Unable to use provider with no access to /me api endpoint

[goblain]

Expected Behavior

Having OVH Api application credentials I should be able to manage resources I have been granted access to.

Actual Behavior

If access to API on /me URI was not granted the provider fails to run with

* provider.ovh: OVH client seems to be misconfigured: "Error 403: \"This call has not been granted\""    

Suggested solution

For verification of client connection switch from /me to /auth/time which returns unix timestamp and does not require explicit access rights granted.
While no authentication is required to access this endpoint, if provided and invalid it will still fail.

[yanndegat]

hi @goblain
this is a good point

yet, fact is /auth/me requires not auth at all
i think we should prefer auth/currentCredential

what do you think?

[goblain]

as far as I can see on https://api.ovh.com/console/#/auth /auth/currentCredential is an authenticated endpoint, meaning it will result in more or less the same issue as with /me (will require explicitly granted permissions to read).

I bumped into this while working with a restricted client I was provided for OVH account that I'm supposed to use. One way would be to ask for a token that does allow access to the "test" endpoint, but I think that by using unauthenticated endpoint for client testing it is clearer that you only need to have access to the API endpoints for the resources that will actualy be managed.

[yanndegat]

then maybe we shall instead remove the "test" in the provider config and let the API return errors or not.?

[goblain]

looks like my assumption was wrong, just done some testing and it seems that using /auth/currentCredentials is ok

[goblain]

https://github.com/terraform-providers/terraform-provider-ovh/pull/29 updated accordingly