Open pwmcintyre opened 2 months ago
Thanks for creating the issue @pwmcintyre!
Could you share a little bit more details about
I keep these in variables like CONFLUENT_ENVIRONMENT_ID
I'm not sure whether it's helpful, but alternatively, you could have TF variable
# variables.tf
variable "confluent_environment_id" {
description = "Confluent Environment ID"
type = string
}
and then use export TF_VAR_confluent_environment_id="env-foo123"
. See this note for more details.
I keep these in variables like CONFLUENT_ENVIRONMENT_ID
as in: we use environment variables to pass these values into our CI system (see snippet below)
I'm not sure whether it's helpful, but alternatively, you could have TF variable
yes we use this method to pass variables into terraform, since we need those values accessible.
We also use env vars to authenticate, you can see in the below snippet ... but since this issue, we have to unset
some env vars because they cause this provider to fail.
# In Azure DevOps Pipelines, you can include config values like so
variables:
- group: confluent-cloud-prod
...
# NOTE: CONFLUENT_ENVIRONMENT_ID must be unset to avoid a validation errors
# This is because it collides with an env var which it uses (even though we don't use Flink!)
# https://github.com/confluentinc/terraform-provider-confluent/blob/a8d64935d062f6ea580d1000615c6f694e343597/internal/provider/provider.go#L447
- script: |
unset CONFLUENT_ENVIRONMENT_ID
terraform apply -auto-approve -input=false
env:
# Authenticate Confluent provider via env vars
# https://registry.terraform.io/providers/confluentinc/confluent/latest/docs#environment-variables
CONFLUENT_CLOUD_API_KEY: $(CONFLUENT_CLOUD_API_KEY)
CONFLUENT_CLOUD_API_SECRET: $(CONFLUENT_CLOUD_API_SECRET)
# inject Terraform variables through from env vars:
# https://developer.hashicorp.com/terraform/language/values/variables#environment-variables
TF_VAR_confluent_environment_id: $(CONFLUENT_ENVIRONMENT_ID)
TF_VAR_confluent_kafka_cluster_id: $(CONFLUENT_KAFKA_CLUSTER_ID)
TF_VAR_confluent_organisation_id: $(CONFLUENT_ORGANISATION_ID)
TF_VAR_confluent_schema_registry_id: $(CONFLUENT_SCHEMA_REGISTRY_ID)
...
I guess from my perspective, it is frustrating that the provider validates values for Flink even though I don't use Flink ... could it instead validate those values exist only if they are required? it seems to validate all possible things up-front
For context - I'm using Azure DevOps (but this applies for any CI I think) and I use Variable Groups to hold various details about the environment, including the Confluent org ID, environment ID, etc
These are exposed to the pipeline via environment variables
I keep these in variables like
CONFLUENT_ENVIRONMENT_ID
Since patching to https://github.com/confluentinc/terraform-provider-confluent/releases/tag/v1.66.0 I not get the following error:
I'm not even using Flink, yet it validates the values.
It seems silly that I have to purge a few variables to get this working, just wondering if there's a better way?
Here's how I have resolve the issue:
I guess another option would be to rename all my variables so they don't accidentally collide with your env vars?