I'd like to set a revision tag on the cloud run service revision created by applying my terraform plan.
I see nothing in the terraform cloud run service documentation that would allow me to set a revision tag. I tried the following, for the heck of it:
traffic {
percent = 100
tag = my-tag
}
which results in an Unsupported Argument Error.
I've explored the alternative strategy of using gcloud commands to add the tag after the revision is created; however, any commands which successfully tag the latest revision also remove tags from any prior revisions (I suppose because I'm updating the service wholesale, rather that modifying a particular revision).
I ran into a very similar issue. After hunting on the hashcorp github issues, I realized that the fix was just recently included, so you need to update your google provider.
Here a working configuration that has supported tag inside traffic module:
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 4.52.0"
}
}
required_version = ">= 1.1.9"
}
Related
I'm deploying Azure Postgres Flexible Server with Terraform as described in GitHub. The configuration works as expected, no issues there. The only divination from that GitHub template is that I want to configure pgBouncer for Postgres which is now supported natively. I don't see a way how I can create this configuration (i.e., enable this feature).
I've done some research and discovered the configuration feature is not quite available (at least according to the open ticket in GitHub here). At the same time, one of the published replies suggests using azurerm_postgresql_flexible_server_configuration and this resource type is available in Terraform indeed. However, Microsoft documentation states that to enable and configure pgBouncer I need to introduce 7 parameters. I thought that to make the code tidier, I can use a list and foreach loop, like this:
locals {
pg_config = {
"pgbouncer.default_pool_size" : "50",
"pgBouncer.max_client_conn" : "5000",
"pgBouncer.pool_mode" : "TRANSACTION"
etc...
}
}
resource "azurerm_postgresql_flexible_server_configuration" "postgres_fs_config" {
for_each = local.pg_config
name = each.key
value = each.value
server_id = azurerm_postgresql_flexible_server.postgres-fs.id
}
Is this the best way to configure Postgres (without involving CDK)? Did I miss something?
Ok, I verified this approach and it works like a charm. Will stick to it for now.
I have the exact same problem as here Terraform tries to load old defunct provider and the solution posted there does not work for me.
Problem is that i define in the terraform config:
required_providers {
postgresql = {
source = "cyrilgdn/postgresql"
version = ">=1.13.0"
}
}
But the terraform init process always tries to download hashicorp/postgresql and can not find it in the end.
My current terraform version is:
Terraform v1.0.6 on windows_amd64
I did try a lot and played around with the resource parameter "provider" to explicitly set the provider for all resources but even with that i did not find a way.
Can anybody help here again or post me a working example for this provider?
I got the solution! The problem what i had was my folder structure. I had a specific folder structure like:
environments like dev/int/prod and i had a config.tf in there with the required providers.
resources where i use the resources i want to add and what i missed there is the a copy of the config.tf file.
So this means i need a config.tf file in every subfolder which consists modules.
Description:
I am trying to use an Elasticsearch provider for Terraform. Since there is no official one from Elastic or from Hashicorp I am trying to use a community one "https://registry.terraform.io/providers/phillbaker/elasticsearch/latest".
Terraform version: Terraform v0.14.4
Code:
I tried to put everything in 1 .tf file. I also tried to create a separate module for the resources like Hashicorp recommends. Both methods generate the same error message.
terraform {
required_providers {
elk = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
}
}
provider "elk" {
url = "https://<my_elk_server>"
}
resource "elasticsearch_index" "index" {
name = var.elasticsearch_index_name
}
Problem:
terraform init isn't able to find the appropriate provider in the Terraform Registry for some reason.
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/elasticsearch...
- Finding phillbaker/elasticsearch versions matching "1.5.1"...
- Installing phillbaker/elasticsearch v1.5.1...
- Installed phillbaker/elasticsearch v1.5.1 (self-signed, key ID 02AD42CD82B6A957)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
Error: Failed to query available provider packages
https://www.terraform.io/docs/plugins/signing.html
Could not retrieve the list of available versions for provider
hashicorp/elasticsearch: provider registry registry.terraform.io does not have
a provider named registry.terraform.io/hashicorp/elasticsearch
If you have just upgraded directly from Terraform v0.12 to Terraform v0.14
then please upgrade to Terraform v0.13 first and follow the upgrade guide for
that release, which might help you address this problem.
No tfstate files are being generated.
How do I use third party providers from the Terraform Registry ?
In your required_providers block you've told Terraform that you intend to refer to this provider as "elk" within this module:
elk = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
Typically you'd set the local name of the provider to be the same as the "type" portion of the provider source address, like this:
elasticsearch = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
If you change the local name in this way then use references to elasticsearch elsewhere in the module should then refer to the community provider as you intended.
