Comments (10)
Hello @NiyiOdumosu, Can you share acls.tf?
Can you confirm you are using Terraform 0.9.0? That's really old.
from terraform-github-actions.
So when I run terraform plan manually in the terraform init & terrafrom plan
step in my workflow, it shows 1.5.3. But it is actually your github action that is installing 0.9.0 version of terraform. If you look in the workflow log for your build step, it shows that version. That is why I put it there. I think it needs to be updated
from terraform-github-actions.
acls.tf
resource "confluent_service_account" "app-producer" {
display_name = "app-producer-service-account"
description = "Service Account for app producer"
}
resource "confluent_role_binding" "developer-write" {
principal = "User:${confluent_service_account.app-producer.id}"
role_name = "DeveloperWrite"
crn_pattern = "${confluent_kafka_cluster.dedicated.rbac_crn}/kafka=${confluent_kafka_cluster.dedicated.id}/topic=*"
}
resource "confluent_api_key" "producer-api-key" {
display_name = "producer-api-key"
description = "Kafka API Key that is owned by 'producer' service account"
owner {
id = confluent_service_account.app-producer.id
api_version = confluent_service_account.app-producer.api_version
kind = confluent_service_account.app-producer.kind
}
managed_resource {
id = confluent_kafka_cluster.dedicated.id
api_version = confluent_kafka_cluster.dedicated.api_version
kind = confluent_kafka_cluster.dedicated.kind
environment {
id = data.confluent_environment.env.id
}
}
depends_on = [
confluent_role_binding.developer-write
]
}
resource "confluent_kafka_acl" "app_producer_acl" {
kafka_cluster {
id = confluent_kafka_cluster.dedicated.id
}
resource_type = "TOPIC"
resource_name = "*"
pattern_type = "LITERAL"
principal = "User:${confluent_service_account.app-producer.id}"
host = "*"
operation = "WRITE"
permission = "ALLOW"
rest_endpoint = confluent_kafka_cluster.dedicated.rest_endpoint
credentials {
key = confluent_api_key.app-manager-kafka-api-key.id
secret = confluent_api_key.app-manager-kafka-api-key.secret
}
}
resource "confluent_service_account" "app-consumer" {
display_name = "app-consumer-service-account"
description = "Service Account for app consumers"
}
resource "confluent_role_binding" "developer-read" {
principal = "User:${confluent_service_account.app-consumer.id}"
role_name = "DeveloperRead"
crn_pattern = "${confluent_kafka_cluster.dedicated.rbac_crn}/kafka=${confluent_kafka_cluster.dedicated.id}/topic=*"
}
resource "confluent_kafka_acl" "app_consumer_acl" {
kafka_cluster {
id = confluent_kafka_cluster.dedicated.id
}
resource_type = "TOPIC"
resource_name = "*"
pattern_type = "LITERAL"
principal = "User:${confluent_service_account.app-consumer.id}"
host = "*"
operation = "READ"
permission = "ALLOW"
rest_endpoint = confluent_kafka_cluster.dedicated.rest_endpoint
credentials {
key = confluent_api_key.app-manager-kafka-api-key.id
secret = confluent_api_key.app-manager-kafka-api-key.secret
}
}
resource "confluent_api_key" "consumer-api-key" {
display_name = "consumer-api-key"
description = "Kafka API Key that is owned by 'consumer' service account"
owner {
id = confluent_service_account.app-consumer.id
api_version = confluent_service_account.app-consumer.api_version
kind = confluent_service_account.app-consumer.kind
}
managed_resource {
id = confluent_kafka_cluster.dedicated.id
api_version = confluent_kafka_cluster.dedicated.api_version
kind = confluent_kafka_cluster.dedicated.kind
environment {
id = data.confluent_environment.env.id
}
}
depends_on = [
confluent_role_binding.developer-read
]
}
resource "confluent_service_account" "app-manager" {
display_name = "app-manager"
description = "Service account to manage 'non-production' the Kafka & ksqlDB clusters"
}
resource "confluent_role_binding" "app-manager-kafka-cluster-admin" {
principal = "User:${confluent_service_account.app-manager.id}"
role_name = "CloudClusterAdmin"
crn_pattern = confluent_kafka_cluster.dedicated.rbac_crn
}
resource "confluent_api_key" "app-manager-kafka-api-key" {
display_name = "app-manager-kafka-api-key"
description = "Kafka API Key that is owned by 'app-manager' service account"
owner {
id = confluent_service_account.app-manager.id
api_version = confluent_service_account.app-manager.api_version
kind = confluent_service_account.app-manager.kind
}
managed_resource {
id = confluent_kafka_cluster.dedicated.id
api_version = confluent_kafka_cluster.dedicated.api_version
kind = confluent_kafka_cluster.dedicated.kind
environment {
id = data.confluent_environment.env.id
}
}
}
from terraform-github-actions.
