search

integrations / terraform-provider-github

Terraform GitHub provider
https://www.terraform.io/docs/providers/github/
MIT License
906 stars 746 forks source link

[BUG]: Cannot authenticate with provider #2010

Closed coreyd-valcre closed 2 months ago

coreyd-valcre commented 1 year ago

Expected Behavior

Provider should be taking my code and authenticating to create a github secret and github file respectively each.

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 3.0.0"
    }
    github = {
      source  = "integrations/github"
      version = "5.40.0"
    }
  }
}

provider "github" {
  owner = "MyCompany"
  token = "MyToken or Variable"
}

I have tested on 5.40.0, 5.41.0, and 5.42.0, auth fails.

Github resource is in a child module, configuration for providers is in parent respectively.

I have even tried hardcoding the token to the provider and to no avail. The git:: works to download the source but the rest fails in the github provider.

This is also pulling the hashicorp/github provider even though its not required, called, or needed.

Actual Behavior

Initializing provider plugins...
- Finding integrations/github versions matching "5.35.0"...
- Finding latest version of hashicorp/github...
- Finding hashicorp/azurerm versions matching ">= 3.0.0"...
- Finding hashicorp/null versions matching ">= 3.0.0"...
- Installing integrations/github v5.35.0...
- Installed integrations/github v5.35.0 (signed by a HashiCorp partner, key ID 38027F80D7FD5FB2)
- Installing hashicorp/github v5.42.0...
- Installed hashicorp/github v5.42.0 (signed by HashiCorp)
- Installing hashicorp/azurerm v3.79.0...
- Installed hashicorp/azurerm v3.79.0 (signed by HashiCorp)
- Installing hashicorp/null v3.2.1...
- Installed hashicorp/null v3.2.1 (signed by HashiCorp)

│ Error: Invalid provider configuration
│ 
│ Provider "registry.terraform.io/hashicorp/github" requires explicit
│ configuration. Add a provider block to the root module and configure the
│ provider's required arguments as described in the provider documentation.
│ 
╵
╷
│ Error: GET https://api.github.com/user: 401 Requires authentication []
│ 
│   with provider["registry.terraform.io/hashicorp/github"],
│   on <empty> line 0:
│   (source code not available)
│ 
╵

Terraform Version

Terraform: 1.6.3 On Linux AMD64 Version is integrations/github ~>5, 5.40.0, 5.41.0, 5.42.0

Affected Resource(s)

resource github_actions_secret resource github_repository_file data github_actions_public_key

Terraform Configuration Files

---- module ----
module "web_app_common_dev" {
  for_each             = toset(var.locations)
  source               = "git::MyGitHubSourceURL"
  resource_group_name  = data.azurerm_resource_group.resource_group_common_dev_app_svc[each.key].name
  service_plan_id      = data.azurerm_service_plan.app_service_plan_common_dev[each.key].id
  origin_group_id      = module.vc-tf-fd-test-origin-group.origin_group_id
  locations            = each.value
  web_app_name         = "vc-tf-fd-test"
  web_app_request_type = "HEAD"
  web_app_path         = "/"
  health_check_path    = "/"
  git_repo_url         = "MyGithubURL"
  git_repo_branch      = "My/Branch"
  git_repo_token       = var.git_repo_token
  appName              = "MyAppName"

  providers = {
    azurerm.dns = azurerm.dns
  }
}

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 3.0.0"
    }
    github = {
      source  = "integrations/github"
      version = "5.40.0"
    }
  }
}

provider "github" {
  owner = "MyCompany"
  token = "MyToken"
}

data "github_actions_public_key" "action_key" {
  repository = local.repo_name
}

resource "github_actions_secret" "publishing_profile_to_secret" {
  depends_on      = [null_resource.web_app_slot_publish_profile, null_resource.debug]
  for_each        = local.web_app
  repository      = local.repo_name
  secret_name     = azurerm_windows_web_app_slot.web_app_slot[each.key].name
  plaintext_value = file("${path.module}/publish_profiles/${each.value.combined_name}-slot.xml")
}

Steps to Reproduce

No response

Debug Output

│ Error: Invalid provider configuration
│ 
│ Provider "registry.terraform.io/hashicorp/github" requires explicit
│ configuration. Add a provider block to the root module and configure the
│ provider's required arguments as described in the provider documentation.
│ 
╵
╷
│ Error: GET https://api.github.com/user: 401 Requires authentication []
│ 
│   with provider["registry.terraform.io/hashicorp/github"],
│   on <empty> line 0:
│   (source code not available)
│ 
╵

Panic Output

No response

Code of Conduct

github-actions[bot] commented 1 year ago

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

scott-doyland-burrows commented 1 year ago

Hi,

I am not totally sure from your code above which is part of a root module and which is the non-root module. However, below is how I have it setup and it works fine.

