search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.6k stars 9.54k forks source link

OSS backend fails to initialize when using assume_role with a set of STS credentials #23165

Closed jcarrothers-sap closed 4 years ago

jcarrothers-sap commented 5 years ago

Terraform Version

0.12.12

Terraform Configuration Files

terraform {
  backend "oss" {
    bucket  = "terraform-state"
    key     = "account_management/terraform.tfstate"
    region  = "us-west-1"
    tablestore_endpoint = "https://tfstatelock.us-east-1.ots.aliyuncs.com"
    tablestore_table = "terraform_state"
    assume_role {
      role_arn = "acs:ram::<redacted>:role/terraform-state"
    }
  }
}

Expected Behavior

When using a set of AliCloud credentials which are not a standard API Key, but were created using the AliCloud STS AssumeRole API endpoint, the additional role assumption in the OSS backend should succeed.

Actual Behavior

$ terraform init
Initializing the backend...

Error: SDK.ServerError
ErrorCode: MissingSecurityToken
Recommend: https://error-center.aliyun.com/status/search?Keyword=MissingSecurityToken&source=PopGw
RequestId: 81A36E7C-7E30-4532-8B35-91CF5F24A34D
Message: SecurityToken is mandatory for this action.

Steps to Reproduce

  1. Generate a set of temporary credentials using aliyun sts AssumeRole
  2. Use these credentials to run terraform init

Additional Context

N/A

References

Proposed fix: #23128

jcarrothers-sap commented 4 years ago

Fixed by #22821

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.