Failed to instantiate provider ___ to obtain schema: fork/exec ___ permission denied

[gordonpn]

I'm trying to use this plugin to create a CNAME record using the Cloudflare provider, but I'm facing some permission issues.

I've tried:

• put privileged: true
• put user: root
• change owner, group and mode for this file using chmod and chown
• tried jmccann/drone-terraform:latest and jmccann/drone-terraform:1

Full logs seen on Drone UI:

latest: Pulling from jmccann/drone-terraform
Digest: sha256:b6ee6c89a91e95384f9bc9d773d97b2c8bde0a5876085a6a15e7ec4d20019cbd
Status: Downloaded newer image for jmccann/drone-terraform:latest
time="2022-06-23T03:21:06Z" level=info msg="Drone Terraform Plugin Version" Revision= 
$ terraform version
Terraform v1.0.2
on linux_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.17.0

Your version of Terraform is out of date! The latest version
is 1.2.3. You can update by downloading from https://www.terraform.io/downloads.html
$ rm -rf .terraform
$ terraform init -input=false

Initializing the backend...

Initializing provider plugins...
- Reusing previous version of cloudflare/cloudflare from the dependency lock file
- Installing cloudflare/cloudflare v3.17.0...
- Installed cloudflare/cloudflare v3.17.0 (signed by a HashiCorp partner, key ID DE413CEC881C3283)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
$ terraform get
$ terraform validate
╷
│ Error: Could not load plugin
│ 
│ 
│ Plugin reinitialization required. Please run "terraform init".
│ 
│ Plugins are external binaries that Terraform uses to access and manipulate
│ resources. The configuration provided requires plugins which can't be
│ located,
│ don't satisfy the version constraints, or are otherwise incompatible.
│ 
│ Terraform automatically discovers provider requirements from your
│ configuration, including providers used in child modules. To see the
│ requirements and constraints, run "terraform providers".
│ 
│ failed to instantiate provider
│ "registry.terraform.io/cloudflare/cloudflare" to obtain schema: fork/exec
│ .terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.17.0/linux_amd64/terraform-provider-cloudflare_v3.17.0:
│ permission denied
│ 
╵
time="2022-06-23T03:21:09Z" level=fatal msg="Failed to execute a command" error="exit status 1" 

My Drone CI yaml config:

kind: pipeline
name: terraform
steps:
- environment:
    CLOUDFLARE_API_TOKEN:
      from_secret: CLOUDFLARE_API_TOKEN
    CLOUDFLARE_EMAIL:
      from_secret: CLOUDFLARE_EMAIL
  image: jmccann/drone-terraform:latest
  name: terraform
  settings:
    plan: true
    root_dir: terraform
type: docker

Terraform config:

terraform {
  required_providers {
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~> 3.0"
    }
  }
}

provider "cloudflare" {
  # email pulled from $CLOUDFLARE_EMAIL
  # token pulled from $CLOUDFLARE_API_TOKEN
}

variable "zone_id" {
  # ... snip ...
}

variable "domain" {
  # ... snip ...
}

resource "cloudflare_record" "swarmpit" {
  zone_id = var.zone_id
  name    = "swarmpit"
  value   = var.domain
  type    = "CNAME"
  proxied = true
}

I would greatly appreciate it if anybody has pointers or fixes, thank you.