Giter Site home page Giter Site logo

terraform-provider-spacelift's Introduction

Spacelift Terraform Provider

The Spacelift Terraform provider is used to programmatically interact with its GraphQL API, allowing Spacelift to declaratively manage itself ๐Ÿคฏ

Documentation

You can browse documentation on the Terraform provider registry.

Using the Provider

Terraform 0.13 and Above

You can use the provider via the Terraform provider registry.

Terraform 0.12 or Manual Installation

You can download a pre-built binary from the releases page, these are built using goreleaser (the configuration is in the repo). You can verify the signature using this key.

If you want to build from source, you can simply use go build in the root of the repository.

Development

Tools

To develop the provider locally you need the following tools:

Generating the Documentation

To generate the documentation, run the following command:

cd tools
go generate ./...

Using a Local Build of the Provider

Sometimes as well as running unit tests, you want to be able to run a local build of the provider against Spacelift. This involves the following steps:

  1. Building a copy of the provider using GoReleaser.
  2. Updating your .terraformrc file to point at your local build.
  3. Generating an API key in Spacelift.
  4. Running Terraform locally.

Building the Provider Using GoReleaser

To build the provider, run the following command:

goreleaser build --clean --snapshot

This will produce a number of binaries in subfolders of the dist folder for each supported architecture and OS:

dist
|-- artifacts.json
|-- config.yaml
|-- metadata.json
|-- terraform-provider-spacelift_darwin_amd64_v1
|   `-- terraform-provider-spacelift_v0.1.11-SNAPSHOT-bb215e9
|-- terraform-provider-spacelift_darwin_arm64
|   `-- terraform-provider-spacelift_v0.1.11-SNAPSHOT-bb215e9
|-- terraform-provider-spacelift_linux_amd64_v1
|   `-- terraform-provider-spacelift_v0.1.11-SNAPSHOT-bb215e9
|-- terraform-provider-spacelift_linux_arm64
|   `-- terraform-provider-spacelift_v0.1.11-SNAPSHOT-bb215e9
|-- terraform-provider-spacelift_windows_amd64_v1
|   `-- terraform-provider-spacelift_v0.1.11-SNAPSHOT-bb215e9.exe
`-- terraform-provider-spacelift_windows_arm64
    `-- terraform-provider-spacelift_v0.1.11-SNAPSHOT-bb215e9.exe

Updating your .terraformrc file

The next step is telling Terraform to use your local build, rather than a copy from the Terraform registry. You can do this by specifying dev_overrides in your .terraformrc file.

To do this, edit or create a .terraformrc in your home folder, and add the following contents:

provider_installation {
  dev_overrides {
    "spacelift.io/spacelift-io/spacelift" = "<absolute-path-to-repo>/dist/terraform-provider-spacelift_<OS>_<arch>"
  }

  direct {}
}

Make sure to replace <absolute-path-to-repo>, <OS>, and <arch> with the correct values, for example:

"spacelift.io/spacelift-io/spacelift" = "/home/my-user/github.com/spacelift-io/terraform-provider-spacelift/dist/terraform-provider-spacelift_linux_amd64_v1"

Generating an API Key

Follow the information in our API documentation page to generate an API key. Please make sure to generate an admin key since admin permissions are required for most operations you will be using the provider for.

Running Spacelift Terraform Provider Locally

To test your local build, just create the relevant Terraform files needed to test your changes, and run terraform plan, terraform apply, etc as normal. The main difference when running the provider locally rather than within Spacelift is that you need to tell it how to authenticate with your Spacelift account. Here's a minimal example:

terraform {
  required_providers {
    spacelift = {
      source = "spacelift.io/spacelift-io/spacelift"
    }
  }
}

provider "spacelift" {
  api_key_endpoint = "https://<account-name>.app.spacelift.io"
  api_key_id       = "<api-key-id>"
  api_key_secret   = "<api-key-secret>"
}

data "spacelift_account" "this" {
}

output "account_name" {
  value = data.spacelift_account.this.name
}

Make sure to replace <account-name>, <api-key-id> and <api-key-secret> with the relevant values.

Releasing New Versions of the Provider

In order to release a new version of the provider one should follow those simple steps:

  • Create a new tag for the latest commit on tha main branch git tag vX.Y.Z -m "Release"
  • Push the tag git push origin vX.Y.Z
  • Refer to our internal wiki on publishing the release artifacts

terraform-provider-spacelift's People

Contributors

adamconnelly avatar alexjurkiewicz avatar b4k3r avatar clistoq avatar cube2222 avatar dependabot[bot] avatar dobarx avatar eliecharra avatar elliott-weston-cko avatar gergu avatar github-actions[bot] avatar hoeg avatar jmfontaine avatar kniepok avatar marcinwyszynski avatar mbialon avatar michalg9 avatar michieldewilde avatar mwasilew2 avatar peterdeme avatar sephriot avatar spitzzz avatar spr-mweber3 avatar themacies avatar tomasmik avatar truszkowski avatar wojciech12 avatar yantrio avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

erupare elliott-weston-cko alexjurkiewicz isgasho tesharp nitrocode korenyoni sysdogs mandalaair clistoq themacies tgkishore bluszcz dorp007 rafmo20d mcalhoun leetrout alexrogalskiy mplushnikov tmeckel mohamed-haidara-cko mahi-awasthi gabyto19 longtran1998 songokudan edmaxim

terraform-provider-spacelift's Issues

Support `VCS Provider` configuration

We're using Azure DevOps and have the requirement to rotate the personal access token used for Spacelift.

It would be great, if we could configure VCS Providers via Terraform.

Example for AzDO:

resource "spacelift_vcs_provider_configuration" "this" {
  azure_devops {
    url = "xxx"
    pat = "xxx"
  }
}

Provider crashes with "Error: Plugin did not respond"

I'm getting a puzzling crash message. See below.

