search

hashicorp / terraform-provider-tfe

Official HCP Terraform and Terraform Enterprise provider, maintained by HashiCorp. Provision HCP Terraform or Terraform Enterprise - with Terraform!
https://registry.terraform.io/providers/hashicorp/tfe
Mozilla Public License 2.0
167 stars 157 forks source link

Creating New Workspaces with GitHub App Installation Fails #1073

Open naftulikay opened 1 year ago

naftulikay commented 1 year ago

It appears that #854 is not fixed with the latest provider version. I cannot create new workspaces, but I can import/modify existing workspaces, even though all workspaces operate in the same GitHub repository.

Terraform Cloud/Enterprise version

Terraform Cloud

Terraform version

v1.5.7

Terraform Configuration Files

As background:

  1. I created a new Terraform Cloud organization.
  2. I setup the GitHub app installation.
  3. I created an organization token.
  4. I created a variable set called "Terraform Cloud" which contains the environment variable TFE_TOKEN which contains the organization token.
  5. I created the appropriate Terraform Cloud projects.
  6. I created the following workspace "my-org-terraform-cloud" in the web console using a GitHub repository as a source.
  7. I created other workspaces in the web console, and these work just fine after importing them using import {} blocks. I can modify them using the tfe provider without any issues.
  8. I imported the Terraform Cloud projects.
  9. I used the Terraform Cloud REST API to get the GitHub app installation id from the projects in this organization which work.
  10. I modified my workspaces variable such that new workspaces would be set up.
  11. Creation of new workspaces using tfe_workspace fails.
locals {
  github_org_name = "my-org"
  github_repo_name = "terraform"
  git_default_branch = "my-branch"
  tfcloud_org_name = "my-org"
}

variable projects {
  type = set(string)
  default = ["my-project"]
}

resource tfe_project default {
  for_each = var.projects

  name = each.value
  organization = local.tfcloud_org_name

  lifecycle {
    prevent_destroy = true
  }
}

variable workspaces {
    default = {
        "existing-workspace-name" = {
            "project" = "project-name"
        }
        "new-workspace-name" = {
            "project" = "project-name"
        }
    }
}

variable tfcloud_github_app_installation_id {
  default = "ghain-XXXXXX"
}

resource tfe_workspace default {
  for_each = var.workspaces

  name = each.key
  project_id = tfe_project.default[each.value["project"]].id
  organization = local.tfcloud_org_name
  working_directory = "workspaces/${each.key}"
  trigger_prefixes = distinct(["/workspaces/${each.key}"])

  vcs_repo {
    identifier = "${local.github_org_name}/${local.github_repo_name}"
    github_app_installation_id = var.tfcloud_github_app_installation_id
    branch = local.git_default_branch
  }

  force_delete = false
  allow_destroy_plan = false

  lifecycle {
    prevent_destroy = true
  }
}

Expected Behavior

I expect that the tfe provider will be able to create new Terraform Cloud workspaces using the tfe_workspace resource.

Actual Behavior

It fails with the following message:

 Error creating workspace new-workspace-name for organization my-org: invalid attribute Repository doesn't exist or isn't accessible

Once again:

  1. The GitHub app installation ID is the same as is used by the existing workspaces.
  2. The GitHub repository being used for all Terraform Cloud workspaces is exactly the same for all workspaces.
  3. Modifying Terraform Cloud workspaces which already exists works fine :heavy_check_mark: but creation of new workspaces fails :x:

Additional Context

Other than mentioned above, there is nothing special about my setup. The code that I have above functions when working on Terraform Cloud GitHub workspaces in my personal GitHub namespace (naftulikay) but does not work for workspaces within the org that I am working in.

cniessigma commented 3 months ago

I am seeing this too, any updates?

BellionBastien commented 2 months ago

Same issue over here, did anyone find a workaround ?

--- EDIT ---

I was able to workaround it by adding a popup blocker exception in my firefox settings: https://support.mozilla.org/en-US/kb/pop-blocker-settings-exceptions-troubleshooting#w_pop-up-blocker-settings

Adding https://app.terraform.io to the exception worked for me

naftulikay commented 2 months ago

The workaround I used was to create a custom GitHub OAuth application. You may want to create a "bot" account for your organization so that the app is not owned by any individual.