Description:
I am trying to use an Elasticsearch provider for Terraform. Since there is no official one from Elastic or from Hashicorp I am trying to use a community one "https://registry.terraform.io/providers/phillbaker/elasticsearch/latest".
Terraform version: Terraform v0.14.4
Code:
I tried to put everything in 1 .tf file. I also tried to create a separate module for the resources like Hashicorp recommends. Both methods generate the same error message.
terraform {
required_providers {
elk = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
}
}
provider "elk" {
url = "https://<my_elk_server>"
}
resource "elasticsearch_index" "index" {
name = var.elasticsearch_index_name
}
Problem:
terraform init isn't able to find the appropriate provider in the Terraform Registry for some reason.
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/elasticsearch...
- Finding phillbaker/elasticsearch versions matching "1.5.1"...
- Installing phillbaker/elasticsearch v1.5.1...
- Installed phillbaker/elasticsearch v1.5.1 (self-signed, key ID 02AD42CD82B6A957)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
Error: Failed to query available provider packages
https://www.terraform.io/docs/plugins/signing.html
Could not retrieve the list of available versions for provider
hashicorp/elasticsearch: provider registry registry.terraform.io does not have
a provider named registry.terraform.io/hashicorp/elasticsearch
If you have just upgraded directly from Terraform v0.12 to Terraform v0.14
then please upgrade to Terraform v0.13 first and follow the upgrade guide for
that release, which might help you address this problem.
No tfstate files are being generated.
How do I use third party providers from the Terraform Registry ?
In your required_providers block you've told Terraform that you intend to refer to this provider as "elk" within this module:
elk = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
Typically you'd set the local name of the provider to be the same as the "type" portion of the provider source address, like this:
elasticsearch = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
If you change the local name in this way then use references to elasticsearch elsewhere in the module should then refer to the community provider as you intended.
Note that means you'll also need to change the provider block so it has a matching local name:
provider "elasticsearch" {
url = "https://<my_elk_server>"
}
A different approach here would be to continue to use elk as the name and then change the rest of the configuration to properly refer to that non-default name. I don't recommend doing this, because typically I'd expect the local name to only mismatch the type in the unusual case where your module depends on two providers with the same type name, but I'm mentioning this in the hope that it helps to understand how the Terraform language infers provider dependencies when not given explicitly:
terraform {
required_providers {
elk = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
}
}
# "elk" here is matched with the local names in the
# required_providers block, so this will work.
provider "elk" {
url = "https://<my_elk_server>"
}
# This "elasticsearch_" prefix causes Terraform to look
# for a provider with the local name "elasticsearch"
# by default...
resource "elasticsearch_index" "index" {
# ...so if you've given the provider a different local
# name then you need to associate the resource with
# the provider configuration explicitly:
provider = elk
name = var.elasticsearch_index_name
}
I expect most Terraform users would find the above approach surprising, so in the interests of using familiar Terraform idiom I'd suggest instead following my first suggestion of renaming the local name to elasticsearch, which will then allow the automatic resource-to-provider association to work.
So, after testing it seems putting the whole code in the same .tf file does the job.
terraform {
required_providers {
elasticsearch = {
source = "phillbaker/elasticsearch"
version = "1.5.1"
}
}
}
provider "elasticsearch" {
url = "http://127.0.0.1:9200"
}
resource "elasticsearch_index" "index" {
name = var.index_name
}
If you want to create a separate module for it you can just source it from another module:
module "elastic" {
index_name = var.index_name
source = "./modules/elastic"
}
Check Martin's answer for more information.
Related
We are using hashicorp/google provider #3.90.0 version but for one specific resource we want to use hashicorp/google provider #4.31.0 and continue using #3.90.0 everywhere else. Is there a way to use different provider version for just one block:
as of now provider.tf:
terraform {
required_version = ">= 0.13.0"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 3.45, <= 3.90.0"
}
}
}
main.tf here in this block we want to use version 4.31.0 for google provider:
resource "google_storage_bucket" "cdn-bucket" {
project = var.project_id
name = "cdn-${var.project_id}"
location = "US"
storage_class = "MULTI_REGIONAL"
There is no way to use multiple versions of the same provider in the same configuration. You will need to either make all of your modules have some provider version they are all mutually compatible with, or to split your configuration into multiple parts so that each part can depend on a different version of the provider and be applied separately.
I am looking to pass in the provider_version into terragrunt.hcl as a variable to make upgrading / setting the version easier. However this is my current code:
terraform {
backend "s3" {}
required_version = "~> 0.12"
required_providers {
aws = {
source = "hashicorp/aws"
version = "${var.aws_provider_version}"
}
}
}
I am getting an error
61: version = "${var.aws_provider_version}" Variables may not be used here.
Is there a known workaround or is this not possible?
Terraform doesn't support variables in blocks that are inputs to terraform itself, like provider blocks or lifecycle attributes.
You may be able to use code generation to set up a small providers.tf file before running terraform if you need to update your provider version at build time.
I'm currently trying to set up an Azure Function app using Terraform.
Using the documentation from Hasihcorp found here.
However when running a terraform plan I'm getting the following error: The argument "storage_connection_string" is required, but no definition was found.