Root Module:

terraform {
  required_providers {
    github = {
      source = "integrations/github"
    }
  }
}

provider "github" {
  alias = "myalias"
  owner = "myorg"
  token = "mytoken"
}

module "repos" {
  source = "./modules/repos"

  providers = {
    github.myalias = github.myalias
  }
}

Code in the non-root module:

terraform {
  required_providers {
    github = {
      source                = "integrations/github"
      version               = "5.40.0"
      configuration_aliases = [github.myalias]
    }
  }
}

resource "github_repository" "repos" {
  provider = github.myalias

  name = "reponame"
  ...
  ...
}
coreyd-valcre commented 1 year ago

My apologies, root/parent module is this:

---- module ----
module "web_app_common_dev" {
  for_each             = toset(var.locations)
  source               = "git::MyGitHubSourceURL"
  resource_group_name  = data.azurerm_resource_group.resource_group_common_dev_app_svc[each.key].name
  service_plan_id      = data.azurerm_service_plan.app_service_plan_common_dev[each.key].id
  origin_group_id      = module.vc-tf-fd-test-origin-group.origin_group_id
  locations            = each.value
  web_app_name         = "vc-tf-fd-test"
  web_app_request_type = "HEAD"
  web_app_path         = "/"
  health_check_path    = "/"
  git_repo_url         = "MyGithubURL"
  git_repo_branch      = "My/Branch"
  git_repo_token       = var.git_repo_token
  appName              = "MyAppName"

  providers = {
    azurerm.dns = azurerm.dns
  }
}

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 3.0.0"
    }
    github = {
      source  = "integrations/github"
      version = "5.40.0"
    }
  }
}

provider "github" {
  owner = "MyCompany"
  token = "MyToken"
}

Problem is I can't define a provider in the child as Terraform gives me an error due to using for_each in the root.

scott-doyland-burrows commented 1 year ago

Can you just update the providers block so it is like:

  providers = {
    azurerm.dns = azurerm.dns
    github.some_alias = github.some_alias
  }

The end of this page suggests you can do that:

https://developer.hashicorp.com/terraform/language/modules/develop/providers#legacy-shared-modules-with-provider-configurations

But I haven't had to do this myself - but may test it next week.

coreyd-valcre commented 12 months ago

Immediately upon running

│ Error: Provider type mismatch
│ 
│   on main.tf line 26, in module "web_app_common_dev":
│   26:     github.alias = github.alias
│ 
│ The local name "github.alias" in the root module represents provider
│ "integrations/github", but "github.alias" in module.web_app_common_dev
│ represents "hashicorp/github".
│ 
│ Each provider has its own distinct configuration schema and provider types,
│ so this module's "github.alias" can be assigned only a configuration for
│ hashicorp/github, which is not required by module.web_app_common_dev.
╵

Error: Terraform exited with code 1.
Error: Process completed with exit code 1.

In my providers.tf at the root level I have it set up like so:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 3.0.0"
    }
    github = {
      source  = "integrations/github"
      version = "5.40.0"
      configuration_aliases = [ github.alias ]
    }
  }
}

provider "azurerm" {
  features {
    key_vault {
      purge_soft_delete_on_destroy = true
    }
  }
  skip_provider_registration = true
}

provider "azurerm" {
  alias = "dns"
  features {}
  subscription_id            = "REDACTED"
  skip_provider_registration = true
}

provider "null" {}

provider "github" {
  owner = "OWNER"
  token = "REDACTED"
}

In my root (parent) module it is configured like this:

module "web_app_common_dev" {
  for_each             = toset(var.locations)
  source               = "git::https://github.com/OWNER/REPO/modules/app_service?ref=feature/app-service"
  resource_group_name  = data.azurerm_resource_group.resource_group_common_dev_app_svc[each.key].name
  service_plan_id      = data.azurerm_service_plan.app_service_plan_common_dev[each.key].id
  origin_group_id      = module.vc-tf-fd-test-origin-group.origin_group_id
  locations            = each.value
  web_app_name         = "WEBAPPNAME"
  web_app_request_type = "HEAD"
  web_app_path         = "/"
  health_check_path    = "/"
  git_repo_url         = "https://github.com/OWNER/REPO"
  git_repo_branch      = "MY/Branch"
  git_repo_token       = var.git_repo_token
  appName              = "web-app"

  providers = {
    #azurerm     = azurerm
    azurerm.dns  = azurerm.dns
    github.alias = github.alias
  }

The code in the child modules are these 2 parts, a third exists but is commented. The structure is all top level in the parent module and calls the sub module for each resource it needs. Backend exists in the parent only. I have fully wiped out the state file and all resources and recieve the same error

data "github_actions_public_key" "action_key" {
  provider   = github
  repository = local.repo_name
}

resource "github_actions_secret" "publishing_profile_to_secret" {
  provider        = github
  depends_on      = [null_resource.web_app_slot_publish_profile, null_resource.debug]
  for_each        = local.web_app
  repository      = local.repo_name
  secret_name     = azurerm_windows_web_app_slot.web_app_slot[each.key].name
  plaintext_value = file("${path.module}/publish_profiles/${each.value.combined_name}-slot.xml")
}
scott-doyland-burrows commented 12 months ago

This works for me:

root/parent module:

terraform {
  required_providers {
    github = {
      source  = "integrations/github"
      version = "5.42.0"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
  }
}

provider "github" {
  alias = "alias_github"
}

provider "azurerm" {
  alias = "alias_azure"
  features {
  }
}

module "mymodule" {
  source = "./modules/mymodule"

  providers = {
    github.alias_github = github.alias_github
    azurerm.alias_azure = azurerm.alias_azure
  }

  for_each = toset(["repo1", "repo2"])

  repo = each.value
  rg   = each.value
}

child module:

terraform {
  required_providers {
    github = {
      source                = "integrations/github"
      version               = "5.42.0"
      configuration_aliases = [github.alias_github]
    }
    azurerm = {
      source                = "hashicorp/azurerm"
      version               = ">= 3.0.0"
      configuration_aliases = [azurerm.alias_azure]
    }
  }
}

variable "repo" {
}

variable "rg" {
}

resource "github_repository" "repos" {
  provider = github.alias_github

  name       = var.repo
  visibility = "public"
}

resource "azurerm_resource_group" "rg" {
  provider = azurerm.alias_azure

  name     = var.rg
  location = "northeurope"
}
github-actions[bot] commented 3 months ago

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!