ready for review August 22, 2024 06:43
@Didainius
Merge main, bump sdk
9f15361 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius
Remove replace in go.mod
bc0b1b8 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius
Merge branch 'main' into adfs-saml-customisation
f55aa3f 
Signed-off-by: Dainius Serplis <[email protected]>
@Didainius Didainius merged commit 0db08fe into vmware:main Sep 10, 2024
3 checks passed
@Didainius Didainius deleted the adfs-saml-customisation branch September 10, 2024 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lvirbalas lvirbalas lvirbalas approved these changes

@adambarreiro adambarreiro adambarreiro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Didainius @mnspodrska @adambarreiro @lvirbalas