Note that means you'll also need to change the provider block so it has a matching local name:
provider "elasticsearch" {
url = "https://<my_elk_server>"
}
A different approach here would be to continue to use elk as the name and then change the rest of the configuration to properly refer to that non-default name. I don't recommend doing this, because typically I'd expect the local name to only mismatch the type in the unusual case where your module depends on two providers with the same type name, but I'm mentioning this in the hope that it helps to understand how the Terraform language infers provider dependencies when not given explicitly:
terraform {
required_providers {
elk = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
}
}
# "elk" here is matched with the local names in the
# required_providers block, so this will work.
provider "elk" {
url = "https://<my_elk_server>"
}
# This "elasticsearch_" prefix causes Terraform to look
# for a provider with the local name "elasticsearch"
# by default...
resource "elasticsearch_index" "index" {
# ...so if you've given the provider a different local
# name then you need to associate the resource with
# the provider configuration explicitly:
provider = elk
name = var.elasticsearch_index_name
}
I expect most Terraform users would find the above approach surprising, so in the interests of using familiar Terraform idiom I'd suggest instead following my first suggestion of renaming the local name to elasticsearch, which will then allow the automatic resource-to-provider association to work.
So, after testing it seems putting the whole code in the same .tf file does the job.
terraform {
required_providers {
elasticsearch = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
}
}
provider "elasticsearch" {
url = "http://127.0.0.1:9200"
}
resource "elasticsearch_index" "index" {
name = var.index_name
}
If you want to create a separate module for it you can just source it from another module:
module "elastic" {
index_name = var.index_name
source = "./modules/elastic"
}
Check Martin's answer for more information.
I'm trying to install a certificate into an Application Gateway.
Following the documentation I have used key_vault_secret_id in the ssl_certificate block.
Here is a simplified (all the code works its just this one block that has issues so this helps to highlight the problem) version of the code:
resource "azurerm_application_gateway" "npfs_application_gateway" {
name = local.appgateway_name
resource_group_name = data.azurerm_resource_group.rg_core.name
location = data.azurerm_resource_group.rg_core.location
### This is a standard V2
sku {
name = var.gw_sku["name"]
tier = var.gw_sku["tier"]
capacity = var.gw_sku["capacity"]
}
ssl_certificate {
name = var.pfx_certificate_name
key_vault_secret_id = "[REDACTED]"
password = data.azurerm_key_vault_secret.cert-password.value
}
}
}
When I run this as a terraform plan I get the following error:
The argument "data" is required, but no definition was found.
An argument named "key_vault_secret_id" is not expected here.
This is weird because the docs state that the data argument is optional if a key_vault_secret_id is set, but it doesn't recognise it.
I am using the following versions:
Terraform v0.12.26
provider.azuread v0.8.0
provider.azurerm v1.44.0
provider.null v2.1.2
provider.random v2.2.1
provider.template v2.1.2
Anybody come across this before? Is one of my versions wrong?
I was able to solve this problem by upgrading to the latest azurerm terraform provider, but that wasn't the only thing I needed to do. In addition do this:
Go to the Subscription you are working in, to the Resource providers.
See if you have a Provider "Microsoft.DataProtection" with Status "NotRegistered".
Register it.
Seems that the new terraform code is leveraging this additional provider within Azure.
I find when you get these types of issues, it's best to look in the source.
According to: https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/network/application_gateway_resource.go
You can only have 'key_vault_secret_id' inside a 'ssl_certificate' block, which is what you have. But note that is the latest version of the provider, on version 2. You are on 1.44.0, so we need to look at that source...
https://github.com/terraform-providers/terraform-provider-azurerm/blob/v1.44.0/azurerm/internal/services/network/resource_arm_application_gateway.go
And in this version the only mentions of 'key_vault_secret_id' are commented out.
I suggest you upgrade to the lastest version of the provider.
When I try with zone, I get "Zone deprecated, use location instead", but, location is not recognized.
Is there any workaround?
provider "google" {
credentials = file("gcp-terra-flask-CREDENTIALS_FILE.json")
project = "gcp-terra-flask"
region = "us-west1"
zone = "us-west1-a"
version = "~> 2.17.0"
}
provider "google" {
credentials = file("gcp-terra-flask-CREDENTIALS_FILE.json")
project = "gcp-terra-flask"
region = "us-west1"
location = "us-west1-a"
version = "~> 2.17.0"
}
I tried the below example. Used brew "upgrade terraform". I need to figure out what changes I need to make so this one runs without any Warning, without any errors (assuming all gce permissions are in line).
https://cloud.google.com/community/tutorials/getting-started-on-gcp-with-terraform
Hi your problem is with the version 3..
See https://www.terraform.io/docs/providers/google/guides/version_3_upgrade.html
That is in beta and all of us that only set a minimal version are caching the beta version for this provider.
For bigquery I need to set the provider for the last 2.. Version :(
See as example:
https://github.com/forseti-security/terraform-google-forseti/issues/303