I use environment variables in Terraform Cloud to store sensitive information, and when I try to use them, it looks like Terraform Cloud is not exporting them.

This is how I saved them in my workspace:

image1280×881 32.5 KB

This is what the contents of my repository looks like:

image1280×881 50.9 KB

This is how the contents of the * .tf files look like:

main.tf:

terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
      version = "2.14.0"
    }
  }
}

provider "cloudflare" {
  email = var.cloudflare_email
  api_key = var.cloudflare_api_key
}

resource "cloudflare_zone" "example" {
  zone = "example3.com"
  plan = "free"
}

variables.tf:

variable "cloudflare_email" {
  type = string
}

variable "cloudflare_api_key" {
  type = string
}

This is the result I get:

image1280×881 36.3 KB

Could anyone please tell me what I’m doing wrong?

8 posts - 2 participants

Read full topic

Noob question:

I’ve built a module and am calling it from it from a root module, and it all works fine and builds my VPC.

Now that I’m trying to introduce outputs, I get an error:

davehill@daves-MacBook-Pro CloudEndureVPC % terraform plan

Error: Unsupported attribute

on output.tf line 5, in output “vpc_id”:
5: value = module.vpc.vpc_id

This object does not have an attribute named “vpc_id”.

Here is the block of code from my root output.tf:

output “vpc_id” {
description = “ID of project VPC”
value = module.vpc.vpc_id
}

And here from the child module output.tf:

output “vpc_id” {
description = “The ID of the VPC”
value = aws_vpc.vpc.id
}

I’m missing something obvious but can’t see anything in the documentation saying what that might be.

1 post - 1 participant

Read full topic

Hello everyone!

I am currently writing a small custom provider for my thesis project, and I ran into problems the provider is supposed to create a simple resource on a local running Bitbucket.
I studied the Terraform guides about writing providers and some existing providers to understand how Terraform interacts with providers and golang itself.

I got it working, somewhat - but I run into the same problem not matter what I do. When I try to create a resource using my custom providers, this error pops up:

When applying changes to customResource, provider
“customProvider” produced an unexpected new value: Root resource
was present, but now absent.

Sadly, this error almost never comes up in the entire internet - I looked into it all day. As I understand it, the “inconsistent result after apply” error is the result of the provider changing ResourceData in a way that isn’t nessecary, so Terraform thinks a change has been made? I don’t undertand what “Root resource” refers to in this context, though.
I think the problem stems from the fact that the id of my object is an int (server-side), but Terraform forces me to use TypeString - or because it is a Computed value, or a combination of both. I convert the id into string in the resourceSomethingRead-function, of course. My logs indicate that the entire create and read operation runs into no problems: the response from the server is accepted with correct codes and all content is parsed correctly, too. But still, the error is thrown.

I looked into this all day and wasn’t able to find any answers or pointer to understanding Root resource correctly, or how the read-function works and when it is called by Terraform. I think the problem lies somewhere in there.
Did anyone ever run into similar problems, or does someone understand what the problem is? Does anyone know a provider that successfully maps an external non-string ID into Terraform?

For context, here is the full content of my relevant provider files (its really simple, or should be):
resource_project.go
provider.go
client.go

Some more context: this is what a successful POST to the server returns, the POST body contains all information but the ID (because it is exclusively computed by the server and can’t be set manually)

1 post - 1 participant

Read full topic

Hello forum,

I am using Terraform version 0.0.142 and azurerm to try and deploy some network security group (nsg) rules for my pipeline but I’m having some trouble with duplicate keys in my nsg rules.
Here’s my sample main.tf:

resource “azurerm_network_security_rule” “nsg_rule1” {
for_each = {for nsg_rule1 in var.nsg_values:nsg_rule1.name => nsg_rule1}
name = each.value.name
priority = each.value.priority
protocol = “*”
source_address_prefix = each.value.source_address_prefix

variable.tf sample file:
variable "nsg_values: {
type = list(object({
name = string
priority = string
source_address_prefix = string
}))
}

tfvars array of values:
nsg_values = [
{
name = “RDP”
priority = “2500”
source_address_prefix = “"
},
{
name = “RDP1”
priority = “2600”
source_address_prefix = "”
}
]

Understandably, my list of object only wants me to pass unique values but I have some nsg rules which allows or denies traffic from all or any address spaces. Is there a way for me to have my config file deal with duplicate keys?
Thanks.

1 post - 1 participant

Read full topic

Trying to figure out how to enable the AGIC add on and attach my apgw id inside my TF template

1 post - 1 participant

Read full topic

I hope you’re all doing well.

I’ve faced an issue while, I was creating a aws sqs endpoint.

