Open nphilbrook opened 3 years ago
Hi @nphilbrook,
Terraform can log in to potentially many hostnames at the same time, for more complicated scenarios where e.g. there's a private provider or module registry running at a different hostname. By default terraform login
chooses app.terraform.io
as the hostname to log in to, because that's by far the most common case, but you can specify a different hostname on the command line:
terraform login 'tfe-paas.service.<REDACTED>'
(naturally, you'll need to use the actual hostname and not the refacted version!)
When you run this command, Terraform CLI will perform service discovery against the hostname you gave. If it refers to a Terraform Enterprise installation then it'll learn that the system supports the Terraform Cloud/Enterprise API and thus should send you through the same login process as would've happened for Terraform Cloud on app.terraform.io
.
The terraform login
command is not a configuration-sensitive command -- you can run it in any directory, at any time, even if you've not run terraform init
to activate the backend yet -- and so it doesn't try to be clever about guessing what hostname you probably meant to log into. Perhaps in a future iteration of the Cloud/Enterprise integration in Terraform CLI, where the integration point could be something more first-class than just another backend, there could be room for it detecting this automatically, since I'd agree that it seems unlikely that you'd want to log in to app.terraform.io
in the specific case where you're using self-hosted Terraform Enterprise, and you could always type terraform login app.terraform.io
if you really wanted to.
With that said, Terraform CLI is working as designed today, and I hope my answer above will work for you for now. I'm going to label this as an enhancement request to consider the idea of making terraform login
detect a hostname automatically, but a prerequisite for that would be having a first-class configuration construct for activating "Terraform Cloud mode", because today Terraform CLI just sees that backend "remote"
block as a generic bag of settings handled separately by the backend, as is the case for all backends.
Thanks!
Thanks Martin, that is very helpful.
I do wish I had read the help text for the terraform login
command before filing this issue :doh:
I was following these docs here: https://www.terraform.io/docs/cloud/run/cli.html#remote-backend-configuration and a note about the hostname option to the login command would be welcome here as well.
Thanks again and I do understand how this would be an enhancement.
Config:
If I run
terraform login
with this config, it tries to log in toapp.terraform.io
. Shouldn't it parse the hostname out of my remote backend and login there?Observed on version 0.14.11 and 1.0.6 (latest as of this writing) as shown below
This is not a hard blocker as I can grab a token and configure a
credentials
block, but it seems like a bug (or missing feature) to me.