Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation failure when supplying AWS access key ID with environment variables #1655

Open
bakeemawaytoys opened this issue Oct 31, 2022 · 4 comments
Open

Validation failure when supplying AWS access key ID with environment variables #1655

bakeemawaytoys opened this issue Oct 31, 2022 · 4 comments
Labels
bug resource/aws_auth

Comments

@bakeemawaytoys
Copy link
Contributor

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

Terraform v1.3.3
on darwin_amd64
+ provider registry.terraform.io/hashicorp/vault v3.10.0

Affected Resource(s)

Please list the resources as a list, for example:

  • vault provider

Terraform Configuration Files

The following is a simple example to reproduce the issue. It doesn't require a running instance of Vault to hit the error because it occurs during the provider's argument validation.

terraform {
  required_providers {
    vault = {
      source  = "hashicorp/vault"
      version = "3.10.0"
    }
  }
}

provider "vault" {
  address = "http://localhost:8200"
  auth_login_aws {
    role = "example"
  }
}

data "vault_auth_backend" "aws" {
  path = "aws"
}

Debug Output

N/A

Panic Output

N/A

Expected Behavior

If the aws_secret_access_key and aws_secret_access_key arguments in the auth_login_aws block are set using the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables, the validation on those arguments pass.

Actual Behavior

The validation check on the aws_secret_access_key fails with the following error.

╷
│ Error: Missing required argument
│ 
│   with provider["registry.terraform.io/hashicorp/vault"],
│   on main.tf line 12, in provider "vault":
│   12:   auth_login_aws {
│ 
│ "auth_login_aws.0.aws_secret_access_key": all of `auth_login_aws.0.aws_access_key_id,auth_login_aws.0.aws_secret_access_key` must be specified
╵

Steps to Reproduce

The following script can be used with the above configuration file to trigger the bug. The actual values of the environment variables don't matter because the provider doesn't make to the point where it uses the values for authentication.

#!/bin/bash

export AWS_ACCESS_KEY_ID=foo
export AWS_SECRET_ACCESS_KEY=bar

terraform init
terraform plan

Important Factoids

Validation only fails when one or both of the aws_secret_access_key and aws_secret_access_key arguments are passed in with environment variables. If both are set in the Terraform configuration, then validation passes.

References

terraform-provider-vault/internal/provider/auth_aws.go

Line 45 in a9a3f34

RequiredWith: []string{fmt.Sprintf("%s.0.%s", authField, consts.FieldAWSAccessKeyID)},

@iusergii
Copy link

On the same page here, it's blocking my migration toauth_login_aws. Any chanse for fix?

@zujko
Copy link

zujko commented Dec 29, 2022

I'm seeing this same issue as well. Using provider version 3.11.0.

@hskrtich
Copy link

This is still an issue with version 3.12.0. It seems like auth_login_aws isnt picking up any environment variables like it should since it wont pick up aws_profile ether.

@hskrtich
Copy link

Looks like this might be the cause of this issue hashicorp/terraform-plugin-sdk#1099

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug resource/aws_auth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hskrtich @bakeemawaytoys @zujko @iusergii @hsimon-hashicorp