# p0 request

Below is a troubleshooting guide for `p0 request`, organized into seven categories. Each section uses a table to show common symptoms, their likely causes, and resolutions.

***

### 1. Authentication & Authorization Failures

| Symptom                                                          | Cause                                                                  | Resolution                                                                                                                                                                                                   |
| ---------------------------------------------------------------- | ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `Error: Permission denied: iam.roles.get on projects/my-project` | P0’s service account lacks rights to fetch or provision that resource. | Grant the P0 service account the needed IAM role (e.g. `roles/iam.roleViewer` on GCP, or `iam:GetRole` on AWS). ([Google Cloud](https://cloud.google.com/iam/docs/roles-permissions?utm_source=chatgpt.com)) |

***

### 2. Network & Connectivity Issues

| Symptom                                                  | Cause                                                 | Resolution                                                                                                 |
| -------------------------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| `connect ECONNREFUSED https://<tenant>/o/<org>/command/` | Outbound HTTPS is blocked by firewall or proxy.       | Allow HTTPS to your P0 API endpoint; if behind a corporate proxy, set `HTTPS_PROXY` / `HTTP_PROXY`.        |
| `getaddrinfo ENOTFOUND <tenant>`                         | DNS resolution failure for your P0 tenant domain.     | Verify DNS can resolve `<tenant>`; if needed, add an `/etc/hosts` entry or fix your network DNS settings.  |
| `Request timed out connecting to host`                   | Extremely slow or unreliable network to the endpoint. | Increase the CLI’s HTTP timeout in `~/.p0/config.json` under `"timeout"`, or improve network connectivity. |

***

### 3. Flag & Usage Errors

| Symptom                           | Cause                                                      | Resolution                                                                                                                        |
| --------------------------------- | ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| `unknown option '--lenght'`       | Typo in the flag name.                                     | Correct the spelling (`--length`) or run `p0 request --help` to see valid flags. ([GitHub](https://github.com/p0-security/p0cli)) |
| `Missing required flag: --reason` | Your org policy mandates a `--reason`, but you omitted it. | Always supply a justification: `--reason "Debugging issue"`                                                                       |

***

### 4. Subcommand & Provider Validation

| Symptom                                                                    | Cause                                                           | Resolution                                                                                                                              |
| -------------------------------------------------------------------------- | --------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| `Subcommand is required for aws. Run 'p0 request aws --help' for details.` | You specified `aws` but didn’t include `role`, `resource`, etc. | Add the correct subcommand. e.g.:`p0 request aws role MyReadOnlyRole --reason "Audit"` ([GitHub](https://github.com/p0-security/p0cli)) |

***

### 5. Pagination & Truncation Questions

| Symptom                                  | Cause                                                                                                                                 | Resolution                                                                                                                                             |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| “Showing the first N” though more exist  | The CLI fetches an extra page to detect truncation; your `--size` only controls how many are **displayed**, not how many are fetched. | Increase `--size` (e.g. `--size 200`), or use `--like <term>` to filter results and avoid truncation. ([GitHub](https://github.com/p0-security/p0cli)) |
| isTruncated=true with no `--like` filter | The backend is signaling more results exist, but you haven’t narrowed the query.                                                      | Add a search term after your subcommand, e.g.:`p0 ls aws resource logs --like auth`                                                                    |

***

### 6. Debugging Tips

<table><thead><tr><th>Task</th><th>Command / Action</th></tr></thead><tbody><tr><td><strong>Enable debug logs</strong></td><td><code>p0 request aws role MyRole --reason "test"</code></td></tr><tr><td><strong>Inspect local config</strong></td><td><code>cat ~/.p0/config.json</code>Verify fields like <code>appUrl</code>, <code>timeout</code>, proxy settings.</td></tr><tr><td><strong>Test API directly</strong></td><td><pre><code>curl -X POST https:///o//command/ \
-H "Authorization: Bearer $(p0 debug-token)" \
-d '{"argv":["request","aws","role","MyRole"],"scriptName":"p0"}'
</code></pre></td></tr><tr><td><strong>Validate Integration State</strong></td><td>Use the native CLI/console to confirm resource existence:<br><code>aws iam list-roles</code><br><code>gcloud iam roles list --project my-project</code></td></tr></tbody></table>
Task	Command / Action
Enable debug logs	`p0 request aws role MyRole --reason "test"`
Inspect local config	`cat ~/.p0/config.json`Verify fields like `appUrl`, `timeout`, proxy settings.
Test API directly	`curl -X POST https:///o//command/ \ -H "Authorization: Bearer $(p0 debug-token)" \ -d '{"argv":["request","aws","role","MyRole"],"scriptName":"p0"}'`
Validate Integration State	Use the native CLI/console to confirm resource existence: `aws iam list-roles` `gcloud iam roles list --project my-project`