Objective: Trying to import module.resource which is already created azure resource via terraform into my statefile
What I tried:
terraform -chdir=Terraform import synapse_workspace_pe.azurerm_private_endpoint.syn_ws_pe_dev "/subscriptions/xxxx-xxxx-xxx--xx/resourceGroups/hub/providers/Microsoft.Network/privateEndpoints/pe-cb-ab-dev-we-dev"
Error that I get:
error: Invalid address
│
│ on <import-address> line 1:
│ 1: synapse_workspace_pe.azurerm_private_endpoint.syn_ws_pe_dev
│
│ Resource instance key must be given in square brackets
I referred to some stackoverflow posts, syntax is same. can some one tell me how to fix this ?
When importing resources from a declared module, then the namespace must be prefixed with the string literal module:
terraform -chdir=Terraform import module.synapse_workspace_pe.azurerm_private_endpoint.syn_ws_pe_dev "/subscriptions/xxxx-xxxx-xxx--xx/resourceGroups/hub/providers/Microsoft.Network/privateEndpoints/pe-cb-ab-dev-we-dev"
Related
I followed Google's instructions to export my GCloud project in a terraform format. I tried using gcloud alpha and gcloud beta and the result is the same: It creates a resource named google_logging_log_sink, for which I can't find documentation in Terraform's Google Cloud Platform Provider.
The commands I executed are in the following order, with + to show the generated files and folders. They worked the same using gcloud alpha and gcloud beta, and I omit sensitive data:
$> gcloud alpha resource-config bulk-export --path=terraform-export --project=PROJECT_ID --resource-format=terraform
+ ./terraform-export/...
$> gcloud beta resource-config terraform generate-import terraform-export
+ ./gcloud-export-modules.tf
+ ./terraform_import_2022MMDD-HH-mm-ss.sh
$> terraform init
+ ./.terraform/…
+ ./terraform.lock.hcl
$> zsh ./terraform_import_2022MMDD-HH-mm-ss.sh # <- the errors are thrown here
+ ./.terraform.tfstate.lock.info
+ ./.terraform.tfstate.backup
There are specifically two errors in that script, their commands and messages are the following.
unknown resource type: google_logging_log_sink:
$> terraform import module.terraform-export-PROJECTNUMBER-PROJECTNUMBER-Project-LoggingLogSink.google_logging_log_sink.a_required PROJECTNUMBER###_Required
module.terraform-export-PROJECTNUMBER-PROJECTNUMBER-Project-LoggingLogSink.google_logging_log_sink.a_required: Importing from ID "PROJECTNUMBER###_Required"...
╷
│ Error: unknown resource type: google_logging_log_sink
│
│
╵
(I also tried adding a space in PROJECTNUMBER###_Required -> PROJECT_NUMBER ###_Required and it fails with the same message.)
Cannot import non-existent remote object:
$> terraform import module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID projects/PROJECTID/serviceAccounts/some_service_account#PROJECTID.iam.gserviceaccount.com
module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID: Importing from ID "projects/PROJECTID/serviceAccounts/some_service_account#PROJECTID.iam.gserviceaccount.com"...
module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID: Import prepared!
Prepared google_service_account for import
module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID: Refreshing state... [id=projects/PROJECTID/serviceAccounts/some_service_account#PROJECTID.iam.gserviceaccount.com]
╷
│ Error: Cannot import non-existent remote object
│
│ While attempting to import an existing object to "module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID", the provider detected that no object exists with the given id. Only
│ pre-existing objects can be imported; check that the id is correct and that it is associated with the provider's configured region or endpoint, or use "terraform apply" to create a new remote object for this resource.
╵
Calling terraform -v shows the following versions:
Terraform v1.2.1
on darwin_amd64
+ provider registry.terraform.io/hashicorp/google_v4.22.0
How do I solve these errors?
Would fixing the
google_logging_log_sink error also allow the second failing
command to succeed?
I have looked for some documentation of the google_logging_log_sink resource but have found none, so don't know if I need to change it for some other resource name. I also think my terraform CLI and the google provider versions should be working. I couldn't find the version of the format in which gcloud is exporting the project.
As of Jun 2022, there is no fix! The config connector that lets you use Google Cloud's Terraform bulk-export tool needs this fix. In future versions, you can expect this to be fixed.
The simple workaround for now, is to ignore the Terraform Export only for google_logging_log_sink resource and remove it.
I am trying to install the following provider https://github.com/marqeta/terraform-provider-dfd
Followed the installation steps . Attached the folder structure.
But getting error when trying to run terraform initFolder Structure
-> dfd-demo
-main.tf
-terraform-provider-dfd_v0.0.2
dfd-demo % terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/dfd...
