-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hcp_vault_cluster_admin_token issues with app.terraform.io remote backend #125
Comments
Hi @wilkosz! Thanks for adding this issue. I'll do some investigation and keep you posted. |
@bcmdarroch I done some discovery on this and it is not terraform version dependant it when using backend "remote" {
hostname = "app.terraform.io"
organization = "dochub"
workspaces {
name = "dochub-testing"
}
} |
I think this might be an issue of the admin token timing out when using |
@bcmdarroch not sure if it is a timeout issue. If the token is set as an environment variable for the first run, then removed, it behaves as intended. |
@wilkosz Thanks! That worked for me. |
@wilkosz did you find out anything more about this...? In addition to this, I've bumped into a fleet of issues when working on both HCP provider and Vault provider the same time... As provider's don't understand dependencies for example, the Vault provider would be tried to be initialised with a token which does not exist yet... Expecting Hashicorp to really build a proper suggestion on how to do the bootstrapping properly and secure way - also with Terraform Cloud. |
Updating with the following guidance from our official Vault docs. It is recommended that the admin token only be used during initial setup of the Vault cluster. We do not have TFC-specific guidance at this time, so I will leave this issue open.
The Manage Authentication Methods guide walks through how to set up proper authentication once your cluster has been bootstrapped with the admin token. |
Terraform Version and Provider Version
Affected Resource(s)
hcp_vault_cluster_admin_token
Terraform Configuration Files
Any build using Terraform remote backend. (HVN and Vault are newly created with no configuration other than being made public)
Debug Output
terraform apply
Expected Behavior
Any behaviour resulting in execution plan creation
Important Factoids
This is only an issue with backend
remote
. Locally, and s3 backend both work as desired whenHCP_CLIENT_ID
andHCP_CLIENT_SECRET
are present.Also note that
hcp_vault_cluster
data resource returns thevault_public_endpoint_url
.Manually adding the environment variable
VAULT_TOKEN
on Terraform cloud does fix the issue, but doesn't scale.Community Note
The text was updated successfully, but these errors were encountered: