Terragrunt: validate-all requires credentials

Created on 1 Nov 2018  路  4Comments  路  Source: gruntwork-io/terragrunt

I'd like to run some simple lint-style checks on CI. When using terraform, I usually use validate, so for terragrunt validate-all seems like the correct choice. However, it fails, complaining that the credentials are not set.

full log

Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Cannot process module Module /home/adborden/projects/datagov/datagov-infrastructure-live/stage/db (dependencies: [/home/adborden/projects/datagov/datagov-infrastructure-live/stage/vpc]) because one of its dependencies, Module /home/adborden/projects/datagov/datagov-infrastructure-live/stage/vpc (dependencies: []), finished with an error: Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors
[terragrunt] 2018/11/01 08:32:01 Unable to determine underlying exit code, so Terragrunt will exit with error code 1
enhancement help wanted
Source
picture adborden
👍6 🚀4

Most helpful comment

I think part of the issue is that terragrunt does a backend initialize on every command. With terraform, you can run terraform init -backend=false which allows you to continue with the validate even without credentials. This doesn't work with terragrunt.

picture adborden on 1 Nov 2018
🚀3

All 4 comments

I think part of the issue is that terragrunt does a backend initialize on every command. With terraform, you can run terraform init -backend=false which allows you to continue with the validate even without credentials. This doesn't work with terragrunt.

adborden picture adborden on 1 Nov 2018
🚀3

Is there any workarounds with this one @adborden? have run into this myself.

stefansedich picture stefansedich on 12 Apr 2019

Is even possible to validate terraform somehow?
because terraform init -backend=false && terraform validate will not work, cuz .tfvars will not be validated and .tf files will eventually not get variables in this case.

IMHO terragrunt should handle this.

EDIT:
Wondering if is possible to override remote backend like this?

cat << EOF >> ./terraform.tfvars
 terragrunt = {
   remote_state {
      backend = "local"
   }
}
EOF
terragrunt validate-all --terragrunt-config ./terraform.tfvars

but of course, there would be a problem with missing block

terraform {
  backend "local" {}
}

in each project
Fixable with:

`find ./ -type f -print0 | xargs -0 sed -i 's/backend "azurerm" {}/backend "local" {}/g'`

, but its not good :x

lukasmrtvy picture lukasmrtvy on 22 May 2019

@adborden mind checking out #761? I think we can close this one off.

You should be able to use something like the following and set the environment variable during your CI process.

remote_state {
  disable_init = tobool(get_env("DISABLE_INIT", "false"))
}
stefansedich picture stefansedich on 4 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shaharmor picture shaharmor  路  3Comments
GauntletWizard picture GauntletWizard  路  3Comments
lsc picture lsc  路  4Comments
dingobar picture dingobar  路  3Comments
jtai-omniex picture jtai-omniex  路  3Comments