Some context:

[01G9J6XDP5B1XFGQGXA5W85GGK] Running 0 custom hooks...
[01G9J6XDP5B1XFGQGXA5W85GGK] Applying changes...
module.test_stack.spacelift_stack.this: Creating...
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with spacelift_policy.dev_apply_policy,
โ”‚   on policies.tf line 4, in resource "spacelift_policy" "dev_apply_policy":
โ”‚    4: resource "spacelift_policy" "dev_apply_policy" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain
โ”‚ more details.
โ•ต
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with spacelift_policy.test_apply_policy,
โ”‚   on policies.tf line 10, in resource "spacelift_policy" "test_apply_policy":
โ”‚   10: resource "spacelift_policy" "test_apply_policy" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain
โ”‚ more details.
โ•ต
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with spacelift_policy.staging_apply_policy,
โ”‚   on policies.tf line 16, in resource "spacelift_policy" "staging_apply_policy":
โ”‚   16: resource "spacelift_policy" "staging_apply_policy" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain
โ”‚ more details.
โ•ต
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with spacelift_policy.prod_apply_policy,
โ”‚   on policies.tf line 22, in resource "spacelift_policy" "prod_apply_policy":
โ”‚   22: resource "spacelift_policy" "prod_apply_policy" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain
โ”‚ more details.
โ•ต
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with module.customer_stack_acme.spacelift_stack.this,
โ”‚   on .terraform/modules/customer_stack_acme/main.tf line 1, in resource "spacelift_stack" "this":
โ”‚    1: resource "spacelift_stack" "this" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain
โ”‚ more details.
โ•ต
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with module.dev_stack.spacelift_stack.this,
โ”‚   on .terraform/modules/dev_stack/main.tf line 1, in resource "spacelift_stack" "this":
โ”‚    1: resource "spacelift_stack" "this" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain
โ”‚ more details.
โ•ต
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with module.prod_stack.spacelift_stack.this,
โ”‚   on .terraform/modules/prod_stack/main.tf line 1, in resource "spacelift_stack" "this":
โ”‚    1: resource "spacelift_stack" "this" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain
โ”‚ more details.
โ•ต
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with module.staging_stack.spacelift_stack.this,
โ”‚   on .terraform/modules/staging_stack/main.tf line 1, in resource "spacelift_stack" "this":
โ”‚    1: resource "spacelift_stack" "this" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain
โ”‚ more details.
โ•ต
โ•ท
โ”‚ Error: Plugin did not respond
โ”‚ 
โ”‚   with module.test_stack.spacelift_stack.this,
โ”‚   on .terraform/modules/test_stack/main.tf line 1, in resource "spacelift_stack" "this":
โ”‚    1: resource "spacelift_stack" "this" {
โ”‚ 
โ”‚ The plugin encountered an error, and failed to respond to the
โ”‚ plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may
โ”‚ contain more details.
โ•ต

Stack trace from the terraform-provider-spacelift_v0.1.22 plugin:

panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 66 [running]:
github.com/spacelift-io/terraform-provider-spacelift/spacelift.stackInput(_)
	github.com/spacelift-io/terraform-provider-spacelift/spacelift/resource_stack.go:708 +0x1e05
github.com/spacelift-io/terraform-provider-spacelift/spacelift.resourceStackCreate({0xd8f708, 0xc00007ac60}, 0xb81ca0?, {0xbcb420?, 0xc0003b8ba0?})
	github.com/spacelift-io/terraform-provider-spacelift/spacelift/resource_stack.go:413 +0xc5
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0xc0002fb0a0, {0xd8f740, 0xc000581770}, 0xd?, {0xbcb420, 0xc0003b8ba0})
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:707 +0x12e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc0002fb0a0, {0xd8f740, 0xc000581770}, 0xc000596f70, 0xc000158c80, {0xbcb420, 0xc0003b8ba0})
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:837 +0xa7a
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc0002c4558, {0xd8f698?, 0xc000422f40?}, 0xc000572870)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:1021 +0xe3c
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc0002a4640, {0xd8f740?, 0xc000580d50?}, 0xc0003f61c0)
	github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:812 +0x515
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0xc34aa0?, 0xc0002a4640}, {0xd8f740, 0xc000580d50}, 0xc00007a4e0, 0x0)
	github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:385 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00017ca80, {0xd92130, 0xc0000031e0}, 0xc00057f440, 0xc0003062d0, 0x122b100, 0x0)
	google.golang.org/[email protected]/server.go:1282 +0xccf
google.golang.org/grpc.(*Server).handleStream(0xc00017ca80, {0xd92130, 0xc0000031e0}, 0xc00057f440, 0x0)
	google.golang.org/[email protected]/server.go:1619 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
	google.golang.org/[email protected]/server.go:921 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
	google.golang.org/[email protected]/server.go:919 +0x28a

Error: The terraform-provider-spacelift_v0.1.22 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

[01G9J6XDP5B1XFGQGXA5W85GGK] Unexpected exit code when applying changes: 1
[01G9J6XDP5B1XFGQGXA5W85GGK] Uploading the list of managed resources...
[01G9J6XDP5B1XFGQGXA5W85GGK] Resource list upload is GO

Can't move stacks with AWS integration attached to a different space

The problem

Moving stacks and AWS integrations to different spaces is failing at apply phase (succeeds plan if that matters)

Detailed description

So I have a module for creating the AWS Integration and attaching it to a stack (IAM role + Spacelift Integration resources, basicly the same as described in documentation https://docs.spacelift.io/integrations/cloud-providers/aws#programmatic-setup)

That module also accepts an input space_id for in which space the integration should be located

This is how I am calling it

module "aws_fastapi_integration" {
  source    = "./modules/aws_integration"
  role_name = "aws-fastapi-spacelift-integration"
  stack_id  = spacelift_stack.aws_fastapi.id
  iam_policy_arns = [
    "arn:aws:iam::aws:policy/AdministratorAccess"
  ]
  space_id = "root"
}

Initially I created these in the root space, but now I created a new spacelift_space

resource "spacelift_space" "workloads" {
...
}

And I wanted to move both the stack and the integration to that space, so I added that argument to the stack and the integration

resource "spacelift_stack" "aws_fastapi" {
  ...
  space_id  = spacelift_space.workloads.id # new
}
module "aws_fastapi_integration" {
  source    = "./modules/aws_integration"
  ...
  space_id = spacelift_space.workloads.id # changed from root
}

Neither the spacelift_aws_integration or the spacelift_stack can be moved to a new space because they depend on each other. That's the errors that I'm getting

โ”‚ Error: could not update stack: cannot move stack to a different space - there are attached entities that would become inaccessible in the following spaces: root

โ”‚ Error: could not update the AWS integration: cannot move the integration - some stacks that have this integration attached would no longer be able to access it


# Question
Is there a better way of doing it other than destroying the integration (or the attachment) manually before moving spaces?

