hcp_vault_cluster_admin_token issues with app.terraform.io remote backend

[wilkosz]

Terraform Version and Provider Version

Terraform version: 14 or 15
HCP provider version: 0.6.0
Terraform Cloud

Affected Resource(s)

• hcp_vault_cluster_admin_token

Terraform Configuration Files

Any build using Terraform remote backend. (HVN and Vault are newly created with no configuration other than being made public)

data "hcp_vault_cluster" "main" {
  cluster_id = var.hvn.vault_id
}
resource "hcp_vault_cluster_admin_token" "main" {
  cluster_id = var.hvn.vault_id
}
provider "vault" {
  address   = "https://${data.hcp_vault_cluster.main.vault_public_endpoint_url}:8200"
  token     = hcp_vault_cluster_admin_token.main.token
  namespace = "admin"
}
resource "vault_mount" "db" {
  path = "database"
  type = "database"
}

 backend "remote" {
    hostname     = "app.terraform.io"
    organization = "dochub"

    workspaces {
      name = "dochub-testing"
    }
  }

Debug Output

Error: no vault token found

  on ../modules/hvn/providers.tf line 14, in provider "vault":
  14: provider "vault" {

1. terraform apply

Expected Behavior

Any behaviour resulting in execution plan creation

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

Important Factoids

This is only an issue with backend remote. Locally, and s3 backend both work as desired when HCP_CLIENT_ID and HCP_CLIENT_SECRET are present. Also note that hcp_vault_cluster data resource returns the vault_public_endpoint_url. Manually adding the environment variable VAULT_TOKEN on Terraform cloud does fix the issue, but doesn't scale.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment