failed to retrieve authentication response

[RickBankers]

Every time I try apply I get the following error:
failed to retrieve authentication response

Ive tried different provider configs and messed with adding the port, Adding the port and/or adding /api2/json and I get ticket errors. Plans runner successfully and I am using an account with the correct permissions. Here is my providers example:

terraform {
backend "http" {
}
required_providers {
proxmox = {
source = "bpg/proxmox"
version = "0.14.0"
}
}
}

provider "proxmox" {
virtual_environment {
endpoint = "https://10.0.0.25"
username = "user123"
password = "mypassword"
insecure = true
}
}

---

erraform has been successfully initialized!
proxmox_virtual_environment_file.alpine_container_template: Creating...
proxmox_virtual_environment_file.alpine_container_template: Still creating... [10s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [20s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [30s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [40s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [50s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [1m0s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [1m10s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [1m20s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [1m30s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [1m40s elapsed]
proxmox_virtual_environment_file.alpine_container_template: Still creating... [1m50s elapsed]
╷
│ Error: failed to retrieve authentication response
│
│ with proxmox_virtual_environment_file.alpine_container_template,
│ on file.tf line 1, in resource "proxmox_virtual_environment_file" "alpine_container_template":
│ 1: resource "proxmox_virtual_environment_file" "alpine_container_template" {

[bpg]

Hey @RickBankers! 👋🏼
Could you try endpoint = "https://10.0.0.25:8006/" in your config?

I think the documentation needs to be improved. Provider doesn't add PVE port number by default, and the result error is really cryptic.

[RickBankers]

Same error. I tried the port, port without slash, port with slash, adding the /api2/json etc and get the same error.

[bpg]

Also, the username should include the authentication realm, e.g.<user>@pam, and only Linux PAM users are fully supported at the moment.

For my local test server the provider sections looks exactly like this:

provider "proxmox" {
  virtual_environment {
    endpoint = "https://10.0.0.2:8006/"
    username = "root@pam"
    password = "password"
    insecure = true
  }
}

[RickBankers]

That's the format I'm using. I've also verified I can call the api via curl and get the ticket and CSRFPreventionToken and use those via curl on the host. I enabled TF_LOG_PROVIDER debug to my last run and below is the output. I'm not familiar with golang but It looks like the problem exists on line 55 of the virtual_environment_authentication.go file?

Thanks for the help with this.

2023-03-18T14:19:02.160Z [ERROR] provider.terraform-provider-proxmox_v0.14.0: Response contains error diagnostic: @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR tf_proto_version=5.3 tf_resource_type=proxmox_virtual_environment_group diagnostic_summary="failed to retrieve authentication response" tf_provider_addr=registry.terraform.io/bpg/proxmox tf_req_id=1e0ac0b7-98ba-7729-914a-be3f094cd673 tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 timestamp=2023-03-18T14:19:02.159Z
╷
│ Error: failed to retrieve authentication response
│
│ with proxmox_virtual_environment_group.operations_team,
│ on file.tf line 11, in resource "proxmox_virtual_environment_group" "operations_team":
│ 11: resource "proxmox_virtual_environment_group" "operations_team" {
│
╵
2023-03-18T14:19:02.211Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-03-18T14:19:02.213Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/bpg/proxmox/0.14.0/linux_amd64/terraform-provider-proxmox_v0.14.0 pid=46
2023-03-18T14:19:02.213Z [DEBUG] provider: plugin exited

[bpg]

It's really hard to say what goes wrong with authentication. The error you see is coming from here: https://github.com/bpg/terraform-provider-proxmox/blob/main/proxmox/virtual_environment_authentication.go#L57, as a result of making .../access/ticket POST request to PVE. But that was working for you via curl 🤔
I just want to confirm that you've executed the curl requests from the same host as terraform apply.

In the first log I see ~2min timeout before you got an error, which could indicate some sort of connectivity issues, for example, a firewall dropping traffic, or something like that. My next step would probably be take tcpdump / Wireshark and look at the network traffic between you management host and PVE to see what's actually going on on the wire.

[bpg]

v0.14.1 should print more details, if available, in case of failed to retrieve authentication response error.

[RickBankers]

It's working!! Thanks for adding that detail! It was a firewall issue. The confusion I had was that the terraform init succeeded so I was assuming it had to validate access to the proxmox server based on the providers config. It looks like it only ever accesses the proxmox server on the apply. Is that standard provider? Shouldn't the provider validate access to the destination during the terraform init? Thank you SOOO much for the help with this!

[bpg]

Glad you solved it! 👍🏼
terraform init is primarily to initialize working directories, check versions of providers and modules and load those that are missing, initialize the backend (local or terraform cloud) etc, etc. No provider is actually called at this time.