# p0 request

Below is a troubleshooting guide for `p0 request`, organized into seven categories. Each section uses a table to show common symptoms, their likely causes, and resolutions.

***

### 1. Authentication & Authorization Failures

| Symptom                                                          | Cause                                                                  | Resolution                                                                                                                                                                                                   |
| ---------------------------------------------------------------- | ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `Error: Permission denied: iam.roles.get on projects/my-project` | P0’s service account lacks rights to fetch or provision that resource. | Grant the P0 service account the needed IAM role (e.g. `roles/iam.roleViewer` on GCP, or `iam:GetRole` on AWS). ([Google Cloud](https://cloud.google.com/iam/docs/roles-permissions?utm_source=chatgpt.com)) |

***

### 2. Network & Connectivity Issues

| Symptom                                                  | Cause                                                 | Resolution                                                                                                 |
| -------------------------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| `connect ECONNREFUSED https://<tenant>/o/<org>/command/` | Outbound HTTPS is blocked by firewall or proxy.       | Allow HTTPS to your P0 API endpoint; if behind a corporate proxy, set `HTTPS_PROXY` / `HTTP_PROXY`.        |
| `getaddrinfo ENOTFOUND <tenant>`                         | DNS resolution failure for your P0 tenant domain.     | Verify DNS can resolve `<tenant>`; if needed, add an `/etc/hosts` entry or fix your network DNS settings.  |
| `Request timed out connecting to host`                   | Extremely slow or unreliable network to the endpoint. | Increase the CLI’s HTTP timeout in `~/.p0/config.json` under `"timeout"`, or improve network connectivity. |

***

### 3. Flag & Usage Errors

| Symptom                           | Cause                                                      | Resolution                                                                                                                        |
| --------------------------------- | ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| `unknown option '--lenght'`       | Typo in the flag name.                                     | Correct the spelling (`--length`) or run `p0 request --help` to see valid flags. ([GitHub](https://github.com/p0-security/p0cli)) |
| `Missing required flag: --reason` | Your org policy mandates a `--reason`, but you omitted it. | Always supply a justification: `--reason "Debugging issue"`                                                                       |

***

### 4. Subcommand & Provider Validation

| Symptom                                                                    | Cause                                                           | Resolution                                                                                                                              |
| -------------------------------------------------------------------------- | --------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| `Subcommand is required for aws. Run 'p0 request aws --help' for details.` | You specified `aws` but didn’t include `role`, `resource`, etc. | Add the correct subcommand. e.g.:`p0 request aws role MyReadOnlyRole --reason "Audit"` ([GitHub](https://github.com/p0-security/p0cli)) |

***

### 5. Pagination & Truncation Questions

| Symptom                                  | Cause                                                                                                                                 | Resolution                                                                                                                                             |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| “Showing the first N” though more exist  | The CLI fetches an extra page to detect truncation; your `--size` only controls how many are **displayed**, not how many are fetched. | Increase `--size` (e.g. `--size 200`), or use `--like <term>` to filter results and avoid truncation. ([GitHub](https://github.com/p0-security/p0cli)) |
| isTruncated=true with no `--like` filter | The backend is signaling more results exist, but you haven’t narrowed the query.                                                      | Add a search term after your subcommand, e.g.:`p0 ls aws resource logs --like auth`                                                                    |

***

### 6. Debugging Tips

<table><thead><tr><th>Task</th><th>Command / Action</th></tr></thead><tbody><tr><td><strong>Enable debug logs</strong></td><td><code>p0 request aws role MyRole --reason "test"</code></td></tr><tr><td><strong>Inspect local config</strong></td><td><code>cat ~/.p0/config.json</code>Verify fields like <code>appUrl</code>, <code>timeout</code>, proxy settings.</td></tr><tr><td><strong>Test API directly</strong></td><td><pre><code>curl -X POST https:///o//command/ \
-H "Authorization: Bearer $(p0 debug-token)" \
-d '{"argv":["request","aws","role","MyRole"],"scriptName":"p0"}'
</code></pre></td></tr><tr><td><strong>Validate Integration State</strong></td><td>Use the native CLI/console to confirm resource existence:<br><code>aws iam list-roles</code><br><code>gcloud iam roles list --project my-project</code></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.p0.dev/p0-cli/troubleshooting/p0-request.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
Task	Command / Action
Enable debug logs	`p0 request aws role MyRole --reason "test"`
Inspect local config	`cat ~/.p0/config.json`Verify fields like `appUrl`, `timeout`, proxy settings.
Test API directly	`curl -X POST https:///o//command/ \ -H "Authorization: Bearer $(p0 debug-token)" \ -d '{"argv":["request","aws","role","MyRole"],"scriptName":"p0"}'`
Validate Integration State	Use the native CLI/console to confirm resource existence: `aws iam list-roles` `gcloud iam roles list --project my-project`