`spacelift_stack` resource does not support `terragrunt` block

Bug Description

Terraform Version: 1.5.5
Spacelift Provider Version: 0.1.37

The terragrunt block in the spacelift_stack resource does not get parsed properly by the provider causing an error.

image

Steps to Reproduce

  1. Add a terragrunt block or use a dynamic terraform block for terragrunt
resource "spacelift_stack" "this" {
  # other configuration

  terragrunt {
      terraform_version      = var.terraform_version
      terragrunt_version     = var.terragrunt_version
      use_run_all            = var.terragrunt_use_run_all
      use_smart_sanitization = true
    }
}

or with dynamic configuration

resource "spacelift_stack" "this" {
  # other configuration

  dynamic "terragrunt" {
    for_each = var.terragrunt_version ? [1] : []

    content {
      terraform_version      = var.terraform_version
      terragrunt_version     = var.terragrunt_version
      use_run_all            = var.terragrunt_use_run_all
      use_smart_sanitization = true
    }
  }
}
  1. Run terraform init followed by terraform plan, the plan step should produce the error
image

Expected Behavior

Terragrunt block should not have result with an error. Also an example of using terragrunt should be added to the examples.

Spacelift stack must match ID if imported

Steps to re-produce

  • Create resource manually in UI
  • Import the spacelift stack using terraform
  • In the terraform resource specify the slug

Definition

resource "spacelift_stack" "this" {
  github_enterprise {
    namespace = var.github_org
  }

  slug           = "spacelift-seed"
  name           = "Spacelift Admin"
  administrative = true
  autodeploy     = true
  autoretry      = false
  branch         = var.branch
  labels = [
    "folder:team/${var.team}/admin",
    "folder:env/${var.env}",
    "folder:worker/${var.worker_pool_name}",
  ]
  github_action_deploy  = false
  enable_local_preview  = true
  manage_state          = true
  project_root          = var.root
  protect_from_deletion = true
  repository            = var.repository
  terraform_version     = var.terraform_version
  worker_pool_id        = var.worker_pool_id

}

plan output

  # module.spacelift-admin-stack.spacelift_stack.this must be replaced
-/+ resource "spacelift_stack" "this" {
      ...
      ~ id                               = "spacelift-seed" -> (known after apply)
        name                             = "Spacelift Admin"
      + slug                             = "spacelift-seed" # forces replacement
        # (13 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

workaround

Rename stack to make id match its name, and remove the slug field. You can't add the slug field back after the fact - and resources are unable to be imported to match the slug.

Expected behavior

It shouldn't need to re-build if the slug matches the expected ID since we actually already know the ID prior to the plan.

Request: get Azure DevOps integration webhook endpoint via data source

Hey team! Would it be possible to be able to retrieve the Azure DevOps integration webhook endpoint via data source in Terraform?

The Azure DevOps integration is already able to get the other key info needed for adding a webhook subscription to an Azure DevOps Project to support auto-deployment, but it looks like the webhook endpoint isn't part of that query bundle yet.

Use case

I'm working to help onboard my organization with a goal to be able to create delegated admin Spaces via Terraform. Each Space would also have an Azure DevOps Project created for it, with an initial Repo associated with their starter administrative Stack, and the set of auto-deployment webhooks created for the Project.

Currently, there's just two components we're waiting on/watching for to be able to manage the resources fully via Terraform:

  1. The Azure DevOps Provider to add support for a resource for webhook servicehooks
  2. The Spacelift.io Provider to add support for fetching the Azure DevOps integration webhook endpoint

Priority

Definitely low!

This would mainly be a nice-to-have: we do have a manual work-around, and the ideal solution does require another Provider to resolve one of the other blockers.

However, if we could at least retrieve all the webhook info from Spacelift via Terraform, then we could use that info to create the webhooks programmatically/via API until the Azure DevOps Provider adds the option. So it'd still help make the automation a bit easier.

(Thank you in advance for consideration, it's much appreciated!)

Stack Destructor Fails to Destroy when Using Stack Dependencies V2

My team and I use the Spacelift stack dependencies to order the execution of related runs but we also try to take advantage of the dependency references to map outputs to inputs of different stacks. We are coming across an issue where when we try and destroy the stack using the stack destructor it produces the following error.

module.ecs-cluster-stack.spacelift_stack_destructor.this: Destroying... [id=destructor-1706552961]
โ•ท
โ”‚ Error: could not delete stack test-ecs-cluster-us-east-1: can't delete stack when it has dependencies; please delete them first

I understand why the error is being produced. Because a stack cannot be destroyed because "A stack cannot be deleted if it has upstream or downstream dependencies. If you want to delete a stack, you need to delete all of its dependencies first." However, if you must destroy the dependency references first (causing an error on the destroy due to null variables), what is the reasoning of having dependency references in the first place?

I think that if dependency references goal is to provide i/o between dependent stacks then they should be allowed to exist while the resources are being destroyed.

Here is the current implementation of the stack destructor and dependencies.

resource "spacelift_stack_destructor" "this" {
  depends_on = [
    # Adding the following dependencies to ensure that the tracked resources are
    # destroyed first before the following are destroyed.
    spacelift_aws_integration_attachment.this,
    spacelift_context_attachment.this,
    spacelift_environment_variable.this,
    spacelift_policy_attachment.this,
    spacelift_stack.this,
    spacelift_stack_dependency.this,
    spacelift_stack_dependency_reference.this,
  ]

  stack_id = spacelift_stack.this.id
}

...

resource "spacelift_stack_dependency" "this" {
  count = local.number_of_dependencies

  stack_id            = spacelift_stack.this.id
  depends_on_stack_id = local.depends_on_stack_ids[count.index]
}

resource "spacelift_stack_dependency_reference" "this" {
  count = local.number_of_references

  stack_dependency_id = local.dependency_mappings[count.index].stack_dependency_id

  input_name  = local.dependency_mappings[count.index].input_name
  output_name = local.dependency_mappings[count.index].output_name
}

AWS Integration: "could not attach the aws integration" -- back off issue?

When I'm attempting to attach an AWS integration (spacelift_aws_integration_attachment) to a stack, it is failing with:

 Error: could not attach the aws integration: you need to configure trust relationship section in your AWS account

It appears to fail immediately. If I look at the code, it looks like it should enter a back-off loop, but I'm not seeing it hit the sleep wait here. My guess is it is hitting that error code string check and bailing early.

terraform-provider-spacelift/spacelift/resource_aws_integration_attachment.go

Lines 80 to 88 in 4d3a072

for i := 0; i < 5; i++ {
err = resourceAWSIntegrationAttachmentAttach(ctx, meta.(*internal.Client), projectID, d)
if err == nil || !strings.Contains(err.Error(), "could not assume") || i == 4 {
break
}
// Yay for eventual consistency.
time.Sleep(10 * time.Second)
}

I was able to get it to work by immediately re-running the apply. This seems to imply the failure was timing based and not a configuration error.

Add resources to manage Single Sign-On

Hey,

Have you considered adding OIDC and SAML resources for configuring and managing Single Sign-Ons?

We have a Terraform stacks provisioning an Enterprise Applications in Azure AD and generating corresponding OIDC credentials, and would love to integrate that into Spacelift.

As of now, one has to run the Azure AD Terraform stack and is then forced to manually copy over the client id and secret it into the web UI or directly interact with the GraphQL API.

Dedicated Spacelift resources would enable a self-rotating OIDC credentials setup, reducing the risks of accidentally forgetting to rotate and locking oneself out.

How to run tests locally?

Can y'all add a note to the README about how someone outside of spacelift can run the tests?

Looks like it expects repos named demo and terraform-bacon-tasty to exist?

I see similar references from @marcinwyszynski in hashicorp/terraform-provider-random#125 so perhaps this a personal repo?

Maybe share the repo? Or a small blurb about what should be in it? Or make the repo names configurable in the tests?

Environment variable values should be sensitive only when write_only is enabled

Since the environment variable value is marked always as sensitive, you are not able to see the actual value in the plan. And, especially when you're passing complex data or doing more than just passing a primitive value (e.g.: interpolation from other variables), it can be very hard to debug.

I think it should be marked as sensitive only when write_only is enabled. That will be more coherent to the Spacelift UI since there you can see any env var value that is not marked as write_only.

Bug: spacelift_space_by_path

Seems to be an issue with the GraphQL query made by the provider:

โ”‚ Error: could not query for spaces: Cannot query field "spaces" on type "Query". Did you mean "space"?
โ”‚ 
โ”‚   with data.spacelift_space_by_path.organization,
โ”‚   on data.tf line 17, in data "spacelift_space_by_path" "organization":
โ”‚   17: data "spacelift_space_by_path" "organization" {

Ability to get Stack Outputs as a Data Source

It would be great to have a way to get the outputs from other stacks with a data source.

For example:

data "spacelift_stack_output" "other_stack_output" {
  stack = "some other stack"
  key   = "output key"
}

Right now I'm not aware of a way to do this short of running a null_resource and querying the graphQL API directly.

Sensitive environment variables being forced replaced

We're defining stack's environment variables this way:

resource "spacelift_environment_variable" "my_secret" {
  stack_id   = spacelift_stack.my_stack.id
  name       = "my_secret"
  write_only = true
}

They get created as intended, with a null value. Then we're setting the actual value through the UI, since we do not want our secrets to be persisted in a git repository.

The problem is that future plans give this output:

  # spacelift_environment_variable.my_secret must be replaced
-/+ resource "spacelift_environment_variable" "my_secret" {
      ~ checksum   = "45b87ae48bb7a21b98c574efb56c0331ea8ad7445ee1176ffbc31a9948fb6752" -> (known after apply)
      ~ id         = "stack/my_stack/my_secret" -> (known after apply)
        name       = "my_secret"
      - value      = (sensitive value) -> null # forces replacement
        # (2 unchanged attributes hidden)
    }

The way I read it, the code says the value should be null, so it's trying to overwrite the secret to set it back to null. So that's my problem. I've looked in the documentation, but could not find the proper way to handle this case. Am I missing something?

Unable to import AWS integration

Hey ๐Ÿ‘‹

We've been trying to import our AWS integration and we've tried various incantations... The docs say "projectID" but we're assuming that is the stack ID (the slug)?

