Getting POST API call to https://api.pagerduty.com/schedules failed 403 Forbidden

I am new to PD. I am running a pretty basic learning setup. I am using Terraform to deploy . My sample code looks like

# Configure the PagerDuty provider
terraform {
  required_providers {
    pagerduty = {
      source = "pagerduty/pagerduty"
    }
  }
}
provider "pagerduty" {}
data "pagerduty_team" "pipelineinfra" { name = "CX-EC_Pipeline_Infra" }
data "pagerduty_user" "junaid_subhani" { email = "junaid.subhani@sap.com" }
locals {
  teamWhitestar = "whitestar"
  membersWhitestar = [
    data.pagerduty_user.junaid_subhani.id
  ]
}
resource "pagerduty_schedule" "whitestar" {
  name        = "test"
  time_zone   = "Europe/Berlin"
  layer {
    name                         = "primary"
    start                        = "2021-01-25T11:57:39+01:00"
    rotation_virtual_start       = "2021-01-25T07:00:00+01:00" # do not touch that value except you want to mix the schedule fresh, it will refresh the upcoming schedule
    rotation_turn_length_seconds = 604800
    users = local.membersWhitestar
  }
}

When trying to deploy this, Im getting the error

  Enter a value: yes
pagerduty_schedule.whitestar: Creating...
Error: POST API call to https://api.pagerduty.com/schedules failed 403 Forbidden. Code: 2010, Errors: <nil>, Message: Access Denied
  on main.tf line 27, in resource "pagerduty_schedule" "whitestar":
  27: resource "pagerduty_schedule" "whitestar" {

I am using my personal access token and my role in my team is Manager. If I try to run the following code

resource "pagerduty_team_membership" "foo" {
  user_id = data.pagerduty_user.junaid_subhani.id
  team_id = data.pagerduty_team.pipelineinfra.id
  role    = "manager"
}

This works perfectly fine

pagerduty_team_membership.foo: Creating...
pagerduty_team_membership.foo: Creation complete after 1s [id=P7Y4PDN:PLVOJV8]

Apply complete! Resources: 1 added, 0 changed, 1 destroyed.

So I am trying to figure out why I cant create schedules using TF :frowning:

It looks like your base-role is observer, which means you can only create schedules within your team. However, currently, the API doesn’t allow any way to specify a team in the POST request to create the schedule since it’s a read-only field, a schedule can’t be created via the API by any user with permissions lower than manager, which is why you’re receiving the access denied error. Given that it’s not possible via the API, it’s not possible via Terraform either.

1 Like