terraform import on module resource fails to read values in terraform.tfvars, even though plan/apply work

Created on 20 Sep 2017  ·  12Comments  ·  Source: hashicorp/terraform

When using a module to define resources that get used multiple times over, and wanting to import existing use cases for for this module (for example github user membership), the import fails to recognize variables defined at the top level outside of the module. This is despite a working plan or apply.

Terraform Version

Terraform v0.9.11

Terraform Configuration Files

# test_user.tf
variable "github_org_owner_token" {
  description = "The account corresponding to this token will need 'owner' privileges for the GitHub organization"
}

module "test_user" {
  source = "./modules/github_membership/"

  github_org_owner_token = "${var.github_org_owner_token}"
  github_username = "pcockwell"
}

# terraform.tfvars
github_org_owner_token = "REDACTED"



md5-b7fc63eed934aa26f92316de7a3b2c31



```hcl
# modules/github_membership/github.tf
provider "github" {
  token        = "${var.github_org_owner_token}"
  organization = "REDACTED"
}

resource "github_membership" "membership" {
  username = "${var.github_username}"
  role     = "${var.github_role}"
}



md5-1f2abbc2133f6025dbb10f088d468092



$ terraform plan -target=module.test_user
+ module.test_user.github_membership.membership
    role:     "member"
    username: "pcockwell"


Plan: 1 to add, 0 to change, 0 to destroy.



md5-ea57a292e332e7dde455627012a02c35



$ terraform import module.test_user.github_membership.membership REDACTED:pcockwell
Error importing: 1 error(s) occurred:

* module.test_user.provider.github: 1:3: unknown variable accessed: var.github_org_owner_token in:

${var.github_org_owner_token}

Expected Behavior

Terraform successfully imports resource

Actual Behavior

Terraform fails complaining about an unknown variable being accessed

Steps to Reproduce

Please list the full steps required to reproduce the issue, for example:

  1. terraform init
  2. terraform plan -target=module.test_user.github_membership.membership
  3. terraform import module.test_user.github_membership.membership REDACTED:pcockwell
bug cli v0.11
Source
picture pcockwell
👍70

Most helpful comment

I've encountered the same issue in Terraform v0.11.7 but it seems slightly more widespread than just not pulling variables from the top-level tfvars. In my testing it seemed to occur even when explicitly declaring static string values to my module.

It seems notable that interpolation of an output from another module worked fine though (see the mysite module reference in the example below) .

module "cloudflare" {
  source = "./modules/cloudflare"
  domain = "example.com"
  email  = "[email protected]"
  org_id = "xxx"
  token  = "yyy"

  proxy_cname = {
    www = "${replace(module.mysite.app_service_default_hostname, "/^https?:///", "")}"
  }
}

terraform import module.cloudflare.cloudflare_record.proxy_cname example.com/zzz

Error: module.cloudflare.provider.cloudflare: 1:3: unknown variable accessed: var.email in:

${var.email}

Workaround

My workaround was:

  1. Temporarily assign the required values as defaults to all the variables in the module (./modules/cloudflare/variables.tf)
  2. Run the import command
  3. Remove the default values for the module variables

This is not ideal as it wouldn't work for any complex interpolations on the module. In my case it also involved temporarily putting sensitive secrets as default variables.

picture dijitali on 3 Jul 2018
👍9

All 12 comments

My mistake on closing - apologies

pcockwell picture pcockwell on 25 Jan 2018

I've hit this too. init and plan work, but I can't import. This might be more complicated because I'm using modules in modules, and because I'm managing two AWS accounts. It throws unknown variable accessed errors for anything that uses variables in the provider.

terraform import module.legacy_engineering_oregon.module.vpn_connection.aws_vpn_connection.vpn_connection vpn-redacted
Error: module.china_qa.provider.aws: 1:3: unknown variable accessed: var.exabeam_aws_session_token in:
${var.exabeam_aws_session_token}

Error: module.artifactory2.provider.aws: 1:3: unknown variable accessed: var.aws_access_key in:
${var.aws_access_key}

Error: module.lambda_cleanup_cct.provider.aws: 1:3: unknown variable accessed: var.exabeamit_aws_access_key in:
${var.exabeamit_aws_access_key}

Error: module.jenkins.provider.aws: 1:3: unknown variable accessed: var.exabeamit_aws_session_token in:
${var.exabeamit_aws_session_token}

