Silence TF Cloud warnings about OIDC env vars

Terraform HCP Terraform
1

I setup OIDC auth for TF cloud as described in Dynamic Credentials with the AWS Provider - Workspaces - Terraform Cloud | Terraform | HashiCorp Developer

This works great, however, this triggers a big ugly warning on plan for each of the two required env vars:

Warning: Value for undeclared variable
The root module does not declare a variable named "TFC_AWS_PROVIDER_AUTH" but a value was found in file "/home/tfc-agent/.tfc-agent/component/terraform/runs/run-hnb7e5UjoJSBpw9U/terraform.tfvars". If you meant to use this value, add a "variable" block to the configuration.

Is there a way to shut this up?

2

Also, I’m getting an outright failure when trying (locally) to do a terraform import against a remote state hosted on terraform cloud with OIDC setup:

│ Error: Value for undeclared variable
│ 
│ A variable named "TFC_AWS_PROVIDER_AUTH" was assigned a value, but the root module
│ does not declare a variable of that name. To use this value, add a "variable" block to
│ the configuration.
╵

â•·
│ Error: Value for undeclared variable
│ 
│ A variable named "TFC_AWS_RUN_ROLE_ARN" was assigned a value, but the root module does
│ not declare a variable of that name. To use this value, add a "variable" block to the
│ configuration.
╵
3

Hi @wyardley,

This message suggests that you’ve configured these as “Terraform Variables” (the kind of thing you’d declare with a variable block in your root module) instead of as Environment Variables, which is what Terraform Cloud’s dynamic credentials feature expects.

I suggest deleting all of these variables you’ve created and then recreating them as Environment Variables with the same names and contents. They will then be handled by the Terraform Cloud Agent instead of by Terraform Core/CLI.

1 Like
4

Thanks @apparentlymart
The docs just say “Add environment variables to the Terraform Cloud workspaces”. I went to “Workspaces” => [my workspace] => Variables; looks like I totally missed the checkboxes for different types of variables (also hadn’t seen the “variable sets” option in global settings, but looks like this can work with either).

If these aren’t also injected as env vars, it’s odd that it worked at all :thinking:, but glad to have it configured properly.

It appears that this has resolved the errors. Thanks!

1 Like