Terraform: Unable to apply plan with Remote Execution mode set on workspace
Terraform Version
Terraform v0.11.13
+ provider.aws v2.27.0
Expected Behavior
When running terraform init, we expect a workspace to be created in our org to store remote state. The workspace should be set for local execution mode.
Actual Behavior
Since yesterday (2019-09-10), workspaces now create set with remote execution mode instead of local execution mode. This impacts our standard ability to run 'terraform plan -out
Error: Saving a generated plan is currently not supported!
The "remote" backend does not support saving the generated execution
plan locally at this time.
We can manually change the execution mode to local and our standard workflow operates as expected. We attempted to use 'terraform plan' to run the plan in the remote backend, however our credentials file for AWS is no longer recognized:
provider.aws: error validating provider credentials: error calling sts:GetCallerIdentity: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
We've tried adding the shared_credentials_file parameter to the provider itself:
provider "aws" {
region = "us-east-1"
profile = ""
shared_credentials_file = ""
}
This might be two issues ultimately... 1) it'd be nice to have an option to set the default execution mode seeing as this change broke our standard workflows despite it being a new "feature" for the free tier. 2) The credentials file is no longer recognized. If there is either a way to set that default execution mode, or if we can configure a default workspace to have the credentials file, we can probably get around this without manually changing each of the workspaces to local.
Steps to Reproduce
- Configure AWS credentials file in default location
- terraform init
- terraform plan -out plan.out (to see initial error)
- terraform plan (to see error about credentials provider)
Log into app.terraform.io, browse to WorkSpaces, find and select your WorkSpace. Under Settings -> General, change Execution Mode to local.
- terraform init
- terraform plan -out plan.out (works as expected)
References
There has been some other discussion around this change as well that I found:
https://discuss.hashicorp.com/t/free-cloud-remote-state-change/2750
https://discuss.hashicorp.com/t/saving-a-generated-plan-is-currently-not-supported/2116
dhammel-bf
All 11 comments
I got hit by this too. A change in default behaviour - without changing tf files or even upgrading the client - is really bad UX imho. The remote execution is unusable for me because of all the issues listed here and elsewhere, plus the fact it can't take variables from the cmd line. Having to go into the web UI to turn off remote execution every time isn't viable, because we automatically create lots of workspaces in CD. There is an API call to do it in the links in the OP, but that's really clunky. Could there be a terraform workspace options ... command, or better terraform workspace create -execution=local?
mt-inside
on 13 Sep 2019
Very much agree with @mt-inside! This over-the-air change broke a lot of workflows, especially surrounding workspaces and Terragrunt fall-backs. An init flag or on-run execution mode is necessary
DanielSinclair
on 15 Sep 2019
We're experiencing the same issue with AWS credentials file, which makes remote executions unusable for us.
kstromeiraos
on 17 Sep 2019
You can workaround this for now by using the API to set your desired plan mode.
https://www.terraform.io/docs/cloud/api/workspaces.html#update-a-workspace
Set data.attributes.operations to false for local or true for remote. I'm doing this as part of my repo's "build script".
mattlqx
on 18 Sep 2019
This has been problematic for us as well. Definitely a bad ux!
leonawoo
on 2 Oct 2019
@mattlqx Nice find, because it is actually not documented in the API that you linked to. It also works, when creating a new workspace via the API. Leaves a foul taste though.
ChristianUlbrich
on 5 Nov 2019
+1
elijah-roberts
on 5 Mar 2020
This disadvantage of converting all my runs to local mode is now I don't get any access to the variables stored in my workspace in terraform enterprise. This is a critical break if I was using TFE to not share secrets with executors.
fishpen0
on 11 Mar 2020
Hi all! Thanks for reporting this and sorry for the delayed response.
We use issues in this repository to represent bugs and feature requests in Terraform CLI. Terraform Cloud is developed by other teams who don't typically monitor this repository, and they prefer to hear about bug reports and feature requests via the customer support system.
If you have a paid account on Terraform Cloud, please send this feedback to your usual support contacts. Otherwise, you can contact the Terraform Cloud support team at [email protected]. If you contact the support team, be sure to include your Terraform Cloud username and organization name in your request.
Thanks again!
apparentlymart
on 13 Jan 2021
This is explicitly about how the terraform CLI works though. What is the intersection point between these teams?
fishpen0
on 14 Jan 2021
I'd second that - assuming the TF cloud team aren't going to change this default-on behavior, we're looking to the CLI to add a feature to make it ergonomic, indeed usable at all for people who aren't in an enterprise.
I'm happy to do the work and raise a PR, would that have any chance of being merged?
mt-inside
on 15 Jan 2021
Related issues
cpoole
路
3Comments
sprokopiak
路
3Comments
franklinwise
路
3Comments
darron
路
3Comments
Seraf
路
3Comments
Most helpful comment
I got hit by this too. A change in default behaviour - without changing tf files or even upgrading the client - is really bad UX imho. The remote execution is unusable for me because of all the issues listed here and elsewhere, plus the fact it can't take variables from the cmd line. Having to go into the web UI to turn off remote execution every time isn't viable, because we automatically create lots of workspaces in CD. There is an API call to do it in the links in the OP, but that's really clunky. Could there be a
terraform workspace options ...command, or betterterraform workspace create -execution=local?