API Token permissions for reading DNSSEC info of a Zone

Hi there,

I’m trying to start managing my stuff with IaC - specifically Terraform. One of the things I try to do is make sure DNSSEC is enabled and get infos on the DNSSEC properties of each of my zones, via cloudflare_zone_dnssec. Now, according to the Cloudflare API v4 Documentation I need the #zone_settings:read permission for GETting the status and #zone_settings:edit for setting it, which for all Zones in my account I added to my Token used by Terraform.

However, I still get an Authentication error from Cloudflare - what am I doing wrong here? :thinking::

2022-07-13T14:37:34.822Z [DEBUG] provider.terraform-provider-cloudflare_v3.19.0: Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
GET /client/v4/zones/<MYZONEID>/dnssec HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.2.4 terraform-plugin-sdk/2.10.1 terraform-provider-cloudflare/dev
Authorization: Bearer redacted
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2022-07-13T14:37:34.822Z
2022-07-13T14:37:35.052Z [DEBUG] provider.terraform-provider-cloudflare_v3.19.0: Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 403 Forbidden
Cf-Cache-Status: DYNAMIC
Cf-Ray: 72a2c1e59fd79b80-FRA
Content-Type: application/json
Date: Wed, 13 Jul 2022 14:37:35 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: __cflb=redacted; SameSite=Lax; path=/; expires=Wed, 13-Jul-22 17:07:36 GMT; HttpOnly
Set-Cookie: __cfruid=redacted-1657723055; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding

{
 "success": false,
 "errors": [
  {
   "code": 10000,
   "message": "Authentication error"
  }
 ]
}

-----------------------------------------------------: timestamp=2022-07-13T14:37:35.052Z
2022-07-13T14:37:35.052Z [ERROR] provider.terraform-provider-cloudflare_v3.19.0: Response contains error diagnostic: diagnostic_detail= tf_proto_version=5.2 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="error finding Zone DNSSEC "<MYZONEID>": Authentication error (10000)" tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=4541af63-9d77-08ac-97fc-c2a7d1235bb2 @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:56 tf_rpc=ApplyResourceChange tf_resource_type=cloudflare_zone_dnssec timestamp=2022-07-13T14:37:35.052Z
2022-07-13T14:37:35.052Z [ERROR] vertex "module.domains[\"<MYDOMAINAME>\"].cloudflare_zone_dnssec.this" error: error finding Zone DNSSEC "<MYZONEID>": Authentication error (10000)

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.