Fill out "tfe_variable"-s on all workspaces

balnazarr · March 20, 2020, 7:14am

How can I fill out all the TFE workspaces with respective AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY information? I’ve tried the below, but data.tfe_workspace_ids.all.*.id returns the ORG/workspaceID rather then ORG/workspace name that is needed by tfe_variable/workspace_id. Do I need to use a different datasource to grab all names instead of IDs?

> data "tfe_workspace_ids" "all" {
>    names        = ["*"]
>    organization = "${var.tfe_org}"
>  }
> 
>  resource "tfe_variable" "access_key" {
>    count        = length(data.tfe_workspace_ids.all.*.id)
>    key          = "AWS_ACCESS_KEY_ID"
>    value        = "blah"
>    category     = "env"
>    workspace_id = element(data.tfe_workspace_ids.all.*.id, count.index)
>    description  = "AWS_ACCESS_KEY_ID"
>  }
> 
>  resource "tfe_variable" "secret_key" {
>    count        = length(data.tfe_workspace_ids.all.*.id)
>    key          = "AWS_SECRET_ACCESS_KEY"
>    value        = "blah"
>    category     = "env"
>    workspace_id = element(data.tfe_workspace_ids.all.*.id, count.index)
>    description  = "AWS_SECRET_ACCESS_KEY"
>  }

Thanks,
Balnazarr

alisdair · March 23, 2020, 2:38pm

Hi Balnazarr,

This is a great use of the TFE provider! I think the easiest way to add variables to all workspaces is to use for_each like so:

data tfe_workspace_ids "all" {
  names = ["*"]
  organization = var.tfe_org
}

resource tfe_variable "access_key" {
  for_each = data.tfe_workspace_ids.all.ids

  workspace_id = each.value
  key = "AWS_ACCESS_KEY_ID"
  value = "blah"
  category = "env"
}

The tfe_workspace_ids data source has an ids attribute, which is a map of workspace name to the human-readable ID needed by the tfe_variable resource.

balnazarr · March 23, 2020, 10:54pm

Hi alisdair,

I’ve tried your suggestion, but the code doesn’t appear to work on TFE cloud, the user is an owner and the plan succeeds, only apply fails. Any suggestions how to populate 2 env vars on all existing workspaces in TFE cloud?

Error:

Terraform v0.12.24
Initializing plugins and modules…
2020/03/23 22:53:45 [DEBUG] Using modified User-Agent: Terraform/0.12.24 TFC/9b4e7f1e8f
tfe_variable.secret_key[“tfe-ws-manage”]: Creating…
tfe_variable.access_key[“net-vpc-dev”]: Creating…
tfe_variable.access_key[“tfe-ws-manage”]: Creating…
tfe_variable.secret_key[“net-vpc-dev”]: Creating…

Error: Error creating env variable AWS_ACCESS_KEY_ID: resource not found

on main.tf line 11, in resource “tfe_variable” “access_key”:
11: resource “tfe_variable” “access_key” {

Error: Error creating env variable AWS_ACCESS_KEY_ID: resource not found

on main.tf line 11, in resource “tfe_variable” “access_key”:
11: resource “tfe_variable” “access_key” {

Error: Error creating env variable AWS_SECRET_ACCESS_KEY: resource not found

on main.tf line 20, in resource “tfe_variable” “secret_key”:
20: resource “tfe_variable” “secret_key” {

Error: Error creating env variable AWS_SECRET_ACCESS_KEY: resource not found

on main.tf line 20, in resource “tfe_variable” “secret_key”:
20: resource “tfe_variable” “secret_key” {

data "tfe_workspace_ids" "all" {
  names        = ["*"]
  organization = "${var.tfe_org}"
}


resource "tfe_variable" "access_key" {
  for_each = data.tfe_workspace_ids.all.ids

  workspace_id = each.value
  key = "AWS_ACCESS_KEY_ID"
  value = "blah"
  category = "env"
}

resource "tfe_variable" "secret_key" {
  for_each = data.tfe_workspace_ids.all.ids

  workspace_id = each.value
  key = "AWS_SECRET_ACCESS_KEY"
  value = "blah"
  category = "env"
}

alisdair · March 23, 2020, 11:39pm

Huh! The code I posted works for me on Terraform Cloud. This seems like the same error from your other thread, which sure looks like a permissions problem.

My advice would be to try creating a new user token, and double-check that this user is an organization owner. If you still have see the same error, you might find it easier to debug using the Terraform Cloud API directly, and eventually contact Terraform Cloud support.

Hope you get it working—if you do, please post back here!

balnazarr · March 24, 2020, 4:38am

Hi alisdair,
I don’t think it’s a permission/token issue, the user is the only user and also an owner in CloudTFE. If the user token was not good I wouldn’t be able to make a successful terraform plan on the CLI. When I’m manually queuing a plan in cloudTFE theterraform plan succeeds, only the apply fails.

Do I need to specify other TFE env vars to make this simple var population script work?Currently the TFE vars are empty on the workspace that populates the AWS vars.

Thanks,
Balnazarr

balnazarr · March 24, 2020, 5:06am

Hi alisdair,

I just had to use the TFE_TOKEN environment variable on the workspace, that’s all I needed to know, the user_token was intact.

I think we can mark this resolved. However I’d still like to implement this without the for_each, using length(data.tfe_workspace_ids.all.ids) and element(data.tfe_workspace_ids.all.ids, count.index)- the one my other thread.

Cheers,
Balnazarr

Topic		Replies	Views
Assign variable using tfe_variable Terraform	1	1241	November 6, 2019
Question about TFE workspace objects/variables HCP Terraform terraform-enterprise	0	290	September 29, 2022
Using variables with remote backend HCP Terraform	2	1058	May 20, 2021
Why doesn't this for_each work? Terraform	3	1744	March 24, 2020
Using AWS credential environment variables with TF Cloud HCP Terraform hcp-terraform	3	2064	June 18, 2020

Fill out "tfe_variable"-s on all workspaces

Related topics