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/dfd: provider registry registry.terraform.io does not have a provider named
│ registry.terraform.io/hashicorp/dfd
│
│ All modules should specify their required_providers so that external consumers will get the correct providers when using a module. To see which modules
│ are currently depending on hashicorp/dfd, run the following command:
│ terraform providers
╵
dfd-demo %
I am trying to add the attribute "response_headers_policy" to the aws_cloudfront_distribution module. I have 3 environments: prod, stage, demo. Prod was the first created, followed by stage and demo a few months later. When adding that attribute to the staging and demo environments, there are no issues. However the plan fails with the following error when running for the prod environment:
Error: Unsupported argument
│
│ on ../../modules/<module>/cloudfront.tf line 47, in resource "aws_cloudfront_distribution" "this":
│ 47: response_headers_policy_id = "67f7725c-6f97-4210-82d7-5512b31e9d03" // SecurityHeadersPolicy ID
│
│ An argument named "response_headers_policy_id" is not expected here.
My assumption is that the state file expects an older version of the module for the production environment, but I am unsure how to resolve that issue. Especially in terraform cloud.
My first thought is that there is a mismatch in what version of the AWS provider you're using for your different environments. That argument was only added to the AWS provider in v3.64.0, in #21620.
I configure my terraform using a GCS backend, with a workspace. My CI environment exactly has access to the state file it requires for the workspace.
terraform {
required_version = ">= 0.14"
backend "gcs" {
prefix = "<my prefix>"
bucket = "<my bucket>"
credentials = "credentials.json"
}
}
I define the output of my terraform module inside output.tf:
output "base_api_url" {
description = "Base url for the deployed cloud run service"
value = google_cloud_run_service.api.status[0].url
}
My CI Server runs terraform apply -auto-approve -lock-timeout 15m. It succeeds and it shows me the output in the console logs:
Outputs:
base_api_url = "https://<my project url>.run.app"
When I call terraform output base_api_url and it gives me the following error:
│ Warning: No outputs found
│
│ The state file either has no outputs defined, or all the defined outputs
│ are empty. Please define an output in your configuration with the `output`
│ keyword and run `terraform refresh` for it to become available. If you are
│ using interpolation, please verify the interpolated value is not empty. You
│ can use the `terraform console` command to assist.
I try calling terraform refresh like it mentions in the warning and it tells me:
╷
│ Warning: Empty or non-existent state
│
│ There are currently no remote objects tracked in the state, so there is
│ nothing to refresh.
╵
I'm not sure what to do. I'm calling terraform output RIGHT after I call apply, but it's still giving me no outputs. What am I doing wrong?
I had the exact same issue, and this was happening because I was running terraform commands from a different path than the one I was at.
terraform -chdir="another/path" apply
And then running the output command would fail with that error. Unless you cd to that path before running the output command.
cd "another/path"
terraform output
I have written below backend configuration in terraform:
terraform {
backend "s3" {
bucket = "${var.application_name}"
region = "${var.AWS_REGION}"
key = "tf-scripts/${var.application_name}-tfstate"
}
}
while running terraform init, I am getting below error message:
terraform init
Initializing the backend...
╷
│ Error: Variables not allowed
│
│ on backend.tf line 4, in terraform:
│ 4: bucket = "${var.application_name}"
│
│ Variables may not be used here.
╵
╷
│ Error: Variables not allowed
│
│ on backend.tf line 5, in terraform:
│ 5: region = "${var.AWS_REGION}"
│
│ Variables may not be used here.
╵
╷
│ Error: Variables not allowed
│
│ on backend.tf line 6, in terraform:
│ 6: key = "tf-scripts/${var.application_name}-tfstate"
│
│ Variables may not be used here.
Can anyone assist me on achieving the same?
If you want to pass variables you could do something like this:
echo "yes" | terraform init -backend-config="${backend_env}" -backend-config="key=global/state/${backend_config}/terraform.tfstate" -backend-config="region=us-east-1" -backend-config="encrypt=true" -backend-config="kms_key_id=${kmykeyid}" -backend-config="dynamodb_table=iha-test-platform-db-${backend_config}"
Now the trick here is that when you initialize it has to be done at the command line level. Terraform can not do this as mentioned already by other community members, it's just the way it is. that said you can modify the commands for initializing and pass it through as environment variables on your host or pull in variables from another source.
in this example, I declared the variables using a container through AWS Codebuild but you can use any method as long as the variable is defined prior to initialization. Let me know if you need help with this, the documentation isn't very clear and the folks on StackOverflow have been amazing at addressing this but for beginners, it's been hard to understand how this all comes together.