GithubHelp home page GithubHelp logo

Terraform Plan action fails due to Unknown token: 15:19 IDENT confluent_service_account.app-producer.id error about terraform-github-actions HOT 10 CLOSED

NiyiOdumosu avatar NiyiOdumosu commented on June 10, 2024
Terraform Plan action fails due to Unknown token: 15:19 IDENT confluent_service_account.app-producer.id error

from terraform-github-actions.

Comments (10)

dflook avatar dflook commented on June 10, 2024

Hello @NiyiOdumosu, Can you share acls.tf?
Can you confirm you are using Terraform 0.9.0? That's really old.

from terraform-github-actions.

NiyiOdumosu avatar NiyiOdumosu commented on June 10, 2024

So when I run terraform plan manually in the terraform init & terrafrom plan step in my workflow, it shows 1.5.3. But it is actually your github action that is installing 0.9.0 version of terraform. If you look in the workflow log for your build step, it shows that version. That is why I put it there. I think it needs to be updated

from terraform-github-actions.

NiyiOdumosu avatar NiyiOdumosu commented on June 10, 2024

acls.tf

resource "confluent_service_account" "app-producer" {
  display_name = "app-producer-service-account"
  description  = "Service Account for app producer"
}

resource "confluent_role_binding" "developer-write" {
  principal   = "User:${confluent_service_account.app-producer.id}"
  role_name   = "DeveloperWrite"
  crn_pattern = "${confluent_kafka_cluster.dedicated.rbac_crn}/kafka=${confluent_kafka_cluster.dedicated.id}/topic=*"
}
resource "confluent_api_key" "producer-api-key" {
  display_name = "producer-api-key"
  description  = "Kafka API Key that is owned by 'producer' service account"
  owner {
    id          = confluent_service_account.app-producer.id
    api_version = confluent_service_account.app-producer.api_version
    kind        = confluent_service_account.app-producer.kind
  }

  managed_resource {
    id          = confluent_kafka_cluster.dedicated.id
    api_version = confluent_kafka_cluster.dedicated.api_version
    kind        = confluent_kafka_cluster.dedicated.kind

    environment {
      id = data.confluent_environment.env.id
    }
  }
  depends_on = [
    confluent_role_binding.developer-write
  ]
}

resource "confluent_kafka_acl" "app_producer_acl" {
  kafka_cluster {
    id = confluent_kafka_cluster.dedicated.id
  }
  resource_type = "TOPIC"
  resource_name = "*"
  pattern_type  = "LITERAL"
  principal     = "User:${confluent_service_account.app-producer.id}"
  host          = "*"
  operation     = "WRITE"
  permission    = "ALLOW"
  rest_endpoint = confluent_kafka_cluster.dedicated.rest_endpoint
  credentials {
    key = confluent_api_key.app-manager-kafka-api-key.id
    secret = confluent_api_key.app-manager-kafka-api-key.secret

  }
}

resource "confluent_service_account" "app-consumer" {
  display_name = "app-consumer-service-account"
  description  = "Service Account for app consumers"
}

resource "confluent_role_binding" "developer-read" {
  principal   = "User:${confluent_service_account.app-consumer.id}"
  role_name   = "DeveloperRead"
  crn_pattern = "${confluent_kafka_cluster.dedicated.rbac_crn}/kafka=${confluent_kafka_cluster.dedicated.id}/topic=*"
}

resource "confluent_kafka_acl" "app_consumer_acl" {
  kafka_cluster {
    id = confluent_kafka_cluster.dedicated.id
  }
  resource_type = "TOPIC"
  resource_name = "*"
  pattern_type  = "LITERAL"
  principal     = "User:${confluent_service_account.app-consumer.id}"
  host          = "*"
  operation     = "READ"
  permission    = "ALLOW"
  rest_endpoint = confluent_kafka_cluster.dedicated.rest_endpoint
  credentials {
    key = confluent_api_key.app-manager-kafka-api-key.id
    secret = confluent_api_key.app-manager-kafka-api-key.secret
  }
}


resource "confluent_api_key" "consumer-api-key" {
  display_name = "consumer-api-key"
  description  = "Kafka API Key that is owned by 'consumer' service account"
  owner {
    id          = confluent_service_account.app-consumer.id
    api_version = confluent_service_account.app-consumer.api_version
    kind        = confluent_service_account.app-consumer.kind
  }

