Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: Cannot authenticate with provider #2010

Closed
1 task done
coreyd-valcre opened this issue Nov 9, 2023 · 7 comments
Closed
1 task done

[BUG]: Cannot authenticate with provider #2010

coreyd-valcre opened this issue Nov 9, 2023 · 7 comments
Labels
Status: Stale Used by stalebot to clean house Status: Up for grabs Issues that are ready to be worked on by anyone Type: Bug Something isn't working as documented

Comments

@coreyd-valcre
Copy link

coreyd-valcre commented Nov 9, 2023
edited
Loading

Expected Behavior

Provider should be taking my code and authenticating to create a github secret and github file respectively each.

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 3.0.0"
    }
    github = {
      source  = "integrations/github"
      version = "5.40.0"
    }
  }
}

provider "github" {
  owner = "MyCompany"
  token = "MyToken or Variable"
}

I have tested on 5.40.0, 5.41.0, and 5.42.0, auth fails.

Github resource is in a child module, configuration for providers is in parent respectively.

I have even tried hardcoding the token to the provider and to no avail. The git:: works to download the source but the rest fails in the github provider.

This is also pulling the hashicorp/github provider even though its not required, called, or needed.

Actual Behavior

Initializing provider plugins...
- Finding integrations/github versions matching "5.35.0"...
- Finding latest version of hashicorp/github...
- Finding hashicorp/azurerm versions matching ">= 3.0.0"...
- Finding hashicorp/null versions matching ">= 3.0.0"...
- Installing integrations/github v5.35.0...
- Installed integrations/github v5.35.0 (signed by a HashiCorp partner, key ID 38027F80D7FD5FB2)
- Installing hashicorp/github v5.42.0...
- Installed hashicorp/github v5.42.0 (signed by HashiCorp)
- Installing hashicorp/azurerm v3.79.0...
- Installed hashicorp/azurerm v3.79.0 (signed by HashiCorp)
- Installing hashicorp/null v3.2.1...
- Installed hashicorp/null v3.2.1 (signed by HashiCorp)

│ Error: Invalid provider configuration
│ 
│ Provider "registry.terraform.io/hashicorp/github" requires explicit
│ configuration. Add a provider block to the root module and configure the
│ provider's required arguments as described in the provider documentation.
│ 
╵
╷
│ Error: GET https://api.github.com/user: 401 Requires authentication []
│ 
│   with provider["registry.terraform.io/hashicorp/github"],
│   on <empty> line 0:
│   (source code not available)
│ 
╵

Terraform Version

Terraform: 1.6.3
On Linux AMD64
Version is integrations/github ~>5, 5.40.0, 5.41.0, 5.42.0

Affected Resource(s)

resource github_actions_secret
resource github_repository_file
data github_actions_public_key

Terraform Configuration Files

---- module ----
module "web_app_common_dev" {
  for_each             = toset(var.locations)
  source               = "git::MyGitHubSourceURL"
  resource_group_name  = data.azurerm_resource_group.resource_group_common_dev_app_svc[each.key].name
  service_plan_id      = data.azurerm_service_plan.app_service_plan_common_dev[each.key].id
  origin_group_id      = module.vc-tf-fd-test-origin-group.origin_group_id
  locations            = each.value
  web_app_name         = "vc-tf-fd-test"
  web_app_request_type = "HEAD"
  web_app_path         = "/"
  health_check_path    = "/"
  git_repo_url         = "MyGithubURL"
  git_repo_branch      = "My/Branch"
  git_repo_token       = var.git_repo_token
  appName              = "MyAppName"

  providers = {
    azurerm.dns = azurerm.dns
  }
}


terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 3.0.0"
    }
    github = {
      source  = "integrations/github"
      version = "5.40.0"
    }
  }
}

provider "github" {
  owner = "MyCompany"
  token = "MyToken"
}

data "github_actions_public_key" "action_key" {
  repository = local.repo_name
}

resource "github_actions_secret" "publishing_profile_to_secret" {
  depends_on      = [null_resource.web_app_slot_publish_profile, null_resource.debug]
  for_each        = local.web_app
  repository      = local.repo_name
  secret_name     = azurerm_windows_web_app_slot.web_app_slot[each.key].name
  plaintext_value = file("${path.module}/publish_profiles/${each.value.combined_name}-slot.xml")
}

Steps to Reproduce

No response

Debug Output

│ Error: Invalid provider configuration
│ 
│ Provider "registry.terraform.io/hashicorp/github" requires explicit
│ configuration. Add a provider block to the root module and configure the
│ provider's required arguments as described in the provider documentation.