Error: module.cct_bucket.provider.aws: 1:3: unknown variable accessed: var.exabeamit_aws_access_key in:
${var.exabeamit_aws_access_key}
...

Provider declaration:

provider "aws" {
    region = "us-west-2"
    access_key = "${var.exabeam_aws_access_key}"
    secret_key = "${var.exabeam_aws_secret_key}"
    token = "${var.exabeam_aws_session_token}"
}
alexhexabeam picture alexhexabeam on 26 Feb 2018

I've encountered the same issue in Terraform v0.11.7 but it seems slightly more widespread than just not pulling variables from the top-level tfvars. In my testing it seemed to occur even when explicitly declaring static string values to my module.

It seems notable that interpolation of an output from another module worked fine though (see the mysite module reference in the example below) .

module "cloudflare" {
  source = "./modules/cloudflare"
  domain = "example.com"
  email  = "[email protected]"
  org_id = "xxx"
  token  = "yyy"

  proxy_cname = {
    www = "${replace(module.mysite.app_service_default_hostname, "/^https?:///", "")}"
  }
}

terraform import module.cloudflare.cloudflare_record.proxy_cname example.com/zzz

Error: module.cloudflare.provider.cloudflare: 1:3: unknown variable accessed: var.email in:

${var.email}

Workaround

My workaround was:

  1. Temporarily assign the required values as defaults to all the variables in the module (./modules/cloudflare/variables.tf)
  2. Run the import command
  3. Remove the default values for the module variables

This is not ideal as it wouldn't work for any complex interpolations on the module. In my case it also involved temporarily putting sensitive secrets as default variables.

dijitali picture dijitali on 3 Jul 2018
👍9

Please do not post "+1" comments here, since it creates noise for others watching the issue and ultimately doesn't influence our prioritization because we can't actually report on these. Instead, react to the original issue comment with 👍, which we can and do report on during prioritization.

mildwonkey picture mildwonkey on 5 Sep 2018
👍8

Has anyone been able to reproduce this issue on a recent terraform 0.12.x version?

danieldreier picture danieldreier on 8 Jan 2020

I reproduced this issue in terraform 0.12.x verison. Command terraform plan/apply can work on terraform module, but terraform import always tells me there is missing access_key or secret_key, even if specify access_key and secret_key by -var.
Is there any one can fix it?

xiaozhu36 picture xiaozhu36 on 9 Jan 2020
👍1

i'm actively facing this issue in 0.12.x.

my usecase is a cloudflare provider not getting the variable access token i'm trying to feed it. i've been manually editing the .terraform/modules/xxx files to hardcode the access token to get past it

mrtristan picture mrtristan on 23 Jan 2020

I put together a minimal reproduction of this-

# main.tf
module "mod" {
  source = "./mod"
  myvar = "https://rancher.my-domain.com"
}

# mod/main.tf
variable "myvar" {}
provider "rancher2" {
  api_url   = var.myvar
  bootstrap = true
}
resource "rancher2_cluster" "foo" {
    name = "mycluster"
}

To demonstrate that variables aren't passed-

terraform apply
Error: Get https://rancher.my-domain.com/v3: dial tcp 127.0.0.1:443: connect: connection refused

terraform import module.mod.rancher2_cluster.foo blah
Error: Get : unsupported protocol scheme ""

Using import, the variable is coming through as "", while on plan/apply the value is getting passed in from the parent module.

pbecotte picture pbecotte on 27 Mar 2020
👍2

Just ran into this using v0.12.24. Have a for_each loop inside a module that runs on a variable, when I run terraform import from the folder where the variable is defined in main.tf, errors out as if the variable was blank. When I made those values the module default, worked as expected.

rfein-hearst picture rfein-hearst on 16 Apr 2020

@rfein-hearst I think you may be seeing a different issue from the parent issue here. for_each isn't supported in modules yet. #17519 tracks that request.

edit: I understood your request incorrectly. Sorry!

danieldreier picture danieldreier on 18 Apr 2020

Hi everyone! Thanks for reporting this and the reproduction cases.

This issue has been resolved and the fix will be included in Terraform starting with v0.13-beta2 🎉

mildwonkey picture mildwonkey on 12 Jun 2020
🎉4

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 13 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

darron picture darron  ·  3Comments
rjinski picture rjinski  ·  3Comments
sprokopiak picture sprokopiak  ·  3Comments
carl-youngblood picture carl-youngblood  ·  3Comments
c4milo picture c4milo  ·  3Comments