We have tried:

  • <integration id from integration page>/<stack slug>
  • <integration id from integration page>/<space id>
  • <integration id from integration page>/<space slug>
  • <different integration id from devtools graphql>/<stack slug>

None of those work and we get this error:

โ•ท
โ”‚ Error: Cannot import non-existent remote object
โ”‚ 
โ”‚ While attempting to import an existing object to
โ”‚ "spacelift_aws_integration_attachment.opsx-admin-aws", the provider
โ”‚ detected that no object exists with the given id. Only pre-existing objects
โ”‚ can be imported; check that the id is correct and that it is associated
โ”‚ with the provider's configured region or endpoint, or use "terraform apply"
โ”‚ to create a new remote object for this resource.
โ•ต
โ•ท
โ”‚ Error: attachment not found
โ”‚ 
โ”‚ 
โ•ต

Poor error message when importing a non-existent stack ID

Running a terraform import with a stack ID that doesn't exist results in an obscure error message from Terraform:

terraform import spacelift_stack.this non-existent-stack
spacelift_stack.this: Importing from ID "non-existent-stack"...
โ•ท
โ”‚ Error: The provider returned a resource missing an identifier during ImportResourceState. This is generally a bug in the resource implementation for import. Resource import code should not call d.SetId("") or create an empty ResourceData. If the resource is missing, instead return an error. Please report this to the provider developers.

This is caused by us setting the ID to an empty string and not returning an error if the stack doesn't exist. We can detect this and give users a better error message.

spacelift_module repository is not changeable

Changing the repository for a spacelift_module will suggest an update to the resource. However, after apply the repository is same as before and nothing has actually changed. Looking in UI it also is not possible to change repository, Should changing repository for a module force recreation?

Error: Unexpected token issuer api-key, is this a Spacelift run?

I tried running a spacelift terraform module locally.

I have this in my hcl which works in spacelift

provider "spacelift" {}

Locally, I set the following inputs

export SPACELIFT_API_KEY_ENDPOINT=https://snip.app.spacelift.io
export SPACELIFT_API_KEY_ID=snip
export SPACELIFT_API_KEY_SECRET=snip

I get the following error when I do a terraform init && terraform plan

 Error: unexpected token issuer api-key, is this a Spacelift run?
โ”‚
โ”‚   with module.spacelift.data.spacelift_current_stack.administrative[0],
โ”‚   on .terraform/modules/spacelift/main.tf line 167, in data "spacelift_current_stack" "administrative":
โ”‚  167: data "spacelift_current_stack" "administrative" {

Followed this guide https://registry.terraform.io/providers/spacelift-io/spacelift/latest/docs#running-outside-of-spacelift

Creation of `spacelift_user` resource results in "get login from session: incompatible issuer" error

I have tried to use the spacelift_user resource on my account created from GitHub organization in 2 different ways:

  • adding a completely new user (which exists in my GitHub org)
  • passing in user that already exists in the Spacelift account as a way to change the manually assigned policy

Both cases fail with this error:

[01HH1TMVXW5QDAEZTNQWKV9A2E] Applying changes...
spacelift_user.mgajewskik: Creating...
โ•ท
โ”‚ Error: could not create user mapping mgajewskik: get login from session: incompatible issuer
โ”‚ 
โ”‚   with spacelift_user.mgajewskik,
โ”‚   on users.tf line 2, in resource "spacelift_user" "mgajewskik":
โ”‚    2: resource "spacelift_user" "mgajewskik" {
โ”‚ 
โ•ต
[01HH1TMVXW5QDAEZTNQWKV9A2E] Unexpected exit code when applying changes: 1

Resource definition I'm using:

resource "spacelift_user" "test" {
  username         = "mgajewskik"
  invitation_email = "<email>"

  policy {
    role     = "ADMIN"
    space_id = "root"
  }
}

I'm not sure at this point if there is something wrong with the provider itself or if I'm using it incorrectly. Any guidance on that? Thanks!

`spacelift_stack` should support Azure DevOps repositories

Our repositories are all located in our Azure DevOps organization, unfortunately it seems creating stacks with these repositories is currently not supported by the provider.

Possible configuration:

resource "spacelift_stack" "k8s-core-bitbucket-cloud" {
  azure_devops {
    organization = "spacelift" # The unique name of the organization (part of the repository url)
  }

  administrative    = true
  autodeploy        = true
  branch            = "master"
  description       = "Shared cluster services (Datadog, Istio etc.)"
  name              = "Kubernetes core services"
  project_root      = "/project"
  repository        = "core-infra"
  terraform_version = "0.12.6"
}

Association resource for spaces

Currently the only method of setting one space as a child of other via terraform is to use an attribute parent_space_id.

This makes it impossible to reference the resource in single for each since terraform will report a cycle.

# variables.tf
variable "spaces" {
    description = "Map of spaces to create."
    default = {}
    type = map(object({
        name = string
        parent_key = optional(string, "root")
        description = optional(string)
        inherit_entities = optional(bool, false)
    }))
}

# main.tf
resource "spacelift_space" "space" {
  for_each = var.spaces
  name = each.value.name

  parent_space_id = spacelift_space.space[each.value.parent_key].id

  description = each.value.description
  inherit_entities = each.value.inherit_entities
}

If it would be possible to set such relation with association resource like https://registry.terraform.io/providers/spacelift-io/spacelift/latest/docs/resources/azure_integration_attachment then it enable usage of for loops in spaces creation.

Request: Support Security Components

A few org level security components are not currently configurable from the provider. We'd like to be able to capture these in code

  • Audit Trail configuration
  • Security Email

`spacelift_space` deletion fails in same run as deleting dependent resources

I am writing tests for a module which creates several spacelift_space containing spacelift_stack. During the destroy phase, these tests will almost always fail with the following error:

Error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (e-5, e-2)
Error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (c-5, c-4, c-1, c-2, c-3)
Error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (d-3, d-1, d-5)
Error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (a-1, a-4, a-3)
Error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (b-5, b-2, b-3)

It seems like the provider is attempting to delete the Space too quickly for the API to catch up. From the error message you can see it has partially succeeded, and locally a second terraform destroy succeeds. Since this is happening in module testing, it means I have to clean it up by myself. I can't work around it either with time_sleep because it would create a cyclic dependency.

