I am creating the pipeline in Azure DevOps with diffrent results and to diffrent errors I faced into. I have several files in /test directory (main.tf, variables.tf and output.tf) which creates pubsub topic and subscription. I want Azure DevOps pipeline use to execute terraform init/plan and apply steps.
This is my configuration for main.tf (only part to which I have questions):
provider "google" {
project = var.project_id
region = "us-east1"
access_token = <<EOF
{
<content>
}
EOF
pipeline.yaml
variables:
projectName: sandbox
terraformConfigDirectory: '$(Build.SourcesDirectory)/test'
trigger:
branches:
include:
- test/pipeline
stages:
- stage: Start
displayName: 'Preparation to task execution'
jobs:
- job: BeginJob
displayName: 'Beginning'
steps:
- script: |
echo "Project Name: $(projectName)"
terraform version
- script: |
cd $(terraformConfigDirectory)
terraform init \
-backend-config="bucket=$(projectName)-tf-state" \
-backend-config="$(projectName)@test.iam.gserviceaccount.com" \
-backend-config="prefix=$(System.DefaultWorkingDirectory)/test" \
-backend-config="region= us-east1"
displayName: 'tfi'
- script: |
cd $(terraformConfigDirectory)
terraform plan \
-compact-warnings -refresh=false -lock=false \
-out=tfplan.out
displayName: 'tfp'
- script: |
cd $(terraformConfigDirectory)
terraform apply -auto-approve
displayName: 'tfa'
Questions:
access_token it fails on tfp script with error:Error: Attempted to load application default credentials since neither
credentialsnoraccess_tokenwas set in the provider block. No credentials loaded. To use your gcloud credentials, run 'gcloud auth application-default login'
However, when I use access_token it fails on tfa script with the error:
Error creating Topic: Put "https://pubsub.googleapis.com/v1/projects/sandbox/topics/pipeline-topic?alt=json": net/http: invalid header field value for "Authorization"
1a. Anyway how to resolve it to have terraform apply working?
I would like to see the output of terraform plan command in Terraform Plan section on Azure DevOps webpage. I found out that I should use publishPlanResult parameter however in task block which I am not using in my code snippet. Is that some workaround to pass that parameter to my code?
Also, I am using VSC and I am able directly to type terraform apply without any .json key passing, so I do not know why Azure DevOps needs it. It would be ideal to have it working with pipeline the same way like local, since normally I just type terraform apply and after while can see my deployed resource in GCP.
I try to debuggining without the final effect of applying resources in GCP console, and also to have Terraform Plan output on Azure Devops visible.
For your issue with the credentials and access_token, to configure credentials with the google provider, you can reference the following documentation for the google provider:
To get the output of terraform plan command, you can try like as below:
Use the option '-json' to the terraform plan command to generated the output into a readable JSON file.
terraform plan -json
Then you can run the terraform show command to output the contents from the JSON file.
terraform show -json
Based on the statement in this "Adding credentials", the JSON key file is required. If you have downloaded the the JSON key file and mapped the associated environment variables, you can directly run apply. But in pipeline, if you run on a different machine, you also need to get the JSON key file and map the associated environment variables.