Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh or plan update #379

Open
DrummyFloyd opened this issue Mar 25, 2024 · 10 comments
Open

Refresh or plan update #379

DrummyFloyd opened this issue Mar 25, 2024 · 10 comments
Labels
question Further information is requested Stale

Comments

@DrummyFloyd
Copy link

Hi,

maybe the configuration is wrong, but when i install/config everything the first time everything worked as expected
buyt when i want to make some change on my TF
the provider asked me some weird stuff

Plan: 0 to add, 1 to change, 0 to destroy.
╷
│ Error: invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled
│ 
│   with module.config-argocd.argocd_repository.git[0],
│   on .terraform/modules/config-argocd/modules/argocd/config/main.tf line 1, in resource "argocd_repository" "git":
│    1: resource "argocd_repository" "git" {
│ 
╵
╷
│ Error: invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled
│ 
│   with module.config-argocd.argocd_repository.git[2],
│   on .terraform/modules/config-argocd/modules/argocd/config/main.tf line 1, in resource "argocd_repository" "git":
│    1: resource "argocd_repository" "git" {
│ 
╵
╷
│ Error: invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled
│ 
│   with module.config-argocd.argocd_repository.git[1],
│   on .terraform/modules/config-argocd/modules/argocd/config/main.tf line 1, in resource "argocd_repository" "git":
│    1: resource "argocd_repository" "git" {
│ 
╵
╷
│ Error: invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled
│ 
│   with module.config-argocd.argocd_repository.helm[0],
│   on .terraform/modules/config-argocd/modules/argocd/config/main.tf line 11, in resource "argocd_repository" "helm":
│   11: resource "argocd_repository" "helm" {

Terraform Version, ArgoCD Provider Version and ArgoCD Version

❯ tf -version
Terraform v1.7.5
on linux_amd64
+ provider registry.terraform.io/hashicorp/helm v2.12.1
+ provider registry.terraform.io/hashicorp/kubernetes v2.27.0
+ provider registry.terraform.io/oboukili/argocd v6.0.3
+ provider registry.terraform.io/ovh/ovh v0.40.0

Terraform configuration

# module install-argocd
resource "helm_release" "argocd_deploy" {
  name             = "argocd"
  chart            = "argo-cd"
  timeout          = 600
  version          = var.chart_version
  namespace        = var.namespace
  repository       = "https://argoproj.github.io/argo-helm"
  create_namespace = true
  # WARNING: May need to add some value , to not beeing issue with other TF run
  lifecycle {
    ignore_changes = all
  }
}

# TODO: create stronger default password
data "kubernetes_secret" "argocd_secret" {
  depends_on = [helm_release.argocd_deploy]
  metadata {
    name      = "argocd-initial-admin-secret"
    namespace = var.namespace
  }
}
module "install-argocd" {
  depends_on = [module.kubernetes]
  source     = "git::https://gitlab.com/xxxxxxxxinfra/terraform/argocd.git//modules/argocd/bootstrap?ref=v0.3.0"
  # in this module i make helm install of the argocd chart 
  # content of the module
  
}

module "config-argocd" {
  depends_on          = [module.install-argocd]
  source              = "git::https://gitlab.com/xxxxxxxx/infra/terraform/argocd.git//modules/argocd/config?ref=v0.3.0"
  git_username        = local.git_username
  applicationset_repo = "https://gitlab.com/xxxxxxx/infra/xxxxxxxxgit"
  # passed as Env Var
  git_password = var.git_password
  git_repositories = [
    {
      name = "si"
      url  = "https://gitlab.com/xxxxxxx.git"
    },
    {
      name = "values"
      url  = "https://gitlab.com/xxxxxx.git"
    },
    {
      name = "chart"
      url  = "https://gitlab.com/xxxxx.git"
    }
  ]
}

Question

Wondering ,why the first time everything went good
then on second and next plan/apply
argocd provider asked me some `username/password stuff
@DrummyFloyd DrummyFloyd added the question Further information is requested label Mar 25, 2024
@onematchfox
Copy link
Collaborator

Hi @DrummyFloyd, What does the configuration of the provider itself (provider "argocd") look like? Is it possible that you had environment variables set when you first ran the code?

@DrummyFloyd
Copy link
Author

oh sh*t i forgot to share the best part ><

no only Env Var set is the git_password

provider "argocd" {
  port_forward_with_namespace = "argocd"
  username                    = "admin"
  password                    = module.install-argocd.argocd_credentials_admin
  kubernetes {
    host                   = module.kubernetes.host
    client_certificate     = module.kubernetes.client_certificate
    client_key             = module.kubernetes.client_key
    cluster_ca_certificate = module.kubernetes.cluster_ca_certificate
  }
}

@onematchfox
Copy link
Collaborator

The only thing I can think of is that module.install-argocd.argocd_credentials_admin is returning a blank string.

@DrummyFloyd
Copy link
Author

i think it's that, but it shoudn't not happnd because the first time i run this evertything is going well , because the
data "kubernetes_secret" "argocd_secret" { if etched , so it should be stored in the state , or do i missed soimething ?

@samhine
Copy link

samhine commented Jul 24, 2024

@DrummyFloyd Did you manage to find a workaround/fix for this in the end? I'm hitting the exact same issue

@DrummyFloyd
Copy link
Author

@DrummyFloyd Did you manage to find a workaround/fix for this in the end? I'm hitting the exact same issue

it's a workaround ... bit annoyong tho'

but i delete the state part of my module .. don't have time to figure it out why atm =/
don't have better solution atm

@rljohnsn
Copy link

rljohnsn commented Aug 8, 2024

An engineer on our team discovered a "work around"

  • in the provider config, comment out the password line
  • retrieve the actual argocd admin user password
  • set the env var ARGOCD_AUTH_PASSWORD to the argocd admin user password
  • terraform plan/apply
  • subsequent runs will work with the password line restored

I sincerely believe this should be considered a bug.

@rljohnsn
Copy link

rljohnsn commented Aug 8, 2024

looks like the env var overrides the provider so there is no need to comment out the password line

I think it just simply shows that the password changes, the state file has the old password and doesn't get a chance to run the data object to refresh before the provider bombs out

@tfon23
Copy link

tfon23 commented Aug 14, 2024 

* set the env var `ARGOCD_AUTH_PASSWORD` to the argocd admin user password

Just for anyone else trying this, the env variable would need to be set on the machine that is running terraform apply. Not the argo container.

@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the Stale label Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rljohnsn @onematchfox @samhine @DrummyFloyd @tfon23