Idea: SQS Endpoints should be created per availability zone (Done)

Idea: Each created SQS Endpoint, should use exact a-z subnet (Undone)
For example: 
        SQS-eu-west-1a > subnet-eu-west-1a
        SQS-eu-west-1b > subnet-eu-west-1b ...

I hope, I’ve explained my problem clearly
Here is the main.tf

data "aws_availability_zones"    "network_zones" { }
data "aws_vpc_endpoint_service"  "sqs" {
  count          = length(var.network_ids) > 0 && var.create_endpoint_sqs ? 1 : 0
  service        = "sqs"
}

locals {
   endpoint_sqs  = {
       zones     = data.aws_availability_zones.network_zones.names
       subnets   = compact([
         concat(var.private_subnet_ids, [""])[0],
         concat(var.cluster_subnet_ids, [""])[0]
       ])
       security_groups = compact([ 
         var.default_security_group,
         var.private_security_group,
       ])
   }
}


resource "aws_vpc_endpoint" "sqs"    {
   for_each            = toset( length(var.network_ids) > 0 && var.create_endpoint_sqs ? local.endpoint_sqs.zones : [])
   depends_on          = [ data.aws_vpc_endpoint_service.sqs ]
 
   vpc_id              = var.network_ids
   auto_accept         = var.endpoint_sqs_auto_accept
   service_name        = data.aws_vpc_endpoint_service.sqs[0].service_name
   vpc_endpoint_type   = "Interface"
   
   subnet_ids          = local.endpoint_sqs.subnets
   security_group_ids  = local.endpoint_sqs.security_groups
   private_dns_enabled = var.endpoint_sqs_private_dns

   tags = var.tags
}

So my problem is when the endpoint creates it takes either, all subnet ids of all availability zones, either one subnet id but with function concat, is there any way to resolve my issue? Many many thanks

1 post - 1 participant

Read full topic

Hi,

I have some current code which builds out an environment within an aws vpc with multiple different subnets for public/private etc. and this all works fine. However if I build a new environment it also assigns the same public/private subnet ranges, which is fine internally however I will be linking up these environments to my office via VPNs for each environment so I want to have separate subnet ranges for each environment terraform builds & manages.

Something like:
workspace: TEST1

resource “aws_subnet” “ApplicationSubnet1” {
cidr_block = “10.0.0.0/24”
vpc_id = aws_vpc.application.id
availability_zone = “${var.aws-region}a”
}

workspace: TEST2

resource “aws_subnet” “ApplicationSubnet1” {
cidr_block = “10.0.1.0/24”
vpc_id = aws_vpc.application.id
availability_zone = “${var.aws-region}a”
}

I’m not sure the best way to do this? Do I store a config entry in S3 that I read and then increment subnet based on that? Is there any examples of doing this? Is it even supported?

Thanks,
Terry

1 post - 1 participant

Read full topic

Hello, I’ve created an Endpoint, and I would like to add a tag to created ENI device
The Endpoint have been created with for_each block (if it is important)
However I get an error:
Error: Unsupported attribute

  on Modules/Network/Endpoints/tags.tf line 14, in resource "aws_ec2_tag" "def_eni_sqs":
  14:    resource_id                     = flatten(aws_vpc_endpoint.sqs.*.network_interface_ids)

This object does not have an attribute named "network_interface_ids".

Here is the Endpoint and Tag resources

resource "aws_vpc_endpoint" "sqs"      {
   for_each                        = { for subnet in local.endpoints.sqs : subnet.name => subnet }
   depends_on                      = [ data.aws_vpc_endpoint_service.sqs ]
 
   vpc_id                          = var.network_ids
   auto_accept                     = var.endpoint_sqs_auto_accept
   service_name                    = data.aws_vpc_endpoint_service.sqs[0].service_name
   vpc_endpoint_type               = "Interface"
   
   policy                          = data.template_file.policy_sqs.rendered
   subnet_ids                      = lookup(each.value, "subnet",  null)
   security_group_ids              = lookup(each.value, "groups",  null)
   private_dns_enabled             = lookup(each.value, "prefix",  null)

   tags = var.tags
}


resource "aws_ec2_tag" "def_eni_sqs" {
   # ^ Default Tags: Unmanaged Interfaces (SQS ENI)
   count                           = length(data.aws_availability_zones.network_zones.names)
   resource_id                     = flatten(aws_vpc_endpoint.sqs.*.network_interface_ids)
   key                             = "Name"
   value                           = join(" | ", [ local.tag_sqs_enis, upper(element(var.availability_zones, count.index)) ])
}

2 posts - 1 participant

Read full topic

Hi all,

Today we’ve released the next v0.14 patch release, v0.14.3. This release contains fixes for a number of bugs that folks have reported since the v0.14.0 release. Thanks!

