Terraform provider ignores configuration profile

isdba commented 8 months ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

> terraform -v
Terraform v1.7.4
on windows_amd64
> .\.terraform\providers\registry.terraform.io\oracle\oci\5.31.0\windows_amd64\terraform-provider-oci_v5.31.0.exe -command version
2024/03/04 12:44:55 [INFO] terraform-provider-oci 5.31.0
2024/03/04 12:44:55 [ERROR]: No command 'version' supported

Affected Resource(s)

terraform

Terraform Configuration Files

terraform {
  required_providers {
    oracle-oci = {
      source = "oracle/oci"
    }
  }
}

provider "oracle-oci" {
  tenancy_ocid        = var.tenancy_id
  config_file_profile = "robotronde"
}

The ~/.oci/config file looks like:

[robotronde]
user=ocid1.user.oc1..YYY
fingerprint=11:22:33:44.....
tenancy=ocid1.tenancy.oc1..ZZ
region=eu-frankfurt-1
key_file=~/.oci/my.pem

Debug Output

Panic Output

Expected Behavior

Terraform should use the the specified configuration.

Actual Behavior

> terraform.exe plan
...

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Invalid provider configuration
│
│ Provider "registry.terraform.io/hashicorp/oci" requires explicit configuration. Add a provider block to the root module and configure the provider's required arguments as described in the provider documentation.
│
╵
╷
│ Error: can not create client, bad configuration: did not find a proper configuration for tenancy
│
│   with provider["registry.terraform.io/hashicorp/oci"],
│   on <empty> line 0:
│   (source code not available)

Using the oci cli from the console works as expected.

> oci --profile "robotronde" iam compartment list
{
  "data": [
    {
      "compartment-id": "ocid1.tenancy.oc1..XXXX",
      "defined-tags": {},
      "description": "Compartment for XXX",
      "freeform-tags": {},
      "id": "ocid1.compartment.oc1..XXX",
      "inactive-status": null,
      "is-accessible": null,
      "lifecycle-state": "ACTIVE",
      "name": "cp-XXX",
      "time-created": "2024-02-21T19:20:52.271000+00:00"
    }
  ]
}

When I rename the [robotronde] in the ~/.oci/config file to [DEFAULT] I get the following errors:

> terraform apply
...

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: configuration file did not contain profile: robotronde
│
│   with provider["registry.terraform.io/oracle/oci"],
│   on main.tf line 9, in provider "oci":
│    9: provider "oci" {
│
╵

So this indicates for me that the oci provider is reading the correct config file. So when I copy over the [DEFAULT] to a new section with the name [robotronde] everything works. But this means I alwas have to have a copy of my intended profile within the [DEFAULT] section which is not what I expect this feature to work like.

Steps to Reproduce

terraform plan

Important Factoids

References

tf-oci-pub commented 8 months ago

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format. Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform. Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

isdba commented 8 months ago

affected_resources = terraform

alehostert commented 8 months ago

Same here when using oracle-terraform-modules/oke/oci.

module "oke" {
  source    = "oracle-terraform-modules/oke/oci"
  version   = "5.1.3"
  providers = { oci.home = oci } # Fix error: The child module requires an additional configuration for provider oracle/oci, with the local name "oci.home".

Also, I made a test configuring the required vars on provider. Same error will return:

terraform {
  required_version = "1.7.1"

  required_providers {
    oci = {
      source  = "oracle/oci"
      version = "5.33.0"
    }
  }
}

provider "oci" {
  # config_file_profile = "will_be_ignored_by_provider_anyway"
  tenancy_ocid     = var.tenancy_ocid
  user_ocid        = var.user_ocid
  fingerprint      = var.fingerprint
  private_key_path = var.private_key_path
  region           = var.region
}

│ Error: Invalid provider configuration
│ 
│ Provider "registry.terraform.io/oracle/oci" requires explicit configuration. Add a provider block to the root module and configure the
│ provider's required arguments as described in the provider documentation.
│ 
╵
╷
│ Error: can not create client, bad configuration: did not find a proper configuration for tenancy
│ 
│   with provider["registry.terraform.io/oracle/oci"],
│   on <empty> line 0:
│   (source code not available)

But, as said by @isdba, if I clone the profile to a [DEFAULT] section on ~/.oci/config, the apply works...

Plan: 68 to add, 0 to change, 0 to destroy.

... ignoring completelly the configuration made on provider.

isdba commented 7 months ago

Hey @tf-oci-pub why does this still have the label awaiting-affected-resources? I provided the affected resources or am I still missing something?

kanor1306 commented 7 months ago

I have the same issue and solved the same way, by moving the profile info to DEFAULT.

But, I do think that the problem is different. For some reason, that I am yet to understand, when you use the oke module Terraform thinks that it needs the "hashicorp/oci" module as a provider (instead of "oracle/oci", notice the errors in this thread), even although we add the required_providers pointing to "oracle/oci" all over the place, but the "hashicorp/oci" is still there, coming not sure from where.

Because of this, you have to configure both providers, and the "hashicorp/oci" one does not give the error when you use the DEFAULT profile. I am not sure if you can pass a profile name to the deprecated provider, as docs are not around, but this has been very frustrating.

vamshikrishna83 commented 7 months ago

I am also facing the same issue, and was able to temporarily resolve it by explicitly adding provider oci block.

When i remove provider oci block and set config_file_profile value thru environment variables - it results in Error: configuration file did not contain profile: Prod

It would be nice to get this issue resolved soon, and switch back to previous approach of specifying with provider configuration to use.

jagyas commented 7 months ago

I think issue is at resource manager side. On local it is working fine.

isdba commented 7 months ago

No, I don't use resource manager, I only use local terraform.

oracle / terraform-provider-oci