Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.3k views
in Technique[技术] by (71.8m points)

gitlab - Providers within modules not passed to the child modules - terraform

I am usgin gitlabhq/gitlab module with terrafrom.

I created a separted module for gitlab resources ./terraform-modules/terraform-gitlab-project-variables-aws-iam-access-keys

terraform {
  required_providers {
    gitlab = {
      source = "gitlabhq/gitlab"
      version = "3.3.0"
    }
  }
}


data "gitlab_projects" "projects-name" {
  search              = var.projectSearch
  visibility          = var.projectVisibility
}

resource "aws_iam_access_key" "user" {
  user = var.projectUserName
}

resource "gitlab_project_variable" "aws_access_key_user" {

    project   = data.gitlab_projects.projects-name.projects[0].id
    key       = "AWS_ACCESS_KEY_ID"
    value     = aws_iam_access_key.user.id
    protected = var.projectAccessKeyProtected
    masked = var.projectAccessKeyMasked
    environment_scope = var.projectEnvironmentScope

}

resource "gitlab_project_variable" "aws_secret_key_user" {

    project   = data.gitlab_projects.projects-name.projects[0].id
    key       = "AWS_SECRET_ACCESS_KEY"
    value     = aws_iam_access_key.user.secret
    protected = var.projectAccessSecretProtected
    masked = var.projectAccessSecretMasked
    environment_scope = var.projectEnvironmentScope

}

as you can see, I added the provider configurations block and left out the definition of the provider to the root module.

Providers Within Modules

Note: Only provider configurations are inherited by child modules, not provider source or version requirements. Each module must declare its own provider requirements. This is especially important for non-HashiCorp providers.

Each resource in the configuration must be associated with one provider configuration. Provider configurations, unlike most other concepts in Terraform, are global to an entire Terraform configuration and can be shared across module boundaries. Provider configurations can be defined only in a root Terraform module.

and here is my root module, I am using the previous module in gitlab_projectNetwork module ./project/main.tf:

provider "aws" {

    access_key = var.aws_access_key_id
    secret_key = var.aws_secret_access_key
    region     = var.aws_region
}


terraform {
  required_providers {
    gitlab = {
      source = "gitlabhq/gitlab"
      version = "3.3.0"
    }
  }
}

provider "gitlab" {
    token = var.gitlab_token

}


terraform {
  backend "http" {}
}

module "network_user" {

    source = "git::https://gitlab.com/xxx/terraform-modules/terraform-aws-iam-user.git"

    userName = "${var.project}-${var.env}-network"
    userPath = "/infra/"
    arnList = ["arn:aws:iam::${var.aws_account_id}:policy/infra/${var.project}-network-ec2-isolated-${var.env}-iam-policy"]
    userTags = {
          "Project": var.project,
          "Environment": var.env,
          "Name":"network-user"}
}


module "gitlab_projectNetwork" {

    source = "git::https://gitlab.com/xxx/terraform-modules/terraform-gitlab-project-variables-aws-iam-access-keys.git"
    projectUserName = module.network_user.awsIamUserName
    projectSearch = "network"
    projectVisibility = "private"
    projectEnvironmentScope = var.env 

}

when I run the script I become the following error:

2021/02/05 01:08:48 [TRACE] dag/walk: upstream of "root" errored, so skipping
Error: GET https://gitlab.com/api/v4/user: 401 {message: 401 Unauthorized}
  on main.tf line 18, in provider "gitlab":
  18: provider "gitlab" {

I am not sure what is the problem here, I increased the logs to TRACE and there were nothing interesting. I suspect that somehow the configuration of provider is not passed further to the child module.

Now, interesting to see that if I add the provider block to the child module, the script works perfectly fine. But didn't the official documentation adviced against it? any ideas why this is not working?

question from:https://stackoverflow.com/questions/66059638/providers-within-modules-not-passed-to-the-child-modules-terraform

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...