  managed_resource {
    id          = confluent_kafka_cluster.dedicated.id
    api_version = confluent_kafka_cluster.dedicated.api_version
    kind        = confluent_kafka_cluster.dedicated.kind

    environment {
      id = data.confluent_environment.env.id
    }
  }
  depends_on = [
    confluent_role_binding.developer-read
  ]
}


resource "confluent_service_account" "app-manager" {
  display_name = "app-manager"
  description  = "Service account to manage 'non-production' the Kafka & ksqlDB clusters"
}

resource "confluent_role_binding" "app-manager-kafka-cluster-admin" {
  principal   = "User:${confluent_service_account.app-manager.id}"
  role_name   = "CloudClusterAdmin"
  crn_pattern = confluent_kafka_cluster.dedicated.rbac_crn
}

resource "confluent_api_key" "app-manager-kafka-api-key" {
  display_name = "app-manager-kafka-api-key"
  description  = "Kafka API Key that is owned by 'app-manager' service account"
  owner {
    id          = confluent_service_account.app-manager.id
    api_version = confluent_service_account.app-manager.api_version
    kind        = confluent_service_account.app-manager.kind
  }

  managed_resource {
    id          = confluent_kafka_cluster.dedicated.id
    api_version = confluent_kafka_cluster.dedicated.api_version
    kind        = confluent_kafka_cluster.dedicated.kind

    environment {
      id = data.confluent_environment.env.id
    }
  }
}

from terraform-github-actions.

dflook avatar dflook commented on June 10, 2024

Can you set the ACTIONS_STEP_DEBUG secret to true, try again, and post the workflow log?

from terraform-github-actions.

NiyiOdumosu avatar NiyiOdumosu commented on June 10, 2024

Below is the full debug workflow. It's using the 0.90.0 version of tf in your action. The key debug message that I see is ##[debug] TF_WORKSPACE=default terraform init -input=false $INIT_ARGS Error loading configuration: Error parsing /github/workspace/non-prod/acls.tf: At 15:19: Unknown token: 15:19 IDENT confluent_service_account.app-producer.id

