Terraform plan not working throwing provider configuration not present error

mrinalbhaskar7 · August 9, 2023, 10:30am

Hi Users,

I am facing one issue currently when I run this command

terraform plan -var-file=/home/users/mrinal.bhaskar/ifs-dev/common.tfvars -var-file=/home/users/mrinal.bhaskar/ifs-dev/network/variables.tfvars -input=false -out=/home/users/mrinal.bhaskar/ifs-dev/network/network.tfplan -parallelism=10

It throws the below error


│ **Error:** **Provider configuration not present**

│

│ To work with

│ module.palo_alto_nat_nva_region_a.azurerm_lb_backend_address_pool.pa_pool

│ (orphan) its original provider configuration at

│ module.palo_alto_nat_nva_region_a.provider["registry.terraform.io/-/azurerm"]

│ is required, but it has been removed. This occurs when a provider

│ configuration is removed while objects created by that provider still exist

│ in the state. Re-add the provider configuration to destroy

│ module.palo_alto_nat_nva_region_a.azurerm_lb_backend_address_pool.pa_pool

│ (orphan), after which you can remove the provider configuration again.

╵

╷

│ **Error:** **Provider configuration not present**

│

│ To work with module.f5_nva_region_a.azurerm_virtual_machine.f5vm01 (orphan)

│ its original provider configuration at

│ module.f5_nva_region_a.provider["registry.terraform.io/-/azurerm"] is

│ required, but it has been removed. This occurs when a provider

│ configuration is removed while objects created by that provider still exist

│ in the state. Re-add the provider configuration to destroy

│ module.f5_nva_region_a.azurerm_virtual_machine.f5vm01 (orphan), after which

│ you can remove the provider configuration again.

I have verified in the root module main.tf , the provider configuration is already defined .

provider "azurerm" {
  version = ">=2.2.0, <3.0.0"
  subscription_id = var.azure_subscription_id
  tenant_id       = var.azure_tenant_id
  client_id       = var.azure_client_id
  client_secret   = var.azure_client_secret
  environment     = var.azure_environment
  features {}
}

provider "dns" {
  update {
    server = var.dns_server_address
    key_name = var.dns_key_name
    key_algorithm = "hmac-sha512"
    key_secret = var.dns_key_secret
  }
}

Please help here.

maxb · August 9, 2023, 11:48am

Welcome to the forum - please reformat your message…

Terraform provider definitions inside non-root modules are deprecated, because of the problem you are experiencing here.

You have previously created resources via a module, module.palo_alto_nat_nva_region_a with a provider configured inside it - module.palo_alto_nat_nva_region_a.provider[“Terraform Registry”]
You have now removed this module
Terraform now does not have access to the provider configuration needed to destroy these resources
It does not matter that you have a separate azurerm provider defined in the root module - Terraform has no way to know it points at the same tenant/subscription/etc.
Therefore as the error message says, Terraform now requires you to re-add a module named palo_alto_nat_nva_region_a and re-add a provider configuration within it to tell it how to destroy those resources.

One option open to you is to add a module that is defined locally - i.e.:

module "palo_alto_nat_nva_region_a" {
  source = "./some_local_directory_name"
}

and within some_local_directory_name add just a single provider "azurerm" block specifying how to connect to azure to handle those resources.

mrinalbhaskar7 · August 9, 2023, 1:55pm

Is it like this ?

module “f5_nva_region_a” {
source = ./modules/f5_nva_region_a
provider “azurerm” {
version = “>=2.2.0, <3.0.0”
subscription_id = var.azure_subscription_id
tenant_id = var.azure_tenant_id
client_id = var.azure_client_id
client_secret = var.azure_client_secret
environment = var.azure_environment
features {}
}

}

mrinalbhaskar7 · August 9, 2023, 2:47pm

I have a topologies directory inside that network/main.tf file , I am defining all the modules necessary required to create the network resource here.

So , the provider section is in modules/module_name main.tf file. Here module_name is variable it can be any module.

Can you please let me know what changes shall I do?

maxb · August 9, 2023, 10:14pm

Please remember Welcome to the forum - please reformat your message when pasting code.

No, it is not like that, it would be more like

module "f5_nva_region_a" {
  source = "./modules/f5_nva_region_a"

  subscription_id = var.azure_subscription_id
  tenant_id       = var.azure_tenant_id
  client_id       = var.azure_client_id
  client_secret   = var.azure_client_secret
  environment     = var.azure_environment
}

and then in a separate .tf file in the modules/f5_nva_region_a/ directory

variable "azure_subscription_id" {}
variable "azure_tenant_id" {}
variable "azure_client_id" {}
variable "azure_client_secret" {}
variable "azure_environment" {}

provider "azurerm" { 
  version         = ">=2.2.0, <3.0.0"
  subscription_id = var.azure_subscription_id
  tenant_id       = var.azure_tenant_id
  client_id       = var.azure_client_id
  client_secret   = var.azure_client_secret
  environment     = var.azure_environment
  features {}
}

This doesn’t make sense, you can’t have a directory inside a file.

It would be better if you could post a link to a Git repository containing your code. (Make a new one, redacting what you can’t share, if you must.)

And, this, putting the provider configuration in the child modules, is why you are having this problem.

mrinalbhaskar7 · August 10, 2023, 6:13am

Hi ,

I have done the changes as per your recommendation. Still getting the same error.
Just want to tell you that in source field of root module main.tf file , we are referring to another repository which contains the git reference of that particular module.

module "f5_nva_region_a" {
  source         = "git::ssh://git@gitlab.xxx.xxx:29418/terraform-enterprise/modules/networks/azure-network-f5-nva.git?ref=master"
....
...
...
}

In our set up , we have 2 repos - 1 repo contains root module , and inside that module we are calling each module which has a different repo.

maxb · August 10, 2023, 6:17am

I do not think this is possible. If you had done what I’d said, at very least the error would have changed, if not fixed.

mrinalbhaskar7 · August 10, 2023, 6:45am

In my child module , I have created a provider.tf file where all the provider related details are there as mentioned in above chat. And in the main.tf file I only have the resource creation details.
In my parent module , only the module is being called from there using main.tf file.