sysdig module hard fails if API KEY is invalid on an existing resource #182
Description
We are encountering an issue where our existing sysdig resources error and block our pipelines because there is an invalid API KEY used in the provider and this is a hard failure in terraform.
We also noticed we cant remove these resources either because there is a validation check that seemingly occurs even if the resources are being destroyed.
This is bad practice in terms of terraform provider development, the ability to remove resources shouldn't be impeded by a carrier validation check for that same resource.
provider "sysdig" {
sysdig_secure_url = "https://us-south.monitoring.cloud.ibm.com"
sysdig_secure_api_token = jsondecode(data.aws_secretsmanager_secret_version.retrive-version["sysdig_secure_api_token"].secret_string)["sysdig_secure_api_token"]
}
module "cloud_bench" {
source = "sysdiglabs/secure-for-cloud/aws//modules/services/cloud-bench"
version = "0.10.9"
name = "ibmcspm-cloudbench"
}
Planning failed. Terraform encountered an error while generating this plan.
--
598 |
599 | ╷
600 | │ Error: cannot verify credentials
601 | │
602 | │ with module.cloud_bench.data.sysdig_secure_trusted_cloud_identity.trusted_identity,
603 | │ on .terraform/modules/cloud_bench/modules/services/cloud-bench/main.tf line 11, in data "sysdig_secure_trusted_cloud_identity" "trusted_identity":
604 | │ 11: data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
605 | │
606 | ╵
607 | ╷
608 | │ Error: cannot verify credentials
609 | │
610 | │ with module.cloud_bench.sysdig_secure_cloud_account.cloud_account["181579366464"],
611 | │ on .terraform/modules/cloud_bench/modules/services/cloud-bench/main.tf line 25, in resource "sysdig_secure_cloud_account" "cloud_account":
612 | │ 25: resource "sysdig_secure_cloud_account" "cloud_account" {
613 | │
614 | ╵
Simple Solution: Ensure the error is a warning and non terminating!