│ Error: GET https://api.github.com/user: 401 Requires authentication []

│   with provider["registry.terraform.io/hashicorp/github"],
│   on <empty> line 0:
│   (source code not available)

Panic Output

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@coreyd-valcre coreyd-valcre added Status: Triage This is being looked at and prioritized Type: Bug Something isn't working as documented labels Nov 9, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 9, 2023

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

@github-project-automation github-project-automation bot moved this to 🆕 Triage in 🧰 Octokit Active Nov 9, 2023
@kfcampbell kfcampbell added Status: Up for grabs Issues that are ready to be worked on by anyone and removed Status: Triage This is being looked at and prioritized labels Nov 9, 2023
@kfcampbell kfcampbell moved this from 🆕 Triage to 🔥 Backlog in 🧰 Octokit Active Nov 9, 2023
@scott-doyland-burrows
Copy link
Contributor

Hi,

I am not totally sure from your code above which is part of a root module and which is the non-root module. However, below is how I have it setup and it works fine.

Root Module:

terraform {
  required_providers {
    github = {
      source = "integrations/github"
    }
  }
}

provider "github" {
  alias = "myalias"
  owner = "myorg"
  token = "mytoken"
}

module "repos" {
  source = "./modules/repos"

  providers = {
    github.myalias = github.myalias
  }
}

Code in the non-root module:

terraform {
  required_providers {
    github = {
      source                = "integrations/github"
      version               = "5.40.0"
      configuration_aliases = [github.myalias]
    }
  }
}

resource "github_repository" "repos" {
  provider = github.myalias

  name = "reponame"
  ...
  ...
}

@coreyd-valcre
Copy link
Author

My apologies, root/parent module is this:

---- module ----
module "web_app_common_dev" {
  for_each             = toset(var.locations)
  source               = "git::MyGitHubSourceURL"
  resource_group_name  = data.azurerm_resource_group.resource_group_common_dev_app_svc[each.key].name
  service_plan_id      = data.azurerm_service_plan.app_service_plan_common_dev[each.key].id
  origin_group_id      = module.vc-tf-fd-test-origin-group.origin_group_id
  locations            = each.value
  web_app_name         = "vc-tf-fd-test"
  web_app_request_type = "HEAD"
  web_app_path         = "/"
  health_check_path    = "/"
  git_repo_url         = "MyGithubURL"
  git_repo_branch      = "My/Branch"
  git_repo_token       = var.git_repo_token
  appName              = "MyAppName"

  providers = {
    azurerm.dns = azurerm.dns
  }
}


terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 3.0.0"
    }
    github = {
      source  = "integrations/github"
      version = "5.40.0"
    }
  }
}

provider "github" {
  owner = "MyCompany"
  token = "MyToken"
}

Problem is I can't define a provider in the child as Terraform gives me an error due to using for_each in the root.

@scott-doyland-burrows
Copy link
Contributor

Can you just update the providers block so it is like:

  providers = {
    azurerm.dns = azurerm.dns
    github.some_alias = github.some_alias
  }

The end of this page suggests you can do that:

https://developer.hashicorp.com/terraform/language/modules/develop/providers#legacy-shared-modules-with-provider-configurations

But I haven't had to do this myself - but may test it next week.

@coreyd-valcre
Copy link
Author

coreyd-valcre commented Nov 13, 2023
edited
Loading

Immediately upon running

│ Error: Provider type mismatch
│ 
│   on main.tf line 26, in module "web_app_common_dev":
│   26:     github.alias = github.alias
│ 
│ The local name "github.alias" in the root module represents provider
│ "integrations/github", but "github.alias" in module.web_app_common_dev
│ represents "hashicorp/github".
│ 
│ Each provider has its own distinct configuration schema and provider types,
│ so this module's "github.alias" can be assigned only a configuration for
│ hashicorp/github, which is not required by module.web_app_common_dev.
╵

Error: Terraform exited with code 1.
Error: Process completed with exit code 1.

