How do I supply an API token to the GitLab Terraform provider as a Terraform secret resource?
Question
I am trying to use Terraform to manage some GitLab (self-hosted) configuration. The Terraform GitLab provider requires a GitLab Personal Access Token to be able to make API calls to read and write the configuration. When I try to provide this token using a Terraform secret_resource Terraform is unable to let me manage the secret. When I try to import the secret, Terraform fails:
$ terraform import secret_resource.api_token "xxx"
secret_resource.api_token: Importing from ID "xxx"...
secret_resource.api_token: Import prepared!
Prepared secret_resource for import
secret_resource.api_token: Refreshing state... [id=-]
Error: GET https://gitlab.example.com./api/v4/user/api/v4/user: 404 {error: 404 Not Found}
on /path/to/providers.tf line 24, in provider "gitlab":
24: provider "gitlab" {
Here is the minimal Terraform that reproduces this behavior:
terraform {
required_version = "~> 0.13.6"
required_providers {
gitlab = {
source = "nixpkgs/gitlab"
version = "> 3.4.99"
}
secret = {
source = "nixpkgs/secret"
version = "~> 1.1"
alias = "default"
}
}
}
resource "secret_resource" "api_token" {
lifecycle {
prevent_destroy = true
}
}
provider "gitlab" {
base_url = "https://gitlab.example.com./api/v4/user"
token = secret_resource.api_token.value
}
resource "gitlab_project" "foo" {
name = "foo"
}
I've omitted the real hostname and GitLab token value. I can reliably reproduce this failure by initializing a new Terraform root module with this configuration and then trying to import the secret.
This seems like an unreasonable failure - secret_resource does not depend on the GitLab provider. If Terraform let the value be imported then it would be available and then the GitLab provider would be properly configured.
I observe this behavior with:
- Terraform v0.13.6
- provider registry.terraform.io/nixpkgs/gitlab v3.4.999 (git rev 68c8c0e4cf14fda698bcacb74cb01fcfe7128815)
- provider registry.terraform.io/nixpkgs/secret v1.1.1
I would like to be able to continue to use secret_resource to manage the GitLab API token. How can I?
2 answers
solution1
4 ACCPTED 2021-04-25 20:19:03
From the error message, it seems like the base_url is incorrectly configured. /api/v4/user comes up twice:
Error: GET https://gitlab.example.com./api/v4/user/api/v4/user: 404 {error: 404 Not Found}
Try setting the base_url to just the hostname, with a slash:
provider "gitlab" {
base_url = "https://gitlab.example.com/"
token = secret_resource.api_token.value
}
solution2
-1 2021-04-25 20:23:26
You also have a dot in address ( gitlab.example.com. ) which should rather be gitlab.example.com .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.