Can you set the ACTIONS_STEP_DEBUG
secret to true
, try again, and post the workflow log?
from terraform-github-actions.
Below is the full debug workflow. It's using the 0.90.0 version of tf in your action. The key debug message that I see is ##[debug] TF_WORKSPACE=default terraform init -input=false $INIT_ARGS Error loading configuration: Error parsing /github/workspace/non-prod/acls.tf: At 15:19: Unknown token: 15:19 IDENT confluent_service_account.app-producer.id
gpg: Signature made Tue Apr 19 07:39:45 2022 UTC
gpg: using RSA key 374EC75B485913604A831CC7C820C6D5CD27AB87
gpg: Good signature from "HashiCorp Security (hashicorp.com/security) <[email protected]>" [ultimate]
terraform_0.9.0_linux_amd64.zip: OK
##[debug]result.args[:2]=['/tmp/terraform_0.9.0/terraform', 'init']
##[debug]result.returncode=0
##[debug]Initializing the backend...
##[debug]
##[debug]
##[debug]Successfully configured the backend "s3"! Terraform will automatically
##[debug]use this backend unless the backend configuration changes.
##[debug]
##[debug]Terraform has been successfully initialized!
##[debug]
##[debug]You may now begin working with Terraform. Try running "terraform plan" to see
##[debug]any changes that are required for your infrastructure. All Terraform commands
##[debug]should now work.
##[debug]
##[debug]If you ever set or change modules or backend configuration for Terraform,
##[debug]rerun this command to reinitialize your environment. If you forget, other
##[debug]commands will detect it and remind you to do so if necessary.
##[debug]result.args=[PosixPath('/tmp/terraform_0.9.0/terraform'), 'state', 'pull']
##[debug]result.returncode=0
##[debug]result.stdout.decode()=''
##[debug]result.stderr.decode()='\x1b[31mEmpty state (no state)\x1b[0m\x1b[0m\n'
##[debug]Expecting value: line 1 column 1 (char 0)
gpg: Signature made Tue Apr 19 07:39:45 2022 UTC
gpg: using RSA key 374EC75B485913604A831CC7C820C6D5CD27AB87
gpg: Good signature from "HashiCorp Security (hashicorp.com/security) <[email protected]>" [ultimate]
terraform_0.9.0_linux_amd64.zip: OK
Using the same terraform version that wrote the existing remote state file
Switched to Terraform v0.9.0
##[debug]ls -la /usr/local/bin/terraform:lrwxrwxrwx 1 root root 30 Jul 25 19:11 /usr/local/bin/terraform -> /tmp/terraform_0.9.0/terraform
##[debug] Terraform version major 0 minor 9 patch 0
Detected s3 backend
::endgroup::
::group::Initializing Terraform
Initializing Terraform
##[debug] TF_WORKSPACE=default terraform init -input=false $INIT_ARGS
Error loading configuration: Error parsing /github/workspace/non-prod/acls.tf: At 15:19: Unknown token: 15:19 IDENT confluent_service_account.app-producer.id
##[debug]ls -la /github/workspace:total 36
##[debug]ls -la /github/workspace:drwxr-xr-x 5 1001 123 4096 Jul 25 19:11 .
##[debug]ls -la /github/workspace:drwxr-xr-x 6 root root 4096 Jul 25 19:11 ..
