Im trying to update terraform version from 0.12 to 0.13. While updating the terraform I came across on an issue during plan
Error: Provider configuration not present
To work with
aws_sns_topic_subscription.sns_s3_raw_parquet_sqs_user_cleansing_monet_service_subscription
its original provider configuration at provider["registry.terraform.io/-/aws"]
is required, but it has been removed. This occurs when a provider
configuration is removed while objects created by that provider still exist in
the state. Re-add the provider configuration to destroy
aws_sns_topic_subscription.sns_s3_raw_parquet_sqs_user_cleansing_monet_service_subscription,
after which you can remove the provider configuration again.
Could someone please help?
Most likely you have not proceeded with the migration to Terraform v.013 fully.
Make a backup of your current state with terraform state pull then try to execute the following:
terraform state replace-provider 'registry.terraform.io/-/aws' 'registry.terraform.io/hashicorp/aws'
This should amend your state to the newer Terraform version.
Most of the time you'll have a global.tf file in your directory that lists some things that might not actually be resources. This is where you'd normally have a block like this:
provider "aws" {
region = "REGION"
access_key = "my-access-key"
secret_key = "my-secret-key"
}
Looks like that block, whatever file it was in, got deleted. Add it back and then try again. Note you'll need to change REGION to whatever region you put your resources in. In lieu of access_key and secret_key, some people use a profile and put it in ~/.aws/credentials.
Related
Context: I'm working on a new TF Provider using SDKv2.
I'm adding a new data plane resource which has a very weird API. Namely, there're some sensitive attributes (that are specific to this resource so they can't be set under provider block -- think about DataDog / Slack API secrets that this resource needs to interact with under the hood) I need to pass on creation that are not necessary later on (for example, even for update operation). My minimal code sample:
resource "foo" "bar" {
name = "abc"
sensitive_creds = {
"datadog_api_secret" = "abc..."
// might pass "slack_api_secret" instead
}
...
}
How can I implement it in Terraform to avoid state drifts etc?
So far I can see 3 options:
Make a user pass it first, don't save "sensitive_creds" to TF state. Make a user set it to sensitive_creds = {} to avoid a state drift for the next terraform plan run.
Make a user pass it first, don't save "sensitive_creds" to TF state. Make a user add ignore_changes = [sensitive_creds] } to their Terraform configuration.
Save "sensitive_creds" to TF state and live with it since users are likely to encrypt TF state anyways.
The most typical compromise is for the provider to still save the user's specified value to the state during create and then to leave it unchanged in the "read" operation that would normally update the state to match the remote system.
The result of this compromise is that Terraform can still detect when the user has intentionally changed the secret value in the configuration, but Terraform will not be able to detect changes made to the value outside of Terraform.
This is essentially your option 3. The Terraform provider protocol requires that the values saved to the state after create exactly match anything the user has specified in the configuration, so your first two options would violate the expected protocol and thus be declared invalid by Terraform Core.
Since you are using SDKv2, you can potentially "get away with it" because Terraform Core permits that older SDK to violate some of the rules as a pragmatic way to deal with the fact that SDKv2 was designed for older versions of Terraform and therefore doesn't implement the type system correctly, but Terraform Core will still emit warnings into its own logs noting that your provider produced an invalid result, and there may be error messages raised against downstream resources if they have configuration derived from the value of your sensitive_creds argument.
I have the exact same problem as here Terraform tries to load old defunct provider and the solution posted there does not work for me.
Problem is that i define in the terraform config:
required_providers {
postgresql = {
source = "cyrilgdn/postgresql"
version = ">=1.13.0"
}
}
But the terraform init process always tries to download hashicorp/postgresql and can not find it in the end.
My current terraform version is:
Terraform v1.0.6 on windows_amd64
I did try a lot and played around with the resource parameter "provider" to explicitly set the provider for all resources but even with that i did not find a way.
Can anybody help here again or post me a working example for this provider?
I got the solution! The problem what i had was my folder structure. I had a specific folder structure like:
environments like dev/int/prod and i had a config.tf in there with the required providers.
resources where i use the resources i want to add and what i missed there is the a copy of the config.tf file.
So this means i need a config.tf file in every subfolder which consists modules.
I'm trying to install a certificate into an Application Gateway.
Following the documentation I have used key_vault_secret_id in the ssl_certificate block.