Here's some reproduction code:

locals {
  stacks = toset(["1", "2", "3", "4", "5"])
  spaces = toset(["a", "b", "c", "d", "e"])
  combined = toset(flatten([
    for stack in local.stacks : [
      for space in local.spaces : {
        stack = stack
        space = space
      }
    ]
  ]))
}

data "spacelift_gitlab_integration" "this" {}

data "gitlab_project" "this" {
  path_with_namespace = "experiments/repro"
}

resource "spacelift_space" "this" {
  for_each = local.spaces

  name = each.key

  parent_space_id = "root"
}

resource "spacelift_stack" "this" {
  for_each = {
    for combination in local.combined : "${combination.stack}-${combination.space}" => combination
  }

  gitlab {
    id        = data.spacelift_gitlab_integration.this.id
    namespace = "experiments"
  }

  name     = "${each.value["space"]}/${each.value["stack"]}"
  space_id = spacelift_space.this[each.value["space"]].id

  repository = data.gitlab_project.this.name
  branch     = data.gitlab_project.this.default_branch
}

Here's the relevant part of the debug logs:

2024-02-22T12:59:34.791+0100 [INFO]  Starting apply for spacelift_space.this["e"]
2024-02-22T12:59:34.791+0100 [DEBUG] spacelift_space.this["e"]: applying the planned Delete change
2024-02-22T12:59:34.791+0100 [INFO]  Starting apply for spacelift_space.this["a"]
2024-02-22T12:59:34.791+0100 [DEBUG] spacelift_space.this["a"]: applying the planned Delete change
2024-02-22T12:59:34.791+0100 [INFO]  Starting apply for spacelift_space.this["d"]
2024-02-22T12:59:34.791+0100 [DEBUG] spacelift_space.this["d"]: applying the planned Delete change
2024-02-22T12:59:34.791+0100 [INFO]  Starting apply for spacelift_space.this["b"]
2024-02-22T12:59:34.791+0100 [DEBUG] spacelift_space.this["b"]: applying the planned Delete change
2024-02-22T12:59:34.791+0100 [INFO]  Starting apply for spacelift_space.this["c"]
2024-02-22T12:59:34.791+0100 [DEBUG] spacelift_space.this["c"]: applying the planned Delete change
2024-02-22T12:59:34.796+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-02-22T12:59:34.886+0100 [ERROR] provider.terraform-provider-spacelift_v1.9.3: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_detail= tf_rpc=ApplyResourceChange tf_req_id=bdac0715-6615-f5f4-5f7e-cde77919f4e9 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="could not delete space: cannot delete space. this entity has remaining references to it: Stack (d-4, d-3, d-1, d-2)" tf_proto_version=5.4 tf_provider_addr=spacelift.io/spacelift-io/spacelift tf_resource_type=spacelift_space timestamp=2024-02-22T12:59:34.886+0100
2024-02-22T12:59:34.893+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-02-22T12:59:34.893+0100 [ERROR] vertex "spacelift_space.this[\"d\"] (destroy)" error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (d-4, d-3, d-1, d-2)
2024-02-22T12:59:34.902+0100 [ERROR] provider.terraform-provider-spacelift_v1.9.3: Response contains error diagnostic: diagnostic_detail= diagnostic_severity=ERROR tf_proto_version=5.4 tf_provider_addr=spacelift.io/spacelift-io/spacelift tf_req_id=8f9889c1-37c5-fcb1-3763-cb656afa61e3 @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto tf_resource_type=spacelift_space diagnostic_summary="could not delete space: cannot delete space. this entity has remaining references to it: Stack (e-5, e-1)" tf_rpc=ApplyResourceChange timestamp=2024-02-22T12:59:34.902+0100
2024-02-22T12:59:34.902+0100 [ERROR] provider.terraform-provider-spacelift_v1.9.3: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_detail= diagnostic_summary="could not delete space: cannot delete space. this entity has remaining references to it: Stack (b-2, b-1, b-3)" tf_rpc=ApplyResourceChange tf_provider_addr=spacelift.io/spacelift-io/spacelift tf_req_id=411c3b9e-f828-ffbb-446b-f805c36ed8ea tf_resource_type=spacelift_space @module=sdk.proto diagnostic_severity=ERROR tf_proto_version=5.4 timestamp=2024-02-22T12:59:34.902+0100
2024-02-22T12:59:34.909+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-02-22T12:59:34.909+0100 [ERROR] vertex "spacelift_space.this[\"b\"] (destroy)" error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (b-2, b-1, b-3)
2024-02-22T12:59:34.916+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-02-22T12:59:34.916+0100 [ERROR] vertex "spacelift_space.this[\"e\"] (destroy)" error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (e-5, e-1)
2024-02-22T12:59:34.917+0100 [ERROR] provider.terraform-provider-spacelift_v1.9.3: Response contains error diagnostic: diagnostic_detail= diagnostic_severity=ERROR diagnostic_summary="could not delete space: cannot delete space. this entity has remaining references to it: Stack (c-5, c-4, c-1, c-2)" tf_proto_version=5.4 tf_provider_addr=spacelift.io/spacelift-io/spacelift tf_req_id=acb21a03-5042-3b2b-d3ba-c2cf79a77925 @module=sdk.proto tf_rpc=ApplyResourceChange tf_resource_type=spacelift_space @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 timestamp=2024-02-22T12:59:34.917+0100
2024-02-22T12:59:34.923+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-02-22T12:59:34.923+0100 [ERROR] vertex "spacelift_space.this[\"c\"] (destroy)" error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (c-5, c-4, c-1, c-2)
2024-02-22T12:59:34.981+0100 [ERROR] provider.terraform-provider-spacelift_v1.9.3: Response contains error diagnostic: tf_resource_type=spacelift_space @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_summary="could not delete space: cannot delete space. this entity has remaining references to it: Stack (a-5, a-1, a-2)" tf_provider_addr=spacelift.io/spacelift-io/spacelift diagnostic_severity=ERROR tf_proto_version=5.4 tf_req_id=1a108202-a119-82c5-95b1-9eb5adc30e3a tf_rpc=ApplyResourceChange @module=sdk.proto diagnostic_detail= timestamp=2024-02-22T12:59:34.981+0100
2024-02-22T12:59:34.991+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-02-22T12:59:34.991+0100 [ERROR] vertex "spacelift_space.this[\"a\"] (destroy)" error: could not delete space: cannot delete space. this entity has remaining references to it: Stack (a-5, a-1, a-2)
2024-02-22T12:59:35.016+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-02-22T12:59:35.019+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/spacelift-io/spacelift/1.9.3/darwin_arm64/terraform-provider-spacelift_v1.9.3 pid=27213
2024-02-22T12:59:35.019+0100 [DEBUG] provider: plugin exited