##[debug]ls -la /github/workspace:drwxr-xr-x 8 1001 123 4096 Jul 25 19:11 .git
##[debug]ls -la /github/workspace:drwxr-xr-x 3 1001 123 4096 Jul 25 19:11 .github
##[debug]ls -la /github/workspace:-rw-r--r-- 1 1001 123 53 Jul 25 19:11 .gitignore
##[debug]ls -la /github/workspace:-rw-r--r-- 1 1001 123 11573 Jul 25 19:11 README.md
##[debug]ls -la /github/workspace:drwxr-xr-x 3 1001 123 4096 Jul 25 19:11 non-prod
##[debug]ls -la /github/home:total 16
##[debug]ls -la /github/home:drwxr-xr-x 4 1001 123 4096 Jul 25 19:11 .
##[debug]ls -la /github/home:drwxr-xr-x 6 root root 4096 Jul 25 19:11 ..
##[debug]ls -la /github/home:drwxr-xr-x 3 root root 4096 Jul 25 19:11 .dflook-terraform-github-actions
##[debug]ls -la /github/home:-rw-r--r-- 1 1001 123 0 Jul 25 19:11 .netrc
##[debug]ls -la /github/home:drwxr-xr-x 3 root root 4096 Jul 25 19:11 .terraform.d
##[debug]ls -la /github/home:-rw-r--r-- 1 1001 123 0 Jul 25 19:11 .terraformrc
##[debug]ls -la /github/home/.dflook-terraform-github-actions:total 12
##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 3 1001 123 4096 Jul 25 19:11 .
##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 4 1001 123 4096 Jul 25 19:11 ..
##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 2 1001 123 4096 Jul 25 19:11 terraform-bin-dir
##[debug]ls -la /github/home/.terraform.d:total 12
##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 3 1001 123 4096 Jul 25 19:11 .
##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 4 1001 123 4096 Jul 25 19:11 ..
##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 2 1001 123 4096 Jul 25 19:11 plugin-cache
##[debug]Docker Action run completed with exit code 1
##[debug]Finishing: terraform plan
from terraform-github-actions.
Does the state file already exist for this configuration? Does it have any resources in it?
It looks like the terraform version is not being specified anywhere, so the actions are trying to figure out what version wrote the state file (and failing, causing it to pick 0.9.0).
from terraform-github-actions.
from terraform-github-actions.
Typically you would add a required_version to the terraform block in your config. To always use the latest you can use an open ended constraint, e.g.
terraform {
required_version = ">1.5.0"
}
See the terraform-version action for the different ways to specify the Terraform version
from terraform-github-actions.
from terraform-github-actions.
You were right, I did have to add the terraform required version to my providers.tf and it worked. I will mark this issue resolve. thank you!
from terraform-github-actions.
Related Issues (20)
- Cannot run plan with S3 backend HOT 4
- Inability to trigger the action due to an alleged missing file HOT 5
- "terraform-plan" fails with an error while using "terraform plan" succeeds HOT 2
- backend_config read as file in apply
- Ability to Share Plan Outputs Between Runs HOT 6
- Resources are not removed despite the action claiming otherwise HOT 2
- Issues in terraform version 1.6.0 HOT 1
- Support for Terraform 1.6 test framework HOT 1
- Terraform Cloud deploy with hard-coded workspace fails
- Add option to create new comments on following execution of a terraform operation HOT 3
- OpenTofu support HOT 5
- Terraform Plan Action failing on tf version 1.6.x showing S3 403 permission error
- terraform-plan error: The process '/usr/bin/git' failed with exit code 128 HOT 2
- Terraform Plan Fails on self-hosted runner - ls: cannot access '/github/home': No such file or directory HOT 12
- .tool-versions at workspace level doesn't work HOT 1
- Terraform Cloud backend requires manual "Confirm & Apply" for Terraform >= 1.6.0 HOT 6
- Add option for multiple SSH keys (GH deploy keys)
- auto apply if no resources changed HOT 1
- Impossible to update to a newer terraform version if only the GitHub Action is allowed to execute terraform HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-github-actions.