Skip to content

Provider returns non-JSON 403 responses and offers no usable debug output (v2.3.2) #18

New issue
New issue
Open
Open
Provider returns non-JSON 403 responses and offers no usable debug output (v2.3.2)#18
@dd-ssc

Description

@dd-ssc
dd-ssc
opened on Mar 1, 2026

Summary

The pulumiverse-gandi provider appears unusable for managing existing domains in my account.

  • Any gandi:domains/domain:Domain resource fails during refresh/import.
  • The provider returns:
    Response body is not json for status 403
  • No meaningful debug output is available, even with Pulumi and Terraform logging enabled.

At the moment, the provider is effectively a brick wall for troubleshooting.

Environment

  • Pulumi CLI: (current stable)
  • pulumiverse-gandi: 2.3.2
  • Python
  • macOS (arm64)

Problem 1 – Non-JSON 403 response

When attempting to manage or import an existing domain:

gandi:domains/domain:Domain resource 'example.dev':
error: sdk-v2/provider2.go:572: sdk.helper_schema:
Response body is not json for status 403

Pulumi stack error:

error: 1 error occurred:
    * Response body is not json for status 403

The failure happens during refresh/read before any create attempt.

The provider appears to be calling an endpoint that returns HTML instead of JSON, and then fails while parsing it.

Manual API tests using the same token confirm:

  • The API key is valid.
  • The account is reachable.
  • Some endpoints return HTML (Cannot GET ...) instead of JSON.

The provider does not surface:

  • The full URL being called
  • The HTTP response body
  • Any structured error information

This makes diagnosis impossible.

Problem 2 – No usable debug output

Tried all documented logging mechanisms:

export PULUMI_LOG_LEVEL=debug
export PULUMI_DEBUG_GRPC=1
export TF_LOG=DEBUG
export TF_LOG_PATH=./tf-provider.log

Result:

  • AWS provider logs appear normally.
  • Gandi provider produces no additional HTTP trace.
  • No request URL, headers, or response body shown.
  • Only the generic “Response body is not json for status 403”.

Without HTTP-level logs, it is impossible to determine:

  • Which endpoint is being called
  • Whether the Authorization header is sent
  • What the raw response body contains
  • Whether the error originates from the registrar API or the provider itself

Expected Behavior

  1. If the API returns non-JSON, the provider should:
    • Surface the raw response body in the error.
    • Include the request URL and status code.
  2. The provider should honor TF_LOG and output HTTP request/response traces.
  3. It should be possible to import or refresh an existing domain without opaque 403 parsing failures.

Impact

Currently:

  • Managing existing Gandi domains via Pulumi is not possible.
  • Importing domains is not possible.
  • Troubleshooting is not possible due to lack of logging.

The provider is effectively unusable for non-trivial real-world scenarios.

Questions

  1. Is v2.3.2 known to have issues with v5 API endpoints?
  2. Is there a documented way to enable HTTP-level debug logging?
  3. Are there known incompatibilities with certain Gandi account types?

If additional diagnostics are needed, I am happy to provide them — but at minimum, the provider should expose raw HTTP errors so users can debug API issues themselves.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions