Apply doesn't work - Still creating

[Kronk74]

Hello,

I'm trying to use this provider to create groups on a Active directory server but nothing happen when I apply.

Is it a bug or a bad configuration ?

Best regards,

Thomas

Terraform Version and Provider Version

terraform version : 13.4 ad provider: 0.4.2

OS

I use a linux machine to launch terraform. (Nixos)

Affected Resource(s)

ad_group

Terraform Configuration Files

provider.tf

provider "ad" {
  winrm_hostname = "192.168.1.1"
  winrm_username = "test_account"
  winrm_password = "xxxxxx"
  winrm_insecure = true
  krb_realm = "test.lan"
  krb_conf = "./krb5.conf"
  krb_spn = "HTTP/srv.test.lan"
}

ad.tf

resource "ad_group" "elk_testi" {
  name             = "elk_testi"
  sam_account_name = "sam_elk_test"
  container        = "OU=groups,OU=ELK,OU=Applications,OU=TEST,OU=Organizations,DC=test,DC=lan"
}

krb5.conf

[libdefaults]
   default_realm = TEST.LAN
   dns_lookup_realm = false
   dns_lookup_kdc = false

[realms]
    STAINFRA.CIRB.LAN = {
        kdc     = 192.168.1.1
        admin_server = 192.168.1.1
        default_domain = TEST.LAN
    }

[domain_realm]
  .test.lan = TEST.LAN
  test.lan = TEST.LAN

Debug Output

2021-04-28T10:08:21.984+0200 [INFO]  plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] sanitising key "" to:: timestamp=2021-04-28T10:08:21.983+0200
2021-04-28T10:08:21.984+0200 [INFO]  plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] Adding group with name "elk_testi": timestamp=2021-04-28T10:08:21.983+0200
2021-04-28T10:08:21.984+0200 [INFO]  plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] Running command New-ADGroup -Passthru -Name "elk_testi" -GroupScope "global" -GroupCategory "security" -Path "OU=groups,OU=ELK,OU=Applications,OU=TEST,OU=Organizations,DC=test,DC=lan" -SamAccountName "sam_elk_test" | ConvertTo-Json via powershell: timestamp=2021-04-28T10:08:21.983+0200
2021-04-28T10:08:21.984+0200 [INFO]  plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] Encoded command: powershell.exe -EncodedCommand TgBlAHcALQBBAEQARwByAG8AdQBwACAALQBQAGEAcwBzAHQAaAByAHUAIAAtAE4AYQBtAGUAIAAiAGUAbABrAF8AdABlAHMAdABpACIAIAAtAEcAcgBvAHUAcABTAGMAbwBwAGUAIAAiAGcAbABvAGIAYQBsACIAIAAtAEcAcgBvAHUAcABDAGEAdABlAGcAbwByAHkAIAAiAHMAZQBjAHUAcgBpAHQAeQAiACAALQBQAGEAdABoACAAIgBPAFUAPQBnAHIAbwB1AHAAcwAsAE8AVQA9AEUATABLACwATwBVAD0AQQBwAHAAbABpAGMAYQB0AGkAbwBuAHMALABPAFUAPQBDAEkAUgBCACwATwBVAD0ATwByAGcAYQBuAGkAegBhAHQAaQBvAG4AcwAsAEQAQwA9AHMAdABhAGkAbgBmAHIAYQAsAEQAQwA9AGMAaQByAGIALABEAEMAPQBsAGEAbgAiACAALQBTAGEAbQBBAGMAYwBvAHUAbgB0AE4AYQBtAGUAIAAiAHMAYQBtAF8AZQBsAGsAXwB0AGUAcwB0ACIAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuAA==: timestamp=2021-04-28T10:08:21.983+0200
2021-04-28T10:08:21.984+0200 [INFO]  plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] Executing command on remote host: timestamp=2021-04-28T10:08:21.983+0200
2021/04/28 10:08:25 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/nixpkgs/ad\"] (close)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:26 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/04/28 10:08:26 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:30 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/nixpkgs/ad\"] (close)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:31 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/04/28 10:08:31 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "ad_group.elk_testi"
ad_group.elk_testi: Still creating... [10s elapsed]
2021/04/28 10:08:35 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/nixpkgs/ad\"] (close)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:36 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:36 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/04/28 10:08:40 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/nixpkgs/ad\"] (close)" is waiting for "ad_group.elk_testi"

Expected Behavior

Create a group.

Actual Behavior

Nothing happened.

Steps to Reproduce

1. terraform init
2. terraform plan
3. terraform apply

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[Kronk74]

I think I know where the issue is. As I'm using a unix machine, I cannot exec 'powershell.exe' from there :

https://github.com/hashicorp/terraform-provider-ad/blob/e4b2ec2267a63f68b2b4366ca13e17ca97eb57e0/ad/internal/winrmhelper/winrm_helper.go#L90

I installed powershell on my machine but It doesn't work too. Maybe due to ´.exe´ extension. This provider seems specifically dedicated to Windows machines.

[jpatigny]

Hello @Kronk74 ,

It doesn't have anything to do with powershell.exe. As long as your winrm client (regardless of the os) can authenticate to the remote server it should work as it's the remote server (domain controller/ server with rsat installed) that will execute the cmd "powershell.exe -command ..."

At first side, based on your log output I don't really know where to look... Could it be a connectivity issue ?

[Kronk74]

Hello @jpatigny ,

Oki I understand better how it works. I'll try to see if winrm client on my linux machine work and can reach AD server. Thanks for your message.

[adamcoxon]

Hello guys. I am seeing this exact same behaviour today when testing creating an AD group with this provider. From my Mac machine it just seems to hang and never create the AD group. Did either of you get to the bottom of this?

[max1c]

I'm seeing the same issue when using "ad_group_membership". Getting stuck on "Still creating..." and either timing out or have to cancel manually. I've tried a bunch of stuff and nothing seems to be working.