For more details on what exactly has changed in this release, refer to the v0.14.3 changelog.

1 post - 1 participant

Read full topic

I’m getting an error.

I tried to upgrade terraform version to 0.13.5 but I start getting error.
Error: cannot decode dynamic from flatmap.

I believe terraform apply command wasn’t executed with 0.12.29 version which caused the above error. However, I removed versions from 0.13.5 and I tried to execute terraform plan with 0.12.29 version but started getting another error.

state snapshot was created by Terraform v0.13.5, which is newer than current v0.12.29; upgrade to Terraform v0.13.5 or greater to work with this state

I’m not sure how to recover from this situation. Even, I tried to revert the remote state file to the previous but I still get the same error.
state snapshot was created by Terraform v0.13.5, which is newer than current v0.12.29; upgrade to Terraform v0.13.5 or greater to work with this state

Any help would be appreciated!

1 post - 1 participant

Read full topic

Hi, new to terraform and working primarily with vsphere and azurerm.

So far for azurerm, the two main resources I’ve been working with – azure container instances and blobstorage with azure CDN – have had missing coverage.

(container doesn’t seem to accept privateIp without creating a vnet and no support volume of type emptyDir, while CDN with blob storage can’t assign a custom domain to a CDN endpoint with https?)

I’ve been looking at tf modules on Github and I see two obvious patterns: testing for the presence of and relying on either azure-cli or Azure Powershell to do the needful using local-exec, or using Azure Resource Manager Templating within TF.

I hope to hear your opinions on which you prefer and why?

1 post - 1 participant

Read full topic

Hi All, I am a newbie with the terraform. I keep getting the block definition error for line item 39 but there is no statement in line item 39. Please see the code and let me know what i am missing. Thank you in advance.

resource “aws_vpc” “fcloud”{
cidr_block = “10.10.0.0/16”
instance_tenancy = “default”
tags = {
Name = “fcloud”
}

resource “aws_subnet” “public_subnet”{
count = “{length(var.public_subnet_cidr_block)}" vpc_id = "{aws_vpc.fcloud.id}”
cidr_block = “{element(var.public_subnet_cidr_block, count.index)}" availability_zone = "{element(var.availability_zones, count.index)}”
tags = {
Name = “public_subnet_${count.index}”
}

resource “aws_subnet” “private_subnet”{
count = “{length(var.private_subnet_cidr_block)}" vpc_id = "{aws_vpc.fcloud.id}”
cidr_block = “{element(var.private_subnet_cidr_block, count.index)}" availability_zone = "{element(var.availability_zones, count.index)}”
tags = {
Name = “private_subnet_${count.index}”
}

resource “aws_subnet” “hr_subnet”{
count = “{length(var.hr_subnet_cidr_block)}" vpc_id = "{aws_vpc.fcloud.id}”
cidr_block = “{element(var.hr_subnet_cidr_block, count.index)}" availability_zone = "{element(var.availability_zones, count.index)}”
tags ={
Name = “hr_subnet_${count.index}”
}

2 posts - 2 participants

Read full topic

Hi,

I have setup a fairly big (at least for me) repo with a possibility to deploy machine on my proxmox hypervisor.
After that, it will deploy kubernetes with either rke or k3s.

Those two will create a kubeconfig.yaml file.
I wish to use this generated file into the config_path of the helm provider.

The issue is that the file does not exist at startup and I could not figure out how to do it in a proper way.

In other words, is it possible to initiate the helm provider with an not “yet” existing kubeconfig.yaml file.

Thx

1 post - 1 participant

Read full topic

We are evaluating using terraform-cdk for cloud and docker solutions but I am having a hard time getting vscode to read and parse imports/aws. Is this a known issue or am I doing something wrong? I just followed the example using python. Both pipenv and pip do not seem to be happy so I suspect it’s a vscode glitch…

Also, when did it change from cdktf_cdktf_provider_aws to imports.aws ? I see both in videos…

1 post - 1 participant

Read full topic

Hi All,

I was trying to use helm provider for eks and i am getting error during terraform init

Initializing provider plugins…

• Finding latest version of hashicorp/create…
• Finding latest version of hashicorp/aws…
• Finding latest version of hashicorp/archive…
• Finding latest version of hashicorp/helm…
• Installing hashicorp/aws v3.22.0…
• Installed hashicorp/aws v3.22.0 (signed by HashiCorp)
• Installing hashicorp/archive v2.0.0…
• Installed hashicorp/archive v2.0.0 (signed by HashiCorp)
• Installing hashicorp/helm v2.0.1…
• Installed hashicorp/helm v2.0.1 (signed by HashiCorp)