According to the documentation there is no such valid parameter and as such I've not included it. I've only found one entry on this while looking about and it was only a question, with no response. I'm not well versed in Azure so don't know if I need the storage_connection_string or if it's the API that is messing with me.
The resource snippet:
resource "azurerm_function_app" "this" {
name = "function-name"
resource_group_name = "resource-group"
location = "location"
app_service_plan_id = "id"
storage_account_name = "name"
storage_account_access_key = "key"
Formatting and referencing of values are set up but I don't have the code on this computer so made more sense to just post it like this.
This most likely arises from using an outdated version of the azure provider. E.g. version 2.0.0 has a required storage_connection_string. That got removed in some version.
Solution: upgrade your used provider version. Somewhere you should have declared that you want to use the azure provider. At that place you should specify a version constraint as well, e.g.:
terraform {
required_providers {
azure = {
version = "~> 2.40.0"
}
}
}
Or alternatively you should only look at the documentation matching your current provider + terraform version.
In a CI/CD context, I would like to define provider versions outside my terraform configuration using TF_VAR_ environment variables.
I'm trying to use input variable to set the version of helm provider in versions.tf (terraform 0.12) but it seems not allowed :
Error: Invalid provider_requirements syntax
on versions.tf line 3, in terraform:
3: helm = "${var.helm_version}"
provider_requirements entries must be strings or objects.
Error: Variables not allowed
on versions.tf line 3, in terraform:
3: helm = "${var.helm_version}"
Variables may not be used here.
How can I configure this ?
If it's not possible, how I can manage the terraform provider version outside my configuration ?
Cannot be done. I wish it could be done. terraform init resolves and downloads the providers, you won't have access to variables at that point.
Each terraform block can contain a number of settings related to
Terraform's behavior. Within a terraform block, only constant values
can be used; arguments may not refer to named objects such as
resources, input variables, etc, and may not use any of the Terraform
language built-in functions.
https://www.terraform.io/docs/configuration/terraform.html
As #thekbb says, it's not possible to get access to version variable during terraform init at least in 0.12.20. However, I've below workaround to manage providers outside your configuration.
You could use alias with provider configuration to achieve this. Let's assume you want 1.3.0 version of helm. Rather than passing it as a var, you could define it statically with an alias like below.
provider "helm" {
alias = "helm-stable"
version = "1.3.0" (the version you pass via TF_VAR_helm_version)
kubernetes {
host = "https://104.196.242.174"
username = "ClusterMaster"
password = "MindTheGap"
client_certificate = file("~/.kube/client-cert.pem")
client_key = file("~/.kube/client-key.pem")
cluster_ca_certificate = file("~/.kube/cluster-ca-cert.pem")
}
}
Then, in your resource or data providers, you could point to a particular provider like below::
data "some_ds" "example" {
name = "dummy"
provider = helm.helm-stable
}
For more details, refer to the below links::
providers
allow variable in provider field
I'm trying to install a certificate into an Application Gateway.
Following the documentation I have used key_vault_secret_id in the ssl_certificate block.
Here is a simplified (all the code works its just this one block that has issues so this helps to highlight the problem) version of the code:
resource "azurerm_application_gateway" "npfs_application_gateway" {
name = local.appgateway_name
resource_group_name = data.azurerm_resource_group.rg_core.name
location = data.azurerm_resource_group.rg_core.location
### This is a standard V2
sku {
name = var.gw_sku["name"]
tier = var.gw_sku["tier"]
capacity = var.gw_sku["capacity"]
}
ssl_certificate {
name = var.pfx_certificate_name
key_vault_secret_id = "[REDACTED]"
password = data.azurerm_key_vault_secret.cert-password.value
}
}
}
When I run this as a terraform plan I get the following error:
The argument "data" is required, but no definition was found.
An argument named "key_vault_secret_id" is not expected here.
This is weird because the docs state that the data argument is optional if a key_vault_secret_id is set, but it doesn't recognise it.
I am using the following versions:
Terraform v0.12.26
provider.azuread v0.8.0
provider.azurerm v1.44.0
provider.null v2.1.2
provider.random v2.2.1
provider.template v2.1.2
Anybody come across this before? Is one of my versions wrong?
I was able to solve this problem by upgrading to the latest azurerm terraform provider, but that wasn't the only thing I needed to do. In addition do this:
Go to the Subscription you are working in, to the Resource providers.
See if you have a Provider "Microsoft.DataProtection" with Status "NotRegistered".
Register it.
Seems that the new terraform code is leveraging this additional provider within Azure.
I find when you get these types of issues, it's best to look in the source.
According to: https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/network/application_gateway_resource.go
You can only have 'key_vault_secret_id' inside a 'ssl_certificate' block, which is what you have. But note that is the latest version of the provider, on version 2. You are on 1.44.0, so we need to look at that source...
https://github.com/terraform-providers/terraform-provider-azurerm/blob/v1.44.0/azurerm/internal/services/network/resource_arm_application_gateway.go
And in this version the only mentions of 'key_vault_secret_id' are commented out.
I suggest you upgrade to the lastest version of the provider.