Conflicting provider version contraints in Terraform tutorial - terraform

I’m following the Target Resources tutorial and I get the following failure when I run the terraform init setup step:
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/aws: locked provider registry.terraform.io/hashicorp/aws 3.39.0 does not match configured version
│ constraint ~> 3.39.0, >= 3.50.0; must use terraform init -upgrade to allow selection of new versions
Running terraform init -upgrade results in this similar error message:
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/aws: no available releases match the given constraints ~> 3.39.0, >= 3.50.0
It looks like the ~>3.39.0 version specified in ./main.tf conflicts with the >=3.5.0 contraint from the s3_bucket module (.terraform/modules/s3_bucket/versions.tf).
I’ve tried cloning a clean version of the tutorial repository and keep running into this error. Is this a problem with my local configuration or with the tutorial code? If the latter, what’s the best way to move past this? Should I adjust one of the constraints manually to resolve the conflict?
I am using a much newer version of the Terraform CLI (v1.0.7) where the tutorial text requires v0.14 and up. I haven't gotten a chance to downgrade and test again, but that would be interesting to see.
thanks!

There is a bug in the main.tf located in the root module config in the repository for that tutorial. The bug is located here. The line should be modified and the resulting argument object appear like:
aws = {
source = "hashicorp/aws"
version = "~> 3.39"
}
That will lock the version to the range >= 3.39.0 < 4.0.0, which is almost certainly the config's original intent. You can read more about the syntax behind the provider version specifications in the documentation.

Related

Terraform: does ".terraform.lock.hcl" lock the version of each terraform module?

I use terraform to provision a web application project, which includes RDS, Memcached, Redis, EC2, Load balancer and S3 bucket. To simplify the code, I have imported several handy terraform modules, for example:
security group module
RDS module
After run terraform init, terraform has generated a file .terraform.lock.hcl. But this file only contains a few content. I don't believe it contains all versions of imported modules.
Here is the content.
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "3.63.0"
constraints = ">= 2.7.0, >= 2.42.0, >= 2.49.0, >= 3.4.0, >= 3.40.0"
hashes = [
"h1:lf8Qex8bhCmh8TUEAU6H4brzjy3+d4BXB6gcOYnNtNY=",
"zh:42c6c98b294953a4e1434a331251e539f5372bf6779bd61ab5df84cac0545287",
"zh:5493773762a470889c9a23db97582d3a82035847c8d3bd13323b4c3012abf325",
"zh:550d22ff9fed4d817a922e7b84bd9d1f2ef8d3afa00832cf66b8cd5f0e6dc748",
"zh:632cb5e2d9d5041875f57174236eafe5b05dbf26750c1041ab57eb08c5369fe2",
"zh:7cfeaf5bde1b28bd010415af1f3dc494680a8374f1a26ec19db494d99938cc4e",
"zh:99d871606b67c8aefce49007315de15736b949c09a9f8f29ad8af1e9ce383ed3",
"zh:c4fc8539ffe90df5c7ae587fde495fac6bc0186fec2f2713a8988a619cef265f",
"zh:d0a26493206575c99ca221d78fe64f96a8fbcebe933af92eea6b39168c1f1c1d",
"zh:e156fdc964fdd4a7586ec15629e20d2b06295b46b4962428006e088145db07d6",
"zh:eb04fc80f652b5c92f76822f0fec1697581543806244068506aed69e1bb9b2af",
"zh:f5638a533cf9444f7d02b5527446cdbc3b2eab8bcc4ec4b0ca32035fe6f479d3",
]
}
provider "registry.terraform.io/hashicorp/random" {
version = "3.1.0"
constraints = ">= 2.2.0, >= 3.1.0"
hashes = [
"h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=",
"zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
"zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
"zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
"zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
"zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
"zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
"zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
"zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
"zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
"zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
"zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
]
}
When starting a Ruby on Rails project, bundler uses Gemfile.lock to lock the version of ruby gems. When staring a frontend project, npm uses package-lock.json to lock the version of imported libraries.
Is .terraform.lock.hcl used for locking the version of each terraform module?
It reads in terraform documentation about the lock file:
At present, the dependency lock file tracks only provider dependencies. Terraform does not remember version selections for remote modules, and so Terraform will always select the newest available module version that meets the specified version constraints. You can use an exact version constraint to ensure that Terraform will always select the same module version.
So the answer to your question will be: No. For now, it does not "lock" the version of your modules.
https://www.terraform.io/language/files/dependency-lock
No, the .terraform.lock.hcl file does NOT contain module versions. You can however make sure that the module is used in correct version by utilizing Version Constraints for the module. The example code depends on module source and can look like this:
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 18.30.0"
# [...]
In the code above, the module is sourced from Terraform Registry and at least 18.30.0 is used, however the latest 18.30.x will be used (because of ~> constraint type) whenever you run terraform get -update.
If you are using module from git repo, however, you cannot use version argument, instead you need to code the tag or branch name using ref:
module "vpc" {
source = "git::https://example.com/vpc.git?ref=v1.2.0"
}

