terraform-provider-argocd
terraform-provider-argocd copied to clipboard
argoproj-labs
Refresh or plan update
Hi,
maybe the configuration is wrong, but when i install/config everything the first time everything worked as expected buyt when i want to make some change on my TF the provider asked me some weird stuff
Plan: 0 to add, 1 to change, 0 to destroy.
╷
│ Error: invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled
│
│ with module.config-argocd.argocd_repository.git[0],
│ on .terraform/modules/config-argocd/modules/argocd/config/main.tf line 1, in resource "argocd_repository" "git":
│ 1: resource "argocd_repository" "git" {
│
╵
╷
│ Error: invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled
│
│ with module.config-argocd.argocd_repository.git[2],
│ on .terraform/modules/config-argocd/modules/argocd/config/main.tf line 1, in resource "argocd_repository" "git":
│ 1: resource "argocd_repository" "git" {
│
╵
╷
│ Error: invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled
│
│ with module.config-argocd.argocd_repository.git[1],
│ on .terraform/modules/config-argocd/modules/argocd/config/main.tf line 1, in resource "argocd_repository" "git":
│ 1: resource "argocd_repository" "git" {
│
╵
╷
│ Error: invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled
│
│ with module.config-argocd.argocd_repository.helm[0],
│ on .terraform/modules/config-argocd/modules/argocd/config/main.tf line 11, in resource "argocd_repository" "helm":
│ 11: resource "argocd_repository" "helm" {
Terraform Version, ArgoCD Provider Version and ArgoCD Version
❯ tf -version
Terraform v1.7.5
on linux_amd64
+ provider registry.terraform.io/hashicorp/helm v2.12.1
+ provider registry.terraform.io/hashicorp/kubernetes v2.27.0
+ provider registry.terraform.io/oboukili/argocd v6.0.3
+ provider registry.terraform.io/ovh/ovh v0.40.0
Terraform configuration
# module install-argocd
resource "helm_release" "argocd_deploy" {
name = "argocd"
chart = "argo-cd"
timeout = 600
version = var.chart_version
namespace = var.namespace
repository = "https://argoproj.github.io/argo-helm"
create_namespace = true
# WARNING: May need to add some value , to not beeing issue with other TF run
lifecycle {
ignore_changes = all
}
}
# TODO: create stronger default password
data "kubernetes_secret" "argocd_secret" {
depends_on = [helm_release.argocd_deploy]
metadata {
name = "argocd-initial-admin-secret"
namespace = var.namespace
}
}
module "install-argocd" {
depends_on = [module.kubernetes]
source = "git::https://gitlab.com/xxxxxxxxinfra/terraform/argocd.git//modules/argocd/bootstrap?ref=v0.3.0"
# in this module i make helm install of the argocd chart
# content of the module
}
module "config-argocd" {
depends_on = [module.install-argocd]
source = "git::https://gitlab.com/xxxxxxxx/infra/terraform/argocd.git//modules/argocd/config?ref=v0.3.0"
git_username = local.git_username
applicationset_repo = "https://gitlab.com/xxxxxxx/infra/xxxxxxxxgit"
# passed as Env Var
git_password = var.git_password
git_repositories = [
{
name = "si"
url = "https://gitlab.com/xxxxxxx.git"
},
{
name = "values"
url = "https://gitlab.com/xxxxxx.git"
},
{
name = "chart"
url = "https://gitlab.com/xxxxx.git"
}
]
}
Question
Wondering ,why the first time everything went good then on second and next plan/apply argocd provider asked me some `username/password stuff
Hi @DrummyFloyd, What does the configuration of the provider itself (provider "argocd") look like? Is it possible that you had environment variables set when you first ran the code?
oh sh*t i forgot to share the best part ><
no only Env Var set is the git_password
provider "argocd" {
port_forward_with_namespace = "argocd"
username = "admin"
password = module.install-argocd.argocd_credentials_admin
kubernetes {
host = module.kubernetes.host
client_certificate = module.kubernetes.client_certificate
client_key = module.kubernetes.client_key
cluster_ca_certificate = module.kubernetes.cluster_ca_certificate
}
}
The only thing I can think of is that module.install-argocd.argocd_credentials_admin is returning a blank string.
i think it's that, but it shoudn't not happnd because the first time i run this evertything is going well , because the
data "kubernetes_secret" "argocd_secret" { if etched , so it should be stored in the state , or do i missed soimething ?
@DrummyFloyd Did you manage to find a workaround/fix for this in the end? I'm hitting the exact same issue
@DrummyFloyd Did you manage to find a workaround/fix for this in the end? I'm hitting the exact same issue
it's a workaround ... bit annoyong tho'
but i delete the state part of my module .. don't have time to figure it out why atm =/ don't have better solution atm
An engineer on our team discovered a "work around"
- in the provider config, comment out the password line
- retrieve the actual argocd admin user password
- set the env var
ARGOCD_AUTH_PASSWORDto the argocd admin user password - terraform plan/apply
- subsequent runs will work with the password line restored
I sincerely believe this should be considered a bug.
looks like the env var overrides the provider so there is no need to comment out the password line
I think it just simply shows that the password changes, the state file has the old password and doesn't get a chance to run the data object to refresh before the provider bombs out
* set the env var `ARGOCD_AUTH_PASSWORD` to the argocd admin user password
Just for anyone else trying this, the env variable would need to be set on the machine that is running terraform apply. Not the argo container.
