search

Optum / runiac

Run IaC Anywhere With Ease
https://runiac.io
Apache License 2.0
20 stars 19 forks source link

"Error: Conflicting Parameters" on `role_arn` when `assume_role` block is defined #73

Open erikpaasonen opened 2 months ago

erikpaasonen commented 2 months ago

Under circumstances still under investigation, init fails with the following error:

[INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) Initializing the backend... [INFO] (deploy track/step/primary/us-east-1) Initializing modules... [INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) Warning: Deprecated Parameters [INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) on backend.tf line 2, in terraform: [INFO] (deploy track/step/primary/us-east-1) 2: backend "s3" { [INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) The following parameters have been deprecated. Replace them as follows: [INFO] (deploy track/step/primary/us-east-1) * role_arn -> assume_role.role_arn [INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) Error: No valid credential sources found Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) Please see https://www.terraform.io/docs/language/settings/backends/s3.html Error: (deploy track/step/primary/us-east-1) for more information about providing credentials. Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) Error: failed to refresh cached credentials, no EC2 IMDS role found, Error: (deploy track/step/primary/us-east-1) operation error ec2imds: GetMetadata, failed to get API token, operation Error: (deploy track/step/primary/us-east-1) error ec2imds: getToken, http response error StatusCode: 400, request to EC2 Error: (deploy track/step/primary/us-east-1) IMDS failed Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1)

When the following block is added to backend.tf in the step:

  assume_role = {
    role_arn = "[MY_ARN]"
  }

The error message at runtime changes to:

[INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) Initializing the backend... [INFO] (deploy track/step/primary/us-east-1) Initializing modules... Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) Error: Conflicting Parameters Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) on backend.tf line 2, in terraform: Error: (deploy track/step/primary/us-east-1) 2: backend "s3" { Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) The following deprecated parameters conflict with the parameter Error: (deploy track/step/primary/us-east-1) "assume_role". Replace them as follows: Error: (deploy track/step/primary/us-east-1) * role_arn -> assume_role.role_arn Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1)

It is suspected this is due to RunIAC injecting role_arn as a -backend-config=key=value command line param at runtime.

Perhaps it is not aware of an assume_role element in the backend config map and does not think a role_arn is defined?

erikpaasonen commented 2 months ago

Likely involves paying down this TODO.