Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat - lazy initializing of provider configuration #656

Open
daniel-ciaglia opened this issue Dec 13, 2024 · 0 comments
Open

feat - lazy initializing of provider configuration #656

daniel-ciaglia opened this issue Dec 13, 2024 · 0 comments

Comments

@daniel-ciaglia
Copy link

Situation

Setting up a new Boundary Stack on AWS, one needs to jump through multiple loops until a full controller/worker setup is present.

In my case I want to do the following (automated, reconciled in FluxCD)

  • Initial TF stack to create RDS, KMS and IAM
  • Install Boundary controller + workers
    • using outputs of TF as input for custom Helm chart
  • TF stack detects running Boundary controller
    • configures boundary provider with endpoints available
    • rolls out configuration

Expected Behavior

until the boundary provider is actually used, it sits there and does nothing.

Actual Behavior

The provider fully initialises itself against the required addr and expects a successful authentication.
Error: error performing client request during List call: Get "http://localhost:9200/v1/auth-methods?scope_id=global": dial tcp [::1]:9200: connect: connection refused

terraform-provider-boundary/internal/provider/provider.go

Line 297 in 86a99ae

if err := providerAuthenticate(ctx, d, md); err != nil {

Steps to Reproduce

Just place the boundary provider in any TF stack without any actual resources and get the error above

The count=0 below should not trigger a full provider initialisation.

terraform {
  required_version = ">= 1.3.0"
  required_providers {
    boundary = {
      source  = "hashicorp/boundary"
      version = "~> 1.2"
    }
  }
}

provider "boundary" {
  addr             = "http://localhost"
}

resource "boundary_scope" "org" {
  count = 0

  scope_id     = "global"
  name         = "global"
  description  = "Organization scope"
  global_scope = true

  auto_create_admin_role   = false
  auto_create_default_role = false
}

output "this" {
  value = "This is text"
  description = "Demo"
}

behaviour of Vault provider

Behaviour of vault provider is different

terraform {
  required_version = ">= 1.3.0"
  required_providers {
    vault = {
      source  = "hashicorp/vault"
      version = "~> 4.4"
    }
  }
}

provider "vault" {
  address = "http://localhost"
}

resource "vault_namespace" "ns1" {
  count = 0
  path  = "ns1"
}

output "this" {
  value       = "This is text"
  description = "Demo"
}

Allows terraform to plan.
Even setting count=1 allows to successfully plan and only fail at apply.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@daniel-ciaglia