search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io
Other
42.76k stars 9.56k forks source link

Terraform requires credentials for terraform providers #25308

Closed vymarkov closed 4 years ago

vymarkov commented 4 years ago

Terraform Version

Terraform v0.12.25
+ provider.digitalocean v1.18.0
+ provider.gitlab v2.10.0
+ provider.helm v1.2.0
+ provider.scaleway v1.15.0

Your version of Terraform is out of date! The latest version
is 0.12.26. You can update by downloading from https://www.terraform.io/downloads.html

Terraform Configuration Files

locals {
  domain           = "do-rancher-example.example.com"
  letsEncryptEmail = "devops@example.com"

  cloudProvider                = "digitalocean"
  clusterName                  = "rancher-mission-control"
  defaultLetsEncryptIssuerName = "letsencrypt-prod"

  cert_manager_settings = {
    digitalocean = length(var.do_token) > 0 ? "digitalocean-issuer" : local.defaultLetsEncryptIssuerName
    default      = local.defaultLetsEncryptIssuerName
  }

  defaultIssuerName = lookup(local.cert_manager_settings, local.cloudProvider, "default")
}

module "scaleway" {
  source = "../../modules/cloud/scaleway"
  enabled = false // I don't want to create a kubernetes cluster in this cluster, so disable it 

  kubernetes_version = "1.16.9"
  cluster_name       = local.clusterName
}

module "digitalocean" {
  source  = "../../modules/cloud/doks"
  enabled = true

  kubernetes_version = "1.16"
  region             = "fra1"
  cluster_name       = local.clusterName

  domain = local.domain
}

module "ingress_stack" {
  source = "../../terraform/ingress-stack"

  kubernetes = module.digitalocean.kubernetes

  domain            = local.domain
  defaultIssuerName = local.defaultIssuerName
  do_token          = var.do_token

  ingress_settings = {
    kong = {
      enabled = true
    }

    cert_manager = {
      enabled          = true
      letsEncryptEmail = local.letsEncryptEmail
    }

    external_dns = {
      enabled = true
    }
  }
}

Debug Output

Crash Output

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

module.digitalocean.data.digitalocean_kubernetes_versions.default: Refreshing state...
module.digitalocean.data.digitalocean_sizes.elastic_stack: Refreshing state...
module.digitalocean.data.digitalocean_sizes.default: Refreshing state...

------------------------------------------------------------------------

Error: error loading credentials from SCW: open /root/.scwrc: no such file or directory

  on ../../modules/cloud/scaleway/providers.tf line 9, in provider "scaleway":
   9: provider "scaleway" {

Expected Behavior

I wanna to create resources (in this example, managed Kubernetes) by using the several providers, for example, DigitalOcean and Scaleway.

I found that Terraform providers required providing correct credentials for provider to operate. But I want to avoid providing credentials for all defined providers within module.

Actual Behavior

Screen Shot 2020-06-19 at 11 13 39 AM

Steps to Reproduce

Additional Context

References

apparentlymart commented 4 years ago

Hi @vymarkov!

Generally-speaking, Terraform will need credentials for any service it interacts with, because the underlying APIs themselves require those credentials. The error you showed here is being returned by the Scaleway provider itself, because it requires credentials in order to work with the Scaleway API. I'm not familiar with that provider in particular, but based on my experience with other similar providers I expect it is working as intended.

If there's a particular provider that you expect ought to be able to operate without credentials (e.g. because its underlying API has a mode where credentials are not required, etc) then you could potentially open an enhancement request in that provider's repository to request that.

Because these requirements are coming from the providers rather than from Terraform Core itself, there is nothing we could reasonably change in this repository that would change the behavior in the way you suggested. For that reason, I'm going to close this issue. If you believe that the Scaleway provider could potentially offer a useful no-credentials operating mode then you could, if you wish, open an enhancement request in the Scaleway provider repository to describe exactly how you'd expect the Scaleway provider to behave when it's operating without credentials. The Scaleway provider maintainers could then consider your proposal, and potentially implement it without any changes to Terraform Core.

Thanks!

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.