Here is a simplified (all the code works its just this one block that has issues so this helps to highlight the problem) version of the code:
resource "azurerm_application_gateway" "npfs_application_gateway" {
name = local.appgateway_name
resource_group_name = data.azurerm_resource_group.rg_core.name
location = data.azurerm_resource_group.rg_core.location
### This is a standard V2
sku {
name = var.gw_sku["name"]
tier = var.gw_sku["tier"]
capacity = var.gw_sku["capacity"]
}
ssl_certificate {
name = var.pfx_certificate_name
key_vault_secret_id = "[REDACTED]"
password = data.azurerm_key_vault_secret.cert-password.value
}
}
}
When I run this as a terraform plan I get the following error:
The argument "data" is required, but no definition was found.
An argument named "key_vault_secret_id" is not expected here.
This is weird because the docs state that the data argument is optional if a key_vault_secret_id is set, but it doesn't recognise it.
I am using the following versions:
Terraform v0.12.26
provider.azuread v0.8.0
provider.azurerm v1.44.0
provider.null v2.1.2
provider.random v2.2.1
provider.template v2.1.2
Anybody come across this before? Is one of my versions wrong?
I was able to solve this problem by upgrading to the latest azurerm terraform provider, but that wasn't the only thing I needed to do. In addition do this:
Go to the Subscription you are working in, to the Resource providers.
See if you have a Provider "Microsoft.DataProtection" with Status "NotRegistered".
Register it.
Seems that the new terraform code is leveraging this additional provider within Azure.
I find when you get these types of issues, it's best to look in the source.
According to: https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/network/application_gateway_resource.go
You can only have 'key_vault_secret_id' inside a 'ssl_certificate' block, which is what you have. But note that is the latest version of the provider, on version 2. You are on 1.44.0, so we need to look at that source...
https://github.com/terraform-providers/terraform-provider-azurerm/blob/v1.44.0/azurerm/internal/services/network/resource_arm_application_gateway.go
And in this version the only mentions of 'key_vault_secret_id' are commented out.
I suggest you upgrade to the lastest version of the provider.
I see a file like this in my Terraform code:
terraform {
required_version = ">= 0.12"
}
but I'm not clear what the outer terraform {..} block is for and can't find any documentation.
I've seen output, resource, data, etc but not terraform. Any suggestions (or documentation)?
It is basically for the top level configuration of your terraform environment. For example, the version lock you are using. And you can set the your "backend"/source of tfstate file and more.
With my experience, you would need this require_version and backend specified to guarantee your environment is clean and consistent.
Here is the doc for terraoform block: https://www.terraform.io/docs/configuration/terraform.html
I have 3 questions here:
I have created terraform form scripts in Oracle Cloud Infrastructure to build the instance and other resources. But I am not able to get any script for route table configuration and service in network script. So i have made them manual. my current table has only the resource name, rest all configuration is blank. So i need help in getting a properly supported script for OCI to create route table with configuration.
As i did such things manually, i am not able to give terraform apply after doing some changes in the script, as terraform apply will delete all the rules which i created manually. So is it mandatory to give terraform apply every time when i change the script? or can i enter the config manually and simultaneously match that in the terraform script so that everything is intact?
After every terraform changes i could see 2 files is getting enlarge (terraform.tfstate, terraform.tfstate.backup) what are these two files? if that is a backup file, then how will it help me to restore if i mess up in my configuration?
In Terraform, the configuration script is always the source of truth. When you apply a configuration; Terraform will favor the settings of that configuration and override any changes that were manually done outside of Terraform.
To make sure your manual changes are not overwritten, you should make sure the configuration always matches the manual changes. One way to import manual resources into your configuration is using "terraform import" (see https://www.terraform.io/docs/import/index.html).
The terraform.tfstate and terraform.tfstate.backup files are used by Terraform to keep track of the latest state of the resources that Terraform has created. These files are used to help Terraform determine whether you configuration script has drifted from the state; so it knows how to apply your configuration script. To my knowledge, these state files are not intended to be backup files if you mess up your configuration. (see https://www.terraform.io/docs/state/index.html)
Hope this helps.
Here is an example for a route table resource in Terraform config file:
resource "oci_core_route_table" "webserver-rt" {
compartment_id = "${var.compartment_ocid}"
vcn_id = "${oci_core_virtual_network.oci-vcn.id}"
display_name = "webserver-rt"
route_rules = [{
destination = "0.0.0.0/0"
network_entity_id = "${oci_core_internet_gateway.internet-gateway.id}"
}]
}
You may find more details here: https://github.com/terraform-providers/terraform-provider-oci/blob/master/docs/examples/networking/route_table/route_table.tf