Search code examples
terraformgithub-actionsterraform-provider-aws

terraform wants 'valid credentials' for cloudflare but any arguments i add in my main.tf respond 'unsupported argument'

I had terraform and cloudfront working locally. Now that I have tried to add a github action, I am unable to run 'terraform plan' successfully. It passes locally and fails in github actions.

│ Error: credentials are not set correctly
│ 
│   with provider["registry.terraform.io/cloudflare/cloudflare"],
│   on main.tf line 29, in provider "cloudflare":
│   29: provider "cloudflare" {

My main file before my changes looked like this:


provider "aws" {
  region = var.aws_region
}


provider "cloudflare" {
    api_token = var.cloudflare_api_token
}

resource "aws_s3_bucket" "site" {
  bucket = var.site_domain
  acl    = "public-read"

  website {
    index_document = "index.html"
    error_document = "index.html"
  }
}

resource "aws_s3_bucket" "www" {
  bucket = "www.${var.site_domain}"
  acl    = "private"
  policy = ""

  website {
    redirect_all_requests_to = "https://${var.site_domain}"
  }
}

resource "aws_s3_bucket_policy" "public_read" {
  bucket = aws_s3_bucket.site.id
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Sid       = "PublicReadGetObject"
        Effect    = "Allow"
        Principal = "*"
        Action    = "s3:GetObject"
        Resource = [
          aws_s3_bucket.site.arn,
          "${aws_s3_bucket.site.arn}/*",
        ]
      },
    ]
  })
}

data "cloudflare_zones" "domain" {
  filter {
    name = var.site_domain
  }
}

resource "cloudflare_record" "site_cname" {
  zone_id = data.cloudflare_zones.domain.zones[0].id
  name    = var.site_domain
  value   = aws_s3_bucket.site.website_endpoint
  type    = "CNAME"

  ttl     = 1
  proxied = true
}

resource "cloudflare_record" "www" {
  zone_id = data.cloudflare_zones.domain.zones[0].id
  name    = "www"
  value   = var.site_domain
  type    = "CNAME"

  ttl     = 1
  proxied = true
}

My terraform.tfvars file looks like this:

    aws_region         = "us-east-1"
    aws_access_key_id  =  <my awsaccesskeyid>
    aws_secret_key     =  <my awssecretkey>
    site_domain        =  <my domain name>
    cloudflare_api_token=<mytoken>

My variables.tf looked like:

    variable "aws_region" {
      type        = string
      description = "The AWS region to put the bucket into"
      default     = "us-east-1"
    }

    variable "site_domain" {
      type        = string
      description = "The domain name to use for the static site"
      default = "<my website name>.net"
    }


    variable "cloudflare_api_token" {
       type        = string
       description = "The cloudflare Api key"
       default     = null 
    }

I ran CLOUDFLARE_API_TOKEN=<my token>

Everything worked until I tried following hashicorps tutorial here. When my first github action ran, terraform plan failed with this error:

     Error: credentials are not set correctly
 
    with provider["registry.terraform.io/cloudflare/cloudflare"],
    on main.tf line 29, in provider "c

To get past the cloudflare error, I have tried:

  1. adding my cloudflare api token to terraform.tfvar
  2. setting my email, token in main in the cloudflare_provider block a variety of ways including calling the terraform.tfvar value
  3. adding my cloudflare token to variables.tf
  4. adding my cloudflare token to environmental variables in my terraform cloud
  5. adding my cloudflare token, aws keys to github as a secret

any time I try to pass anything new in the provider {} blocks, I get 'unsupported argument' errors

Solution

  • Found the fix: I added an extra block in my github workflow/terraform.yml file:

    ENV_NAME: prod
AWS_ACCESS_KEY_ID: $${{secrets.AWSACCESSKEY}}
AWS_SECRET_ACCESS_KEY: $${{secrets.AWSSECRETACCESSKEY}}
CLOUDFLARE_API_TOKEN: $${{secrets.CLOUDFLARE_API_TOKEN}}