-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v0.13.2 fails to import resources when interpolation is used in provider in module #26211
Comments
i think this is similar to what i'm experiencing in #25574 |
Thanks for reporting this, @demonemia, and thanks for the reproduction repository. I'm able to reproduce the issue with Terraform 0.13.3. I'm not sure what the cause is, but there are several other similar import bugs due to the import process not fully evaluating the configuration. Possibly related: #26258. |
Still going on in 13.4 with AWS and trying to import iam roles and route 53 zones |
@jdtommy Did it work? Is there some workaround? |
I had a similar issue, but with kubernetes provider
And my workaround was changing the provider from
to
the import worked and I switched the code back after. |
@fernandoiury, same workaround did not work for me |
Just had the same issue with kubernetes and helm providers. My workaround was to temporarily comment the entire "offending" provider blocks, do the import then uncomment them back. |
This seems to me very suspicious. Is it another bug? |
No idea but I did get the errors:
Both providers use interpolation with the base64decode function for the certificates |
Same issue here. We have a module provider "aws" {
alias = "logs"
assume_role {
role_arn = "arn:aws:iam::${aws_organizations_account.child_accounts["logs"].id}:role/foo"
}
} We use module module "foo" {
source = "../foo"
# ... params ...
}
module "bar" {
source = "../bar"
# ... params ...
}
Note that |
BTW, this looks fairly similar to #13018, although it seems 0.13 has made that issue even worse. |
I have come across yet another `import` bug with Terraform. The [original one](hashicorp/terraform#13018) prompted us to add the `aws-provider-patch` command. The [new one](hashicorp/terraform#26211), which is the motivation for this PR, requires that the `aws-provider-patch` command can override not only top-level attributes in the `provider` block, but also attributes nested within blocks within the `provider` block, such as a `role_arn` within an `assume_role` block. This PR allows you to specify these nested attributes using a "dot" notation: e.g., `--terragrunt-override-attr assume_role.role_arn=""`.
Note that, as an ugly/hacky workaround for #13018, we added an |
OK, the updated |
terraform 0.13.5 seems to have fixed this for |
This workaround worked for me, I was able to import my kubernetes clusters. Terraform v0.13.5
|
Has anyone a workaround for aws? |
In the end, the solution I found better was to separate the terraform states across several steps (indeed harder but it does solves many problems). In summary, it would be to
I will try to create a medium article for it, but in summary these are the steps that I've come up with for a long term solution. |
I have come across yet another `import` bug with Terraform. The [original one](hashicorp/terraform#13018) prompted us to add the `aws-provider-patch` command. The [new one](hashicorp/terraform#26211), which is the motivation for this PR, requires that the `aws-provider-patch` command can override not only top-level attributes in the `provider` block, but also attributes nested within blocks within the `provider` block, such as a `role_arn` within an `assume_role` block. This PR allows you to specify these nested attributes using a "dot" notation: e.g., `--terragrunt-override-attr assume_role.role_arn=""`.
I was able to get a workaround for my scenario in aws, hopefully it will help someone else until this is resolved. I have a module
resource "aws_organizations_account" "this" {
# resource content...
}
provider "aws" {
alias = "this"
region = "us-west-2"
assume_role {
role_arn = "arn:aws:iam::${aws_organizations_account.this.id}:role/OrganizationAccountAccessRole"
}
}
# bootstrap some account resources with `aws.this` provider. I can't really comment out this provider or the assume role without effecting other consumers of the module, so I did the following.
# Need to import into 'module.aws_account.aws_organizations_account.this'
module "aws_account" {
source = "module/aws-account"
# ...
}
resource "aws_organizations_account" "temp" {}
# module "aws_account" {
# source = "module/aws-account"
# # ...
# }
Hope it helps. |
This issue is supposed to be fixed in the latest release for what it's worth. |
Closing as confirmed this case is working in the latest release. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Terraform Version
Terraform Configuration Files
Sample Repo
Debug Output
Log file
Expected Behavior
Terraform should import the existing resource into the state file
Actual Behavior
Statefile is not updated, error message is displayed.
Steps to Reproduce
terraform init
terraform import module.resource_group_1.azurerm_resource_group.resource_group /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/resource-group-1
or
terraform import module.resource_group_1.null_resource.test_resource test
Additional Context
terraform plan
worksThis was also an issue in terraform v0.13.0.
References
#25816
The text was updated successfully, but these errors were encountered: