[Solved] Terraform says Invalid Token, but only sometimes
I have the Linode API token in my environment in a variable LINODE_TOKEN.
When I run terraform, about 50% of the time I get:
Error: Error finding the specified Linode instance: [401] Invalid Token
And immediately before, and immediately after that, it works fine (or, it doesn't. 50/50). No change to the env, no shell restarts, nothing.
Why does it work sometimes? Anyone else seen this?
I'm running it from my orchestrator linode.
I'm running a command like 'terraform plan -out plan', btw.
Some choice terraform logs showing versions:
2021/06/06 00:35:50 [INFO] Terraform version: 0.14.7
2021/06/06 00:35:50 [INFO] Go runtime version: go1.15.6
2021-06-06T00:35:51.877Z [DEBUG] plugin: plugin started: path=.terraform/providers/registry.terraform.io/linode/linode/1.18.0/linux_amd64/terraform-provider-linode_v1.18.0 pid=26662
And the http request/response:
GET /v4/linode/instances/[REDACTED] HTTP/1.1
Host: api.linode.com
User-Agent: HashiCorp Terraform/0.14.7 (+https://www.terraform.io) Terraform Plugin SDK/2.6.0 terraform-provider-linode/dev
Accept: application/json
Content-Type: application/json
Accept-Encoding: gzip
HTTP/2.0 401 Unauthorized
Content-Length: 41
Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, X-Filter
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=0, s-maxage=0, no-cache, no-store
Content-Type: application/json
Date: Sun, 06 Jun 2021 00:35:53 GMT
Retry-After: 60
Server: nginx
Vary: Authorization, X-Filter
X-Accepted-Oauth-Scopes: linodes:read_only
X-Frame-Options: DENY
X-Oauth-Scopes: unknown
X-Ratelimit-Limit: 800
X-Ratelimit-Remaining: 794
X-Ratelimit-Reset: 1622939814
X-Spec-Version: 4.94.1
{
"errors": [
{
"reason": "Invalid Token"
}
]
}
And here's a request/response that works:
GET /v4/linode/instances/[REDACTED but same as before] HTTP/1.1
Host: api.linode.com
User-Agent: HashiCorp Terraform/0.14.7 (+https://www.terraform.io) Terraform Plugin SDK/2.6.0 terraform-provider-linode/dev
Accept: application/json
Content-Type: application/json
Accept-Encoding: gzip
HTTP/2.0 200 OK
Content-Length: 678
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, X-Filter
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Status
Cache-Control: private, max-age=180
Cache-Control: private, max-age=60, s-maxage=60
Content-Security-Policy: default-src 'none'
Content-Type: application/json
Date: Sun, 06 Jun 2021 00:52:10 GMT
Retry-After: 60
Server: nginx
Strict-Transport-Security: max-age=31536000
Vary: Authorization, X-Filter
Vary: Authorization, X-Filter
X-Accepted-Oauth-Scopes: linodes:read_only
X-Content-Type-Options: nosniff
X-Customer-Uuid: [REDACTED]
X-Frame-Options: DENY
X-Frame-Options: DENY
X-Oauth-Scopes: domains:read_write ips:read_write linodes:read_write
X-Ratelimit-Limit: 800
X-Ratelimit-Remaining: 798
X-Ratelimit-Reset: 1622940791
X-Spec-Version: 4.94.1
X-Xss-Protection: 1; mode=block
{
// json body follows
It's not rate-limiting, as shown by the "X-Ratelimit-Remaining: 794" on the failed response.
4 Replies
I don’t know anything about Terraform but could it be that the token has expired? My recollection is the tokens are only valid for 2 hours before needing to be refreshed.
I just realized the linode-cli (installed via pip) seems to work fine. This may be an issue with the terraform provider.
Got it! Because I'm doing submodule stuff, it appeared transient. I'm not sure why, I'm not familiar with how providers do things internally.
I wasn't supposed to put this literally, it's wrong:
provider "linode" {
token = "$LINODE_TOKEN"
}
That's just a documentation placeholder for the actual token. It's right next to stuff that taks about env variables, hence the confusion.