search

ljfranklin / terraform-resource

A concourse resource to create infrastructure via Terraform
MIT License
185 stars 85 forks source link

'workspaces not supported' error #148

Open grzleadams opened 3 years ago

grzleadams commented 3 years ago

I use an Artifactory backend and when I specify source.env_name or put.params.env_name, I get a workspaces not supported error (which might be fine, because they're not for that backend). But I can't leave them (or the other two options) out because one of the four is required. Using 'default' (which I've seen suggested elsewhere) doesn't seem to help either.

Sanitized backend resource:

  - name: terraform
    type: terraform
    source:
      env_name: default
      env:
        TF_LOG: TRACE
      backend_type: artifactory
      backend_config:
        username: ((artifactory-user))
        password: ((artifactory-token))
        url: ((artifactory-url))
        repo: "terraform-local"
        subpath: "production"

Thanks for any input you can provide!

ljfranklin commented 3 years ago

Huh, didn't realize some backends don't support workspaces. Looks like you already have debug logging on, which Terraform command is actually failing? I'm guessing terraform workspaces list but please confirm. If that is the issue you can try adding a line here to return []string{"default"} rather than an error if the output contains workspaces not supported. Instructions to build your own image to test your changes are here.

grzleadams commented 3 years ago

Yeah, it's terraform workspaces list that's failing. I ended up switching to a pg backend for the sake of progress but am now encountering a whole other set of issues with resource imports in my plan, so it might be a bit before I get to test that solution out. We can close this if you want, or keep it open until I'm able to verify that it works, whatever you want to do.

laurenty commented 3 years ago

Having the same issue when trying to use Terraform Cloud for backend

ljfranklin commented 3 years ago

Looks like the Terraform remote (Cloud) backend does support workspaces, but it returns "not supported" if the prefix key is not provided. @laurenty can you try adding the workspaces.prefix key to your backend_config?

laurenty commented 3 years ago

@ljfranklin It didn't work. I already had a name configured for the workspace, so adding prefix resulted in the following error.

2021/08/23 01:07:59 terraform init command failed.
Error: exit status 1
Output: 
Initializing the backend...

Error: Invalid workspaces configuration

  on resource_backend_override.tf line 2, in terraform:
   2:       backend "remote" {}

Only one of workspace "name" or "prefix" is allowed.

Here's the basic config I've been using for testing

---
resource_types:
- name: terraform
  type: docker-image
  source:
    repository: ljfranklin/terraform-resource
    tag: 0.13.5

resources:
- name: source-repo
  type: git
  icon: github
  source:
    uri: https://github.com/<some test repo>.git
    branch: main
  check_every: 1h

- name: core-terraform
  type: terraform
  icon: terraform
  source:
    env_name: test
    backend_type: remote
    backend_config:
      hostname: app.terraform.io
      organization: <org-name>
      token: <token>
      workspaces:
        prefix: dev
        name: concourse-test

jobs:
- name: apply-terraform
  plan:
  - get: source-repo
    trigger: true
  - put: core-terraform
    params:
      plan_only: true
      terraform_source: source-repo

I know that both TF and TFC have workspaces, but they are slightly different concepts. Per their docs (https://www.terraform.io/docs/cloud/workspaces/index.html)

Note: Terraform Cloud and Terraform CLI both have features called "workspaces," but they're slightly different. CLI workspaces are alternate state files in the same working directory; they're a convenience feature for using one configuration to manage multiple similar groups of resources.

ljfranklin commented 3 years ago

Terraform Cloud and Terraform CLI both have features called "workspaces," but they're slightly different

Right, but the Terraform Cloud backend does support the CLI concept of workspaces, i.e. store the statefile remotely.

It should work if you drop workspaces.name and change source.env_name: test to source.env_name: concourse-test. Under the hood the terraform-resource uses the env_name to do operations like terraform workspace select $env_name. If this is a new environment you should be fine, but if concourse-test already exists you'll have to migrate its statefile under the dev prefix.

laurenty commented 3 years ago

Hi @ljfranklin , That did not work either. This is the error I got this time:

2021/08/23 15:39:45 terraform init command failed.
Error: exit status 1
Output: 
Initializing the backend...

Successfully configured the backend "remote"! Terraform will automatically
use this backend unless the backend configuration changes.

Error: No existing workspaces.

Use the "terraform workspace" command to create and select a new workspace.
If the backend already contains existing workspaces, you may need to update
the backend configuration.

Pipeline was:

resources:
- name: source-repo
  type: git
  icon: github
  source:
    uri: https://github.com/<some-repo>.git
    branch: main
  check_every: 1h

- name: core-terraform
  type: terraform
  icon: terraform
  source:
    env_name: concourse-test
    backend_type: remote
    backend_config:
      hostname: app.terraform.io
      organization: <org-name>
      token: <token>
      workspaces:
        prefix: dev

jobs:
- name: apply-terraform
  plan:
  - get: source-repo
    trigger: true
  - put: core-terraform
    params:
      plan_only: true
      terraform_source: source-repo

Looking at the files generated on the container for the put step I see that resource_backend_config.json contains the following:

{"hostname":"app.terraform.io","organization":"<org-name>","token":"<token>","workspaces":{"prefix":"dev"}}

and resource_backend_override.tf:

terraform {
    backend "remote" {}
}

which might explain why it's throwing an error. I'll dig in the code and will let you know what I find.

gaelL commented 2 years ago

Hi, is there any plan to support backends that do not provide workspaces ?

I'm encountering the same issue Error running workspace list : exit status 1, Output: workspaces not supported using a Terraform HTTP backend

https://www.terraform.io/language/settings/backends/http

It seems there are more and more platforms offering Terraform HTTP backends. It would be great to have it supported into this Concourse resource.

ljfranklin commented 2 years ago

There's an open issue on Terraform to support workspaces in the HTTP backend: https://github.com/hashicorp/terraform/issues/26797. There's also two open draft PRs to add that functionality although they haven't been updated in a while. Trying to work around this limitation in the resource doesn't feel like the right technical solution. I'd rather folks either contribute effort towards getting the HTTP workspace support merged or use a more well-maintained backend type other than HTTP.

Seraf commented 2 years ago

Hello @ljfranklin :)

The problem is that right now, it makes the resource unusable with Gitlab/Artifaktory/whoever Terraform Backend or all others services that implemented the Terraform Backend according to the specs available in Terraform documentation.

I agree that would be really better for hashicorp to handle it, but that also means we could wait for years to have that supported :(