In my providers.tf at the root level I have it set up like so:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
    null = {
      source  = "hashicorp/null"
      version = ">= 3.0.0"
    }
    github = {
      source  = "integrations/github"
      version = "5.40.0"
      configuration_aliases = [ github.alias ]
    }
  }
}

provider "azurerm" {
  features {
    key_vault {
      purge_soft_delete_on_destroy = true
    }
  }
  skip_provider_registration = true
}

provider "azurerm" {
  alias = "dns"
  features {}
  subscription_id            = "REDACTED"
  skip_provider_registration = true
}

provider "null" {}

provider "github" {
  owner = "OWNER"
  token = "REDACTED"
}

In my root (parent) module it is configured like this:

module "web_app_common_dev" {
  for_each             = toset(var.locations)
  source               = "git::https://github.com/OWNER/REPO/modules/app_service?ref=feature/app-service"
  resource_group_name  = data.azurerm_resource_group.resource_group_common_dev_app_svc[each.key].name
  service_plan_id      = data.azurerm_service_plan.app_service_plan_common_dev[each.key].id
  origin_group_id      = module.vc-tf-fd-test-origin-group.origin_group_id
  locations            = each.value
  web_app_name         = "WEBAPPNAME"
  web_app_request_type = "HEAD"
  web_app_path         = "/"
  health_check_path    = "/"
  git_repo_url         = "https://github.com/OWNER/REPO"
  git_repo_branch      = "MY/Branch"
  git_repo_token       = var.git_repo_token
  appName              = "web-app"

  providers = {
    #azurerm     = azurerm
    azurerm.dns  = azurerm.dns
    github.alias = github.alias
  }

The code in the child modules are these 2 parts, a third exists but is commented. The structure is all top level in the parent module and calls the sub module for each resource it needs. Backend exists in the parent only. I have fully wiped out the state file and all resources and recieve the same error

data "github_actions_public_key" "action_key" {
  provider   = github
  repository = local.repo_name
}

resource "github_actions_secret" "publishing_profile_to_secret" {
  provider        = github
  depends_on      = [null_resource.web_app_slot_publish_profile, null_resource.debug]
  for_each        = local.web_app
  repository      = local.repo_name
  secret_name     = azurerm_windows_web_app_slot.web_app_slot[each.key].name
  plaintext_value = file("${path.module}/publish_profiles/${each.value.combined_name}-slot.xml")
}

@scott-doyland-burrows
Copy link
Contributor

This works for me:

root/parent module:

terraform {
  required_providers {
    github = {
      source  = "integrations/github"
      version = "5.42.0"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
  }
}

provider "github" {
  alias = "alias_github"
}

provider "azurerm" {
  alias = "alias_azure"
  features {
  }
}

module "mymodule" {
  source = "./modules/mymodule"

  providers = {
    github.alias_github = github.alias_github
    azurerm.alias_azure = azurerm.alias_azure
  }

  for_each = toset(["repo1", "repo2"])

  repo = each.value
  rg   = each.value
}

child module:

terraform {
  required_providers {
    github = {
      source                = "integrations/github"
      version               = "5.42.0"
      configuration_aliases = [github.alias_github]
    }
    azurerm = {
      source                = "hashicorp/azurerm"
      version               = ">= 3.0.0"
      configuration_aliases = [azurerm.alias_azure]
    }
  }
}

variable "repo" {
}

variable "rg" {
}

resource "github_repository" "repos" {
  provider = github.alias_github

  name       = var.repo
  visibility = "public"
}

resource "azurerm_resource_group" "rg" {
  provider = azurerm.alias_azure

  name     = var.rg
  location = "northeurope"
}

@github-actions GitHub Actions
Copy link

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

@github-actions github-actions bot added the Status: Stale Used by stalebot to clean house label Aug 10, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 18, 2024
@github-project-automation github-project-automation bot moved this from 🔥 Backlog to ✅ Done in 🧰 Octokit Active Aug 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Stale Used by stalebot to clean house Status: Up for grabs Issues that are ready to be worked on by anyone Type: Bug Something isn't working as documented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kfcampbell @scott-doyland-burrows @coreyd-valcre