provider/aws: Broken credentials detection

[radeksimko]

Due to #1841 it's not possible to do any credentials autoloading now.

The following code:

provider "aws" {
  access_key = ""
  secret_key = ""
  region = "us-east-1"
}

resource "aws_vpc" "primary" {
  cidr_block = "10.0.0.0/16"
}

ends up in error:

* Error creating VPC: EmptyStaticCreds: static credentials are empty
Error applying plan:

1 error(s) occurred:

* Error creating VPC: EmptyStaticCreds: static credentials are empty

It might have been intention to get rid of empty strings, but then it's necessary to also make both access_key & secret_key optional. It is now required, which means that there's no way to reach the default function.

Either way this should be definitely mentioned in Changelog in BACKWARDS INCOMPATIBILITIES since it will IMO have impact on many users.

cc @mitchellh @josharian

[mitchellh]

This is because you did specify credentials, blank ones. Even if a field is Required, it will be set if the DefaultFunc returns a value. But the DefaultFunc is only checked if you didn't specify a value. Empty is not equal to the absense of a value in Terraform.

Just delete the access_key and secret_key lines.

I'll note this in the CHANGELOG, because I think people would set these to empty before to actually workaround the fact that you'd have to set them to get them otherwise.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.