I am usgin gitlabhq/gitlab
module with terrafrom.
I created a separted module for gitlab resources ./terraform-modules/terraform-gitlab-project-variables-aws-iam-access-keys
terraform {
required_providers {
gitlab = {
source = "gitlabhq/gitlab"
version = "3.3.0"
}
}
}
data "gitlab_projects" "projects-name" {
search = var.projectSearch
visibility = var.projectVisibility
}
resource "aws_iam_access_key" "user" {
user = var.projectUserName
}
resource "gitlab_project_variable" "aws_access_key_user" {
project = data.gitlab_projects.projects-name.projects[0].id
key = "AWS_ACCESS_KEY_ID"
value = aws_iam_access_key.user.id
protected = var.projectAccessKeyProtected
masked = var.projectAccessKeyMasked
environment_scope = var.projectEnvironmentScope
}
resource "gitlab_project_variable" "aws_secret_key_user" {
project = data.gitlab_projects.projects-name.projects[0].id
key = "AWS_SECRET_ACCESS_KEY"
value = aws_iam_access_key.user.secret
protected = var.projectAccessSecretProtected
masked = var.projectAccessSecretMasked
environment_scope = var.projectEnvironmentScope
}
as you can see, I added the provider configurations block and left out the definition of the provider to the root module.
Note: Only provider configurations are inherited by child modules, not provider source or version requirements. Each module must declare its own provider requirements. This is especially important for non-HashiCorp providers.
Each resource in the configuration must be associated with one provider configuration. Provider configurations, unlike most other concepts in Terraform, are global to an entire Terraform configuration and can be shared across module boundaries. Provider configurations can be defined only in a root Terraform module.
and here is my root module, I am using the previous module in gitlab_projectNetwork
module ./project/main.tf
:
provider "aws" {
access_key = var.aws_access_key_id
secret_key = var.aws_secret_access_key
region = var.aws_region
}
terraform {
required_providers {
gitlab = {
source = "gitlabhq/gitlab"
version = "3.3.0"
}
}
}
provider "gitlab" {
token = var.gitlab_token
}
terraform {
backend "http" {}
}
module "network_user" {
source = "git::https://gitlab.com/xxx/terraform-modules/terraform-aws-iam-user.git"
userName = "${var.project}-${var.env}-network"
userPath = "/infra/"
arnList = ["arn:aws:iam::${var.aws_account_id}:policy/infra/${var.project}-network-ec2-isolated-${var.env}-iam-policy"]
userTags = {
"Project": var.project,
"Environment": var.env,
"Name":"network-user"}
}
module "gitlab_projectNetwork" {
source = "git::https://gitlab.com/xxx/terraform-modules/terraform-gitlab-project-variables-aws-iam-access-keys.git"
projectUserName = module.network_user.awsIamUserName
projectSearch = "network"
projectVisibility = "private"
projectEnvironmentScope = var.env
}
when I run the script I become the following error:
2021/02/05 01:08:48 [TRACE] dag/walk: upstream of "root" errored, so skipping
Error: GET https://gitlab.com/api/v4/user: 401 {message: 401 Unauthorized}
on main.tf line 18, in provider "gitlab":
18: provider "gitlab" {
I am not sure what is the problem here, I increased the logs to TRACE and there were nothing interesting. I suspect that somehow the configuration of provider is not passed further to the child module.
Now, interesting to see that if I add the provider block
to the child module, the script works perfectly fine. But didn't the official documentation adviced against it? any ideas why this is not working?