-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform doesn't support GCP "external_account_authorized_user" #34234
Comments
Thanks for this report! I'll raise it with the appropriate team. Please be aware that backend development happens fairly infrequently and is per the priorities of the team in question. Thanks again! |
How can I follow the progress? Would this issue be closed when this is fixed? or do I need to keep an eye on releases? |
@FabioAntunes Indeed, this issue would be closed. Before that, a PR would be opened that referenced this issue, which would also show up in the comment thread of this issue. Usually the PRs see a lot of activity, so would be worth tracking itself. If you do not see a PR reference, it is likely not yet being worked on. Thanks! |
Hey @FabioAntunes, thanks for taking the time to raise this issue. I would happily take a stab at this and see if I can get it fixed! (I'm expecting this to be a simple package bump, if not done already). cc @crw. |
@FabioAntunes could you please try a more recent release of Terraform Core, for example 1.6.4 or anything more recent? The type And on the 25th of October we updated the dependencies in Terraform Core, to v1.30.1 of the |
I still have the issue. I am using Terraform v1.6.6 on darwin_arm64 and provider hashicorp/google in version 5.11.0. |
@thomas-dussouillez that's odd. Allow me as soon as possible to take a look at it and see whether I can reproduce it. |
Still not working for me. I notice that the Go runtime version is 1.21.5.
Besides that, I tested on a Linux server (otherwise I work/tested on an Apple MacBook with M2 chip) and I have the same error. Here is my error DEBUG log:
|
Hello, any update on this issue ? Still not working for us and it is quite impacting :( |
Hey, I've been stuck trying to reproduce the issue using different Google Cloud identities, both my Gmail and a federated cloud identity user - these are shown as |
I'm authenticating using Workforce Pool Identity (SSO configuration providing identity federation with an OIDC provider with Azure AD as identity base). I don't have a google identity but an external identity, this is why it is called I authenticate using this command : The CONFIG_FILE looks like this:
Then my
|
I believe I've identified the issue. Upon investigating, I found that our Google Cloud Storage SDK (cloud.google.com/go/storage) implementation relies on a package called golang.org/x/oauth2/google. This package introduced the Currently, we are using version v0.11.0 of the golang.org/x/oauth2 package. |
I've submitted a pull request to update the |
yeah I mentioned that when I raised the issue:
|
@FabioAntunes after seeing your reply on gruntwork-io/terragrunt#2773 (comment), I wasn't sure whether the package upgrades actually solved your issue there? The need for an upgrade wasn't specifically related to the Google Cloud SDK; instead, it involved updating the Your observation was quite helpful in confirming my investigation. Thanks! 👍🏼 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Version
Terraform Configuration Files
Debug Output
Expected Behavior
Terraform init should work
Actual Behavior
Terraform init fails even though the credentials are valid.
Steps to Reproduce
gcloud auth login
gcloud auth application-default login
terraform init
Additional Context
I have raised this with terragrunt as well and it seems they managed to fix this by upgrading the gcp SDK
gruntwork-io/terragrunt#2775
References
No response
The text was updated successfully, but these errors were encountered: