Terraform keeps ignoring provider constraint strings on terraform init

Hi all,

This is my first question on this forum. I have been using Terraform for some months ago but always using Jenkins pipelines, never using CLI.

Currently, one of the pipelines generates Terraform code to create resources on GCP but during the last days I found an issue that I can find how to solver. I’ll explain the issue and the steps taken so far, without luck.

I’m using Terraform 0.13.7, and in my providers.tf file I have defined google and local as providers, with fixed version because they are strictly required to use those versions (3.13 and 2.2.1, respectively). However, due the nature of the Jenkins pipeline, terraform init should be executed twice before proceeding with the terraform plan.

The first init indeed installs the versions defined on my providers.tf file but the second init first are using the recently installed providers versions but immediately after that, is trying to upgrade to the latest version of both providers, which will not work for me. Automatically plan fails because Terraform will try to remove a “local_file” resource that is not longer required but the provider version is wrong. That local_file resource was created sometime ago with local 2.2.1 but Terraform init (second run) upgrades it to 2.5.2 and then the plan fails with this error:

Error: Provider configuration not present

To work with local_file.nameofthefile its original provider configuration at
provider[“Terraform Registry”] is required, but it has been
removed. This occurs when a provider configuration is removed while objects
created by that provider still exist in the state. Re-add the provider
configuration to destroy local_file.df-tls-in-json, after which you can remove
the provider configuration again.

Therefore, I need to force local provider to use 2.2.1 and don’t upgrade to 2.5.2 during the second terraform init.

Worth to mention, each Jenkins job setup a temp workspace where all the TF files live on the Jenkins workers, so that I don’t have access to the terraform.lock.hcl file. All files generated during the run will be destroyed and the code generated for the resources stored on an external repository.

I tried to use constrains in different ways:

local = {
   source  = "hashicorp/local"
   version = "!=2.5.1,!=2.5.0,!=2.4.1,!=2.4.0,!=2.3.0,!=2.2.3,!=2.2.2"
}

local = {
   source  = "hashicorp/local"
   version = "2.2.1"
}

But the second run still override this:

  • Using previously-installed hashicorp/local v2.2.1
  • Finding latest version of -/local…
  • Installing -/local v2.5.1…
  • Installed -/local v2.5.1 (signed by HashiCorp)

Since Terraform 0.13 is not longer supporting -get-plugins=false, I’m running out of ideas.

I really appreciate any guidance here.

Thanks in advance.