I have a terraform config directory and I use atlantis to run terraform commands. Today, someone submitted a PR to add some new config to the directory. The terraform init came back with:
Initializing the backend...
Initializing modules...
Initializing provider plugins...
- terraform.io/builtin/terraform is built in to Terraform
- Reusing previous version of confluentinc/confluent from the dependency lock file
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using confluentinc/confluent v1.37.0 from the shared cache directory
- Using hashicorp/aws v4.61.0 from the shared cache directory
Error: Failed to install provider from shared cache
Error while importing confluentinc/confluent v1.37.0 from the shared cache
directory: the provider cache at .terraform/providers has a copy of
registry.terraform.io/confluentinc/confluent 1.37.0 that doesn't match any of
the checksums recorded in the dependency lock file.
Error: Failed to install provider from shared cache
Error while importing hashicorp/aws v4.61.0 from the shared cache directory:
the provider cache at .terraform/providers has a copy of
registry.terraform.io/hashicorp/aws 4.61.0 that doesn't match any of the
checksums recorded in the dependency lock file.
This directory planned and applied with this lockfile before so this seems strange. However, I tried something by locking down the provider versions with required_providers to exactly what is in the lockfile and ran an init -upgrade
. The lockfile came back with a diff. Both the confluent and aws provider changed the h1 has at the top of the hashes list:
provider "registry.terraform.io/confluentinc/confluent" {
version = "1.37.0"
- constraints = "~> 1.4"
+ constraints = "~> 1.4, 1.37.0"
hashes = [
- "h1:XWZM/a8WQl7YvzlI2l1STgtJMTCJNZoBkba8VzPRMsE=",
+ "h1:o+8M0B5QS24xGUhJYaz/9PD5pKbFbnKgpIX+ea+VqgU=",
"zh:4c019cac8fda3ba7989138dcf5f24f1c97e0192dc5d46b9ca21eddd41360eadc",
"zh:657df3fb6bf98f09a21ade554c5ec9597dd1d8805145d13626e778de6a969455",
"zh:6a060a20108cc3186e35d285d41d7a5738e3dadc3d1fc5f545162ab7593f5b00",
@@ -25,9 +25,9 @@ provider "registry.terraform.io/confluentinc/confluent" {
provider "registry.terraform.io/hashicorp/aws" {
version = "4.61.0"
- constraints = ">= 3.0.0, >= 3.40.0, >= 3.50.0, >= 3.60.0, >= 4.0.0, ~> 4.0, >= 4.9.0, ~> 4.9, ~> 4.52"
+ constraints = ">= 3.0.0, >= 3.40.0, >= 3.50.0, >= 4.0.0, ~> 4.0, >= 4.9.0, ~> 4.9, ~> 4.52, 4.61.0"
hashes = [
- "h1:qyBawxoNN6EpiiX5h5ZG5P2dHsBeA5Z67xESl2c1HRk=",
+ "h1:mJSchOA6VkYwEsi+tuspadRmyyE+FGZGYJFUt5kHV+M=",
"zh:051e2588410b7448a5c4c30d668948dd6fdfa8037700bfc00fb228986ccbf3a5",
"zh:082fbcf9706b48d0880ba552a11c29527e228dadd6d83668d0789abda24e5922",
"zh:0e0e72f214fb24f4f9c601cab088a2d8e00ec3327c451bc753911951d773214a",
It would seem that this should not be possible unless I misunderstand the whole point of this.
I tested a separate PR with the same directory, once without changing the lockfile (same error). Then updated the lockfile as shown in the diff above and the init succeeded.