Error: Failed to install provider

Error while installing hashicorp/create: provider registry
registry.terraform.io does not have a provider named
registry.terraform.io/hashicorp/create

below error during terraform v0.14

Initializing provider plugins…

• Finding latest version of hashicorp/create…
• Finding latest version of hashicorp/aws…
• Finding latest version of hashicorp/archive…
• Finding latest version of hashicorp/helm…
• Installing hashicorp/aws v3.22.0…
• Installed hashicorp/aws v3.22.0 (signed by HashiCorp)
• Installing hashicorp/archive v2.0.0…
• Installed hashicorp/archive v2.0.0 (signed by HashiCorp)
• Installing hashicorp/helm v2.0.1…
• Installed hashicorp/helm v2.0.1 (signed by HashiCorp)

Error: Failed to install provider

Error while installing hashicorp/create: provider registry
registry.terraform.io does not have a provider named
registry.terraform.io/hashicorp/create

can you please let me know why i am getting this issue and due this i can’t use helm_release in terraform?

thanks

2 posts - 2 participants

Read full topic

Looking at the documentation for how to create a Azure Logic App resource, what would be the easiest/cheapest way to import an existing app into Terraform?

Can I simply take the json representation of the Logic App as is and add it to TF?

1 post - 1 participant

Read full topic

I want to create a custom provider that will be accessing gcp resources

Is there a way to just use and explicitly depend on an existing google provider config for getting access to gcp in my custom provider? It would be nice if my custom provider requires no config (except for declaring it in the tf config of course) and it just uses the google provider config.

As opposed to setting all that up myself or copy/pasting the provider config code from the google provider into my custom one.

1 post - 1 participant

Read full topic

Hi,

I have a variable metallb_vip_range and I would like terraform function to extract values from this range to use them.

For example, value for this range is 192.168.1.10-192.168.1.20 and I would like to get a list like this [192.168.1.10,192.168.1.11,....,192.168.1.20].

I check on terraform functions but didn’t find a way to do that.

Is it possible ?

1 post - 1 participant

Read full topic

Hello,
I upgraded terraform to 0.14 and with multiple modules everything went smooth except for one module.

When I do init in this module I get:

Error: Invalid legacy provider address

This configuration or its associated state refers to the unqualified provider
“aws”.

You must complete the Terraform 0.13 upgrade process before upgrading to later
versions.

So I downgraded back to 0.13 and I got during terraform plan:

Error: state snapshot was created by Terraform v0.14.2, which is newer than current v0.13.5; upgrade to Terraform v0.14.2 or greater to work with this state

Error: state snapshot was created by Terraform v0.14.2, which is newer than current v0.13.5; upgrade to Terraform v0.14.2 or greater to work with this state

Error: state snapshot was created by Terraform v0.14.2, which is newer than current v0.13.5; upgrade to Terraform v0.14.2 or greater to work with this state

Error: state snapshot was created by Terraform v0.14.2, which is newer than current v0.13.5; upgrade to Terraform v0.14.2 or greater to work with this state

This is kinda schizophrenic situation…
The problem is that this module is main module for all the other modules so I am unable to make changes in our whole infrastructure.

Can somebody help?

Thanks!

1 post - 1 participant

Read full topic

What I have
A complex string manipulation sprinkled throughout a module (domain variable) representing a top-level domain string:

module "http-rdir-A-records" {
  source = "./modules/aws/create-dns-record"
  depends_on = [module.http-rdir]
  count = var.amount

  domain = join(".",tolist([reverse(split(".",var.domain-mappings[count.index]))[1],reverse(split(".",var.domain-mappings[count.index]))[0]]))
  type = "A"
  records = {
    "${var.domain-mappings[count.index]}" = module.http-rdir[count.index].http-rdr-public-ip
  }
}

What I’ve tried
To abstract the variable with locals. For example:

locals{
    tld = join(".",tolist([reverse(split(".", "${var.domain-mappings[count.index]}"))[1],reverse(split(".","${var.domain-mappings[count.index]}"))[0]]))
}

And

locals{
    tld = join(".",tolist([reverse(split(".", "$${var.domain-mappings[count.index]}"))[1],reverse(split(".","$${var.domain-mappings[count.index]}"))[0]]))
}

What I Get Using locals
Unexpected string outputs, such as

“domain-mappings[count.index]}”

Am I interpolating the strings incorrectly? domain-mappings is defined as follows:

variable "domain-mappings" {
  type = list(string)
  default = [
    ""
  ]

Thank you!
Joe

1 post - 1 participant

Read full topic