[SOLVED] Use of uninitialized value $realm in hash element

[jheady]

I'm getting an error about the $realm value not being initialized when trying to authenticate with the API. This is for a packer build, and I was able to build without any errors previously. The full error from the syslog is as follow:

Jan 20 11:08:49 pve pvedaemon[1600468]: Use of uninitialized value $realm in hash element at /usr/share/perl5/PVE/AccessControl.pm line 1171.
Jan 20 11:08:49 pve pvedaemon[1600468]: authentication failure; rhost=::ffff:10.0.42.36 user=jheady@pve!packer msg=value 'jheady@pve!packer' does not look like a valid user name

The above is my most recent attempt using a newly generated API token. I've created multiple new tokens, even had one for root@pam user. Each attempt, I still get the same error message about the uninitialized value, followed by the user name not looking valid. Looking into the source code, I can see where the AccessControl calls for Auth/Plugin.pm. Here's the regex that it's using:

our $realm_regex = qr/[A-Za-z][A-Za-z0-9\.\-_]+/;
our $user_regex = qr![^\s:/]+!;

I know I messed something up. I tried to pass the motherboard's SATA controller to a VM, which locked everything up (lesson learned). Attempts to do anything in the GUI received errors about a read only file system. Wasn't even able to get into the CLI to issue a shutdown command. Had to pull the plug. When I powered it back up, all the VMs started up without any errors, so I thought no harm done. Until I tried to do a new packer build and received the error. I'm sure something got corrupted in the system somewhere as a result of my actions. I'd like to see if it can be fixed before I resort to wiping the system and do a rebuild.

 

[nunner]

Hi,

what parts of the API are you trying to access? Not all endpoints are accessible through tokens. While it is strange that it seems to have worked before (?), looking at the relevant part in the code it seems that the token is actually making the regex not match at all, which leads to the realm being empty, indicating that this would only be available for username + realm auth…

 

[jheady]

I'm not certain what all parts of the API are in use. I'm using packer to generate an image/template.

Token id

proxmox_api_token_id = "jheady@pve!packer"

Connection settings from the packer build file

    # Proxmox connection settings
    proxmox_url = "${var.proxmox_api_url}"
    username = "${var.proxmox_api_token_id}"
    password = "${var.proxmox_api_token_secret}"

With the variables defined

variable "proxmox_api_url" {
    type = string
}

variable "proxmox_api_token_id" {
    type = string
}

variable "proxmox_api_token_secret" {
    type = string
    sensitive = true
}

Yes, it did work before. I've got 2 templates that I built out using packer. I've also got some VMs built from those templates that were built using terraform.

I tested terraform, and it's able to clone the existing templates and build VMs. With terraform able to connect, I diffed my current failing build file against one of the ones that worked. It looks like I've called the secret wrong. Instead of password= it should be token=. With that change in place, I'm no longer seeing the error, and the build runs as expected.