terraform-provider-proxmox: Can't Use API Token/Secret

I just tried upgrading the proxmox provider from 2.9.11 to 2.9.13 and am getting the same error when trying to use tokens. Rolling back to 2.9.11 resolves the issue, so I suspect something breaks as part of the upgrade. 😦

I have tested it. Getting now this:

│ Error: user terraform-prov@pve has valid credentials but cannot retrieve user list, check privilege separation of api token
│ 
│   with provider["registry.terraform.io/telmate/proxmox"],
│   on provider.tf line 13, in provider "proxmox":
│   13: provider "proxmox" {

The user has been created as written in the documentation. In the UI I see this:

Toggling the checkbox doesn’t change the error message.

I’m feeding these credentials via variables plus tfvars file (manual test) or var-flags (pipeline runs).

variable "pm_api_base_url" {}
variable "pm_api_token_id" {}
variable "pm_api_token_secret" {}

Switching back to 2.9.11 makes the setup work again.

Should be fixed in 2.9.14

Merged request : #649

still I dont’ understand how this is not working for you since the same setup works on my side.

@mleone87 it was my mistake. It was not enough permissions for new version of provider. I needed just grant privileges for role as describe in current version of documentation and problem has been solved.

Can confirm this seems to happen when I upgrade to 2.9.13 as well, I’ve tried with PVE users, PAM users and the root user…

│ Error: user does not exist or has insufficient permissions on proxmox: terraform-prov@pve!terraform-token
│
│   with provider["registry.terraform.io/telmate/proxmox"],
│   on main.tf line 10, in provider "proxmox":
│   10: provider "proxmox" {
│

│ Error: user does not exist or has insufficient permissions on proxmox: ethan@pam!terraform-prov
│
│   with provider["registry.terraform.io/telmate/proxmox"],
│   on main.tf line 10, in provider "proxmox":
│   10: provider "proxmox" {
│

│ Error: user does not exist or has insufficient permissions on proxmox: root@pam!terraform-prov
│
│   with provider["registry.terraform.io/telmate/proxmox"],
│   on main.tf line 10, in provider "proxmox":
│   10: provider "proxmox" {
│

The additional permissions needed are: Sys.Audit, Sys.Modify, Sys.Console. There is already an open issue about this being more permissions than is actually needed to deploy a VM. 784. I’ll switch to that ticket to try to get these documented in the Creating the user and role for terraform section of the documentation. Hopefully this addresses @JamborJan’s question about what permissions are required.

The other breaking change that was introduced by 2.9.13 is related to the disk -> backup field. The field was changed from a number to a boolean, the default was changed from false to true, and the old values from your terraform.tfstate file are now rejected instead of being converted to the correct type. See issue 702 for a workaround of manually editing each of your terraform.tfstate files.

In my opinion, after #784 is resolved (e.g. the additional permissions are either removed, or at least documented), this ticket should be able to be closed.

I’ve been locked in at v2.9.11 since February to work around this issue. If it’s expected to be fixed in the latest release, I can upgrade and re-test so we can get one step closer to closing or resolving the issue.