Terraform: Failed to query available Provider package on M1 Pro

I am using the new apple M1 pro and when I run terraform init I am getting failed to query available Provider package error
The error
Reusing previous version of newrelic/newrelic from the dependency lock file
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/aws: locked provider registry.terraform.io/hashicorp/aws 2.70.0 does not match configured version constraint ~>
│ 3.53.0; must use terraform init -upgrade to allow selection of new versions
╵
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider ns1-terraform/ns1: could not connect to registry.terraform.io: Failed to request discovery document: Get
│ "https://registry.terraform.io/.well-known/terraform.json": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
╵
╷
│ Error: Incompatible provider version
│
│ Provider registry.terraform.io/hashicorp/template v2.2.0 does not have a package available for your current platform, darwin_arm64.
│
│ Provider releases are separate from Terraform CLI releases, so not all providers are available for all platforms. Other versions of this provider may have different platforms supported.
╵
╷
│ Error: Failed to install provider
│
│ Error while installing newrelic/newrelic v2.25.0: could not query provider registry for registry.terraform.io/newrelic/newrelic: failed to retrieve authentication checksums for provider: the
│ request failed after 2 attempts, please try again later: Get
│ "https://objects.githubusercontent.com/github-production-release-asset-2e65be/93446098/7aca5d90-9fc0-43cd-946b-46f556c2bbfa?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20211215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211215T180026Z&X-Amz-Expires=300&X-Amz-Signature=01f9b195e6e9355253a588d09c73a78f499e6d1b1f2014f921e749b0da9c4c4e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=93446098&response-content-disposition=attachment%3B%20filename%3Dterraform-provider-newrelic_2.25.0_SHA256SUMS&response-content-type=application%2Foctet-stream":
│ net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
This set of errors seems to be describing three separate problems at once:
Your Terraform configuration declares that it needs a version of the hashicorp/aws provider which matches the version constraint ~> 3.53.0, which is the same as >= 3.53.0, < 3.34.0, that doesn't match the version 2.70.0 that was selected on a previous Terraform run.
If you have intentionally changed the version constraint in order to upgrade the provider, you can follow the advice in that particular error and run terraform init -upgrade to select the newest version of each provider which matches the version constraints. Alternatively, you can revert the change to the version constraints so that the configuration will accept 2.70.0 as a suitable version and then keep using that version.
Your configuration depends on the legacy provider hashicorp/template, which unfortunately reached end-of-life before Apple introduced Apple Silicon-based products, and so that particular provider does not have any packages available which can run on your M1 Mac.
You may be able to work around this by running the darwin_amd64 build of Terraform CLI under Rosetta 2 emulation, which will then in turn cause Terraform to install and run the darwin_amd64 versions of the providers also in Rosetta 2 emulation.
For modern Terraform you should typically use the templatefile function instead of the deprecated template_file data source, as recommended in the documentation, but I would suggest making sure that you're able to work with your current configuration using Rosetta 2 emulation first, before modifying it to remove the deprecated provider, because that will allow you to compare the behavior before and after the change and thus make sure you've not inadvertently changed configuration behavior.
However, once you've moved away from using the deprecated provider, you should be able to use the native Apple Silicon build of Terraform (the darwin_arm64 version you are already using) for future work on this configuration, because this provider is the only one generating that particular error message here.
Finally, Terraform seems to have encountered some network connectivity problems when attempting automatic provider installation. It seems that this isn't a total failure to reach the Terraform Registry and the provider packages hosted on GitHub, because Terraform was clearly able to query registry.terraform.io in order to learn what versions of hashicorp/template are available, but some requests are not succeeding and so perhaps you are accessing the internet through a corporate firewall or similar filtering which is making a subset of the requests fail, for some reason.
Since this has ended up being at least three questions at once, if you have any further questions about any one of these answers then I'd suggest starting a new Stack Overflow question about it, including any additoinal context as necessary, because that will hopefully then allow folks who want to answer to have more context and thus give you a more actionable solution.
I am using a Macbook with an M1 chip as well I kept facing the same error. To fix, I had to uninstall terraform "brew uninstall terraform", follow these instructions https://benobi.one/posts/running_brew_on_m1_for_x86/, run "ibrew install hashicorp/tap/terraform".
Although "terraform version" will provide the same output as before, it now works. For me at least. Hope this helps someone!