spacelift_policy renames require resource replacement 

  # spacelift_policy.base_plan_policy must be replaced
-/+ resource "spacelift_policy" "base_plan_policy" {
      ~ id       = "base-plan" -> (known after apply)
      ~ name     = "Base Plan" -> "base-plan" # forces replacement
      ~ space_id = "legacy" -> (known after apply)
        # (3 unchanged attributes hidden)
    }

Changing the name of a policy shouldn't force replacement. You can rename policies in-place in the Spacelift UI.

Allow for dynamic blocks on spacelift_stack_dependency_reference

Current usage

resource "spacelift_stack" "infra" {
  branch     = "master"
  name       = "Infrastructure stack"
  repository = "core-infra"
}

resource "spacelift_stack" "app" {
  branch     = "master"
  name       = "Application stack"
  repository = "app"
}

resource "spacelift_stack_dependency" "test" {
  stack_id            = spacelift_stack.app.id
  depends_on_stack_id = spacelift_stack.infra.id
}

resource "spacelift_stack_dependency_reference" "test" {
  stack_dependency_id = spacelift_stack_dependency.test.id
  output_name         = "DB_CONNECTION_STRING"
  input_name          = "APP_DB_URL"
}

#..repeat spacelift_stack_dependency_reference for every spacelift_stack_dependency_reference i need

Proposal

Allow in-body definition of multiple dependency references, in a single spacelift_stack_dependency_reference block. This should allow an easier iteration over the dependency resource, reference would enclose 1 or many actual output>input maps

resource "spacelift_stack" "infra" {
  branch     = "master"
  name       = "Infrastructure stack"
  repository = "core-infra"
}

resource "spacelift_stack" "app" {
  branch     = "master"
  name       = "Application stack"
  repository = "app"
}

resource "spacelift_stack_dependency" "test" {
  stack_id            = spacelift_stack.app.id
  depends_on_stack_id = spacelift_stack.infra.id
}

resource "spacelift_stack_dependency_reference" "test" {
  stack_dependency_id = spacelift_stack_dependency.test.id
  reference = {
     input_name = DB_CONNECTION_STRING
     output_name = APP_DB_URL
  }
  
  reference = {
     input_name = DB_CONNECTION_USER
     output_name = APP_DB_USER
  }
  
  reference = {
     input_name = DB_CONNECTION_TIMEOUT
     output_name = APP_DB_TIMEOUT
  }
  #...So, i could ultimately do something like...
  dynamic "reference" {
    for_each = var.references
    content {
      input_name = setting.references["input_name"]
      output_name = setting.references["output_name"]
    }
  }
}

#..repeat spacelift_stack_dependency_reference for every spacelift_stack_dependency_reference i need

Policy labels cannot be removed via terraform

Scope

I think the same may apply to stacks & modules as well - but I didn't test this out.

Description

  • I previously had labels applied via terraform
  • I removed said labels from source code
  • It generates a diff like so:
  # module.global_policy.spacelift_policy.policy["plan.no_iam_users.rego"] will be updated in-place
  ~ resource "spacelift_policy" "policy" {
        id     = "global-no_iam_users"
      ~ labels = [
          - "autoattach:meta:all",
        ]
        name   = "name"
        # (2 unchanged attributes hidden)
    }

The label changes are not actually applied.

Relevant Code:

https://github.com/spacelift-io/terraform-provider-spacelift/blob/main/spacelift/resource_policy.go#L164

I believe what is happening is:

  • Existing labels are fetched
  • New labels are picked up from the config and appended
  • There is no true up of labels that exist that aren't in terraform code

What should have happened

  • Labels that were removed should have been removed

Add tail option to spacelift_run resource

I have a terraform module which creates stacks in spacelift using the spacelift_stack terraform resource. I am trying to create an automated test for my module using the spacelift module registry. The test runs my module, which causes the child stacks to be created, but it does not automatically run the child stacks. In my test I would like to run the child stacks so that I can validate they are configured properly.

I am able to use the spacelift_run resource to trigger the child stacks to run, but there is not a way for me to know when the run has completed. I need to know when the run has completed so that my automated test can destroy the child stacks.

Allow making the `branch` argument optional for `spacelift_stack`

It would be nice if we could omit the branch argument for spacelift_stack and have it assume that we want to use the default branch of the given repository.

This would be helpful when org repos have different default branches (master, main, production, etc) so we don't end up making a mistake when creating new stacks for different repositories.

terraform-provider-spacelift/spacelift/resource_stack.go

Lines 118 to 122 in 04983b9

"branch": {
Type: schema.TypeString,
Description: "GitHub branch to apply changes to",
Required: true,
},

Request: `spacelift_stacks` (plural) data source

The current spacelift_stack data source is nice but it will fail if the stack cannot be found.

If there is a spacelift_stacks data source, much like aws_iam_roles data source, then we can try to find a stack and if it fails, it can quietly return zero results.

Use case, see differences between what our current label is with what the new label is.

If the current label is a shasum of a non-committed mounted file and the new label is a new shasum of the changed non-committed mounted file, then we can use spacelift_run to trigger it.

Request: spacelift_contexts data source label filter

The spacelift_contexts could be improved with the option to supply labels that would be used to filter the returned list of contexts.