 gpg: Signature made Tue Apr 19 07:39:45 2022 UTC
  gpg:                using RSA key 374EC75B485913604A831CC7C820C6D5CD27AB87
  gpg: Good signature from "HashiCorp Security (hashicorp.com/security) <[email protected]>" [ultimate]
  terraform_0.9.0_linux_amd64.zip: OK
  ##[debug]result.args[:2]=['/tmp/terraform_0.9.0/terraform', 'init']
  ##[debug]result.returncode=0
  ##[debug]Initializing the backend...
  ##[debug]
  ##[debug]
  ##[debug]Successfully configured the backend "s3"! Terraform will automatically
  ##[debug]use this backend unless the backend configuration changes.
  ##[debug]
  ##[debug]Terraform has been successfully initialized!
  ##[debug]
  ##[debug]You may now begin working with Terraform. Try running "terraform plan" to see
  ##[debug]any changes that are required for your infrastructure. All Terraform commands
  ##[debug]should now work.
  ##[debug]
  ##[debug]If you ever set or change modules or backend configuration for Terraform,
  ##[debug]rerun this command to reinitialize your environment. If you forget, other
  ##[debug]commands will detect it and remind you to do so if necessary.
  ##[debug]result.args=[PosixPath('/tmp/terraform_0.9.0/terraform'), 'state', 'pull']
  ##[debug]result.returncode=0
  ##[debug]result.stdout.decode()=''
  ##[debug]result.stderr.decode()='\x1b[31mEmpty state (no state)\x1b[0m\x1b[0m\n'
  ##[debug]Expecting value: line 1 column 1 (char 0)
  gpg: Signature made Tue Apr 19 07:39:45 2022 UTC
  gpg:                using RSA key 374EC75B485913604A831CC7C820C6D5CD27AB87
  gpg: Good signature from "HashiCorp Security (hashicorp.com/security) <[email protected]>" [ultimate]
  terraform_0.9.0_linux_amd64.zip: OK
  Using the same terraform version that wrote the existing remote state file
  Switched to Terraform v0.9.0
  ##[debug]ls -la /usr/local/bin/terraform:lrwxrwxrwx 1 root root 30 Jul 25 19:11 /usr/local/bin/terraform -> /tmp/terraform_0.9.0/terraform
  ##[debug] Terraform version major 0 minor 9 patch 0
  Detected s3 backend
  ::endgroup::
::group::Initializing Terraform
Initializing Terraform
  ##[debug] TF_WORKSPACE=default terraform init -input=false $INIT_ARGS
  Error loading configuration: Error parsing /github/workspace/non-prod/acls.tf: At 15:19: Unknown token: 15:19 IDENT confluent_service_account.app-producer.id
  ##[debug]ls -la /github/workspace:total 36
  ##[debug]ls -la /github/workspace:drwxr-xr-x 5 1001  123  4096 Jul 25 19:11 .
  ##[debug]ls -la /github/workspace:drwxr-xr-x 6 root root  4096 Jul 25 19:11 ..
  ##[debug]ls -la /github/workspace:drwxr-xr-x 8 1001  123  4096 Jul 25 19:11 .git
  ##[debug]ls -la /github/workspace:drwxr-xr-x 3 1001  123  4096 Jul 25 19:11 .github
  ##[debug]ls -la /github/workspace:-rw-r--r-- 1 1001  123    53 Jul 25 19:11 .gitignore
  ##[debug]ls -la /github/workspace:-rw-r--r-- 1 1001  123 11573 Jul 25 19:11 README.md
  ##[debug]ls -la /github/workspace:drwxr-xr-x 3 1001  123  4096 Jul 25 19:11 non-prod
  ##[debug]ls -la /github/home:total 16
  ##[debug]ls -la /github/home:drwxr-xr-x 4 1001  123 4096 Jul 25 19:11 .
  ##[debug]ls -la /github/home:drwxr-xr-x 6 root root 4096 Jul 25 19:11 ..
  ##[debug]ls -la /github/home:drwxr-xr-x 3 root root 4096 Jul 25 19:11 .dflook-terraform-github-actions
  ##[debug]ls -la /github/home:-rw-r--r-- 1 1001  123    0 Jul 25 19:11 .netrc
  ##[debug]ls -la /github/home:drwxr-xr-x 3 root root 4096 Jul 25 19:11 .terraform.d
  ##[debug]ls -la /github/home:-rw-r--r-- 1 1001  123    0 Jul 25 19:11 .terraformrc
  ##[debug]ls -la /github/home/.dflook-terraform-github-actions:total 12
  ##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 3 1001 123 4096 Jul 25 19:11 .
  ##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 4 1001 123 4096 Jul 25 19:11 ..
  ##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 2 1001 123 4096 Jul 25 19:11 terraform-bin-dir
  ##[debug]ls -la /github/home/.terraform.d:total 12
  ##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 3 1001 123 4096 Jul 25 19:11 .
  ##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 4 1001 123 4096 Jul 25 19:11 ..
  ##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 2 1001 123 4096 Jul 25 19:11 plugin-cache
  ##[debug]Docker Action run completed with exit code 1
  ##[debug]Finishing: terraform plan

from terraform-github-actions.

dflook avatar dflook commented on June 10, 2024

Does the state file already exist for this configuration? Does it have any resources in it?

It looks like the terraform version is not being specified anywhere, so the actions are trying to figure out what version wrote the state file (and failing, causing it to pick 0.9.0).

from terraform-github-actions.

NiyiOdumosu avatar NiyiOdumosu commented on June 10, 2024

from terraform-github-actions.

dflook avatar dflook commented on June 10, 2024

Typically you would add a required_version to the terraform block in your config. To always use the latest you can use an open ended constraint, e.g.

terraform {
  required_version = ">1.5.0"
}

See the terraform-version action for the different ways to specify the Terraform version

from terraform-github-actions.

NiyiOdumosu avatar NiyiOdumosu commented on June 10, 2024

from terraform-github-actions.

NiyiOdumosu avatar NiyiOdumosu commented on June 10, 2024

You were right, I did have to add the terraform required version to my providers.tf and it worked. I will mark this issue resolve. thank you!

from terraform-github-actions.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.