Terraform plan leads to: '"archive": openpgp: signature made by unknown entity' error

It was working before, but today I have:
Error installing provider "archive": openpgp: signature made by unknown entity.
I tried to install this plugin plugin manually, but having the same problem
This can happen on Terraform v0.11. To fix, specify a version:
provider "archive" {
version = "1.0.0"
}
We had this issue on Terraform version 0.11.4.
Bumping to 0.11.5 and specifying archive provider version 1.3.0 fixed the issue.
Version 11.4 specifies the following was added, which might have fixed the issue:
cli: Update the HashiCorp Public Key (#28498)
https://github.com/hashicorp/terraform/releases/tag/v0.11.15

terraform init step with "no available releases match the given constraints ~> 2.1.28"

Actually - received the replaced apple mac laptop (the original one crashed due to bad storage) and i am re-setting up everything with configure, i am stuck and blocked with this "terraform init" step,
Installed terraform version is 0.13.6
Installed AWS CLI is 2.1.32
When "terraform init" is triggered i am getting this below error, any help is appreciated so that i can unblock my work.
Initializing modules...
Initializing the backend...
Initializing provider plugins...
- Using previously-installed hashicorp/kubernetes v1.13.3
- Using previously-installed hashicorp/external v1.1.2
- Finding hashicorp/aws versions matching "~> 2.1.28"...
Error: Failed to query available provider packages
Could not retrieve the list of available versions for provider hashicorp/aws: no available releases match the given constraints ~>
2.1.28
By using ~> 2.1.28, you're saying that you will use any 2.1.x version, as long as the bugfix version is higher than 28. The highest 2.1 version is 2.1.0.
Are you sure you don't mean ~> 2.28.1?
create a config.tf file and add this line
required_providers {
aws = {
source = "registry.terraform.io/hashicorp/aws"
version = "=2.28.0" ## or whatever version you need
}
}

No available provider "azure" plugins are compatible with this Terraform version. Azurerm -1.28 Terraform -

My environment looks like the following on OSX.
NJ033-10126375:old-example 10126375$ terraform version
Terraform v0.12.10
+ provider.azurerm v1.28.0
+ provider.random v2.2.1
edit: when i run terraform providers i get the following
.
├── provider.azure
├── provider.azurerm ~>1.35
└── provider.random
I get the following error in terraform.
No available provider "azure" plugins are compatible with this
Terraform version.
From time to time, new Terraform major releases can change the requirements for
plugins such that older plugins become incompatible.
Terraform checked all of the plugin versions matching the given constraint:
(any version)
Unfortunately, none of the suitable versions are compatible with this version
of Terraform. If you have recently upgraded Terraform, it may be necessary to
move to a newer major release of this provider. Alternatively, if you are
attempting to upgrade the provider to a new major version you may need to
also upgrade Terraform to support the new version.
Consult the documentation for this provider for more information on
compatibility between provider versions and Terraform versions.
Below is my vars.auto.tfvars (changing the version or omitting it doesn't help)
variable subscription_id {}
variable tenant_id {}
variable client_id {}
variable client_secret {}
provider "azurerm" {
subscription_id = "${var.subscription_id}"
tenant_id = "${var.tenant_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
version = "=1.28.0"
}
Here is what is even more interesting, this code was working a few days ago i try to run it again with no changes and its broken. I then use brew upgrade terraform and then other projects that were working no longer work.
Pretty much I cant get past a terraform init.
Issue solved it was due to a typo of using azure_public_ip instead of azurerm_public_ip.
I don't believe the AzureRM Terraform provider supports 0.12.x until 1.29. Change your provider version constraint to:
version = "~>1.35"
This will get you the latest version and it will also be able to go up from there. Here is the link to the AzureRM provider change log.
https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/CHANGELOG.md

Resources