While the list can be filtered after being returned by the provider, provider side filtering would result in much cleaner Terraform configuration

# An example of what the implementation could look like
data "spacelift_contexts" "contexts" {
  labels = [
    "production",
    "vault"
  ]
}

# An example of similar functionality in the AWS Terraform provider.
data "aws_subnets" "private" {
  tags = {
    Tier = "Private"
  }
}

[bug] spacelift_module name destroy cycle

if you specify name = "test module" (or any other name with spaces) for the spacelift_module resource you will end up in a constant cycle of replacement. The name ends up being a calculated value matching the ID for the module, which causes a permanent difference if the name does not end up matching the module ID exactly.

E.g.
image

Plan time validation for resources

Plan time validation

It would be nice to have plan time validation. Here are some examples.

Resource spacelift_stack

If the repository, branch, etc is misconfigured, it would throw an error on the plan instead of after the apply.

For example, if I put in the wrong branch or I forget the omit the owner from repository, I won't see it until after the apply.

Ways to validate

  • Check if repository contains a forward slash meaning that an owner was accidentally provided
  • Check if the repository exists
  • Check if the branch exists
  • It's possible that all of the above can be correct but spacelift github app may not have permissions. It would be good to suggest this in the error message thrown.

Resource spacelift_run

Similar to spacelift_stack.

  • check if commit_sha exists

References

Request: spacelift_aws_integrations data source label filter

I can see that some of the other data sources have a labels filter, allowing us to filter which resources come back. The spacelift_aws_integrations resource (link) could be improved by adding this labels filter as well. Below is an example block:

data "spacelift_aws_integrations" "this" {
  labels = ["prod"]
}

Request: Add support for user management

For more populous orgs it would be great to have a programmatic approach to manage users and group access when utilizing the new user management beta.

I propose introducing new data sources:
spacelift_managed_user - representing our graphQL ManagedUser
spacelift_managed_user_group - representing our graphQL ManagedUserGroup, which is actually an IDP group mapping, so maybe more clear naming can be invented

and resources:
spacelift_managed_user - this might be a bit tricky since we are creating a user while sending an invitation at the same time, so either this is a single resource (see graphQL managedUserInvite mutation); that does conditional re-invitation in the case the managed user didn't accept the invitation yet but his credentials change; or we can create a separate resource for managing invitations (we have an explicit managedUserResendInvite mutation).
spacelift_managed_user_group - this one should be more straightforward, it's a regular CRUD for graphQL ManagedUserGroupIntegration

Scheduled task cron timestamp failure

What resource has the issue?
spacelift_scheduled_task

What is the issue?
There is a provider bug with the scheduled task timestamp, On the spacelift portal (UI), I can create the following scheduled task cron timing.
image
However when I recreate this user terraform as below, I get an error.

resource "spacelift_scheduled_task" "rotate_app_reg_password" {
  for_each = toset(var.app_reg_password_rotate_names)
  stack_id = spacelift_stack.main.id

  command = "terraform apply -auto-approve -target=module.application[\\\"${each.value}\\\"].module.appregistration.random_password.service_principal_password -target=module.application[\\\"${each.value}\\\"].module.appregistration.azuread_service_principal_password.main -target=module.application[\\\"${each.value}\\\"].module.serviceconn.azuredevops_serviceendpoint_azurerm.serviceendpoint -target=module.application[\\\"${each.value}\\\"].azurerm_key_vault_secret.client_secret -replace=module.application[\\\"${each.value}\\\"].module.appregistration.random_password.service_principal_password"
  every   = ["0 8 * * 6#1"] # run every month on the 1st day of the month and run at 8am (9am GMT)
}

What is the error.

 Error: could not update scheduled task: invalid cron schedules: couldn't parse cron schedule expression '0 8 * * 6#1': failed to parse int from 6#1: strconv.Atoi: parsing "6#1": invalid syntax
โ”‚ 
โ”‚   with module.terraform-azure-stack["Investor Research and Emerging Technology - Dev/Test"].spacelift_scheduled_task.rotate_app_reg_password["bgbrain"],
โ”‚   on .terraform/modules/terraform-azure-stack/main.tf line 115, in resource "spacelift_scheduled_task" "rotate_app_reg_password":
โ”‚  115: resource "spacelift_scheduled_task" "rotate_app_reg_password" {
โ”‚ 
โ•ต

Spacelift Provider Version
1.6.0

Comment
If there is an alternative solution or suggestion (or a fix for this bug) it would be great to get this sorted out.

Error "could not update space: unauthorized - is it an administrative stack in the root space?"

From this terraform plan change within an admin stack run

  # module.spacelift.module.stacks["gbl-corp-infrastructure-snip"].spacelift_space.default[0] will be updated in-place
  ~ resource "spacelift_space" "default" {
        id               = "infrastructure-snip"
      ~ labels           = [
          - "deps:stacks/orgs/snip/mgmt/_defaults.yaml",
            # (8 unchanged elements hidden)
        ]
        name             = "infrastructure-snip"
        # (2 unchanged attributes hidden)
    }

We receive this error when trying to update a spacelift_space in terraform.

โ•ท
โ”‚ Error: could not update space: unauthorized - is it an administrative stack in the root space?
โ”‚ 
โ”‚   with module.spacelift.module.stacks["gbl-corp-infrastructure-snip"].spacelift_space.default[0],
โ”‚   on .terraform/modules/spacelift/modules/stack/main.tf line 221, in resource "spacelift_space" "default":
โ”‚  221: resource "spacelift_space" "default" {
โ”‚

The spacelift space was created by terraform but it cannot be modified with terraform. I'm unsure if this is a spacelift terraform issue or a spacelift API issue, or maybe even a permissions issue.

The spacelift space is called flex and it's part of the infrastructure space which inherits from the root space.

The workaround was to no-op the terraform by clickops'ing the change within Spacelift.

references

How to use sso key instead of access key and secret key in aws?

Initially, I passed the AWS access key and secret key as environment variables to the space lift, and this approach worked well. However, I now want to use AWS SSO instead of access and secret keys. I'm wondering how I can configure SSO as the provider for AWS.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.