添加资源时Terraform身份验证不起作用

Question

我想在我们的OpenStack环境中试用terraform。我试图进行设置，但仅定义以下内容时，它似乎可以工作：

provider "openstack" {
  user_name   = "test"
  tenant_name = "test"
  password    = "testpassword"
  auth_url    = "https://test:5000/v3/"
  region      = "test"
}

我可以运行Terraform计划而不会出现任何问题：

  

无变化。基础设施是最新的。   这意味着Terraform没有检测到您之间的任何差异   配置和存在的实际物理资源。结果，没有   需要执行操作。

当我尝试添加资源时：

resource "openstack_compute_instance_v2" "test" {
  name            = "test_server"
  image_id        = "test_id123"
  flavor_id       = "3"
  key_pair        = "test"
  security_groups = ["default"]

  network {
    name = "Default Network"
  }
}

当我运行Terraform Plan时，我现在得到了

  

错误：错误的运行计划：发生了1个错误：    provider.openstack：身份验证失败

Answer 1

身份验证有效。 provider部分中的内容有误。

当没有provider使用时，Terraform不会验证resource信息。

我验证了您的发现，然后再进一步。我使用您的示例创建了两个提供程序，一个用于AWS，一个用于OpenStack。然后，我添加了一个资源来创建一个AWS VPC。我的AWS凭证是正确的。当我运行terraform plan时，它返回了构建VPC的行动计划。它没有检查虚假的OpenStack凭据。

另一件事，一旦resource中有provider，即使无所事事，它也始终使用凭据。

provider "aws" {
  access_key = "<redacted>"
  secret_key = "<redacted>"
  region     = "us-east-1"
}

provider "openstack" {
  user_name   = "test"
  tenant_name = "test"
  password    = "testpassword"
  auth_url    = "https://test:5000/v3/"
  region      = "test"
}


/* Create VPC */
resource "aws_vpc" "default" {
  cidr_block    = "10.200.0.0/16"
  enable_dns_support = true
  enable_dns_hostnames = true
  tags {
    Name = "testing"
  }
}

产生以下输出，以确认未选中OpenStack provider：

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + aws_vpc.default
      id:                               <computed>
      arn:                              <computed>
      assign_generated_ipv6_cidr_block: "false"
      cidr_block:                       "10.200.0.0/16"
      default_network_acl_id:           <computed>
      default_route_table_id:           <computed>
      default_security_group_id:        <computed>
      dhcp_options_id:                  <computed>
      enable_classiclink:               <computed>
      enable_classiclink_dns_support:   <computed>
      enable_dns_hostnames:             "true"
      enable_dns_support:               "true"
provider "aws" {
      instance_tenancy:                 "default"
      ipv6_association_id:              <computed>
      ipv6_cidr_block:                  <computed>
      main_route_table_id:              <computed>
      tags.%:                           "1"
      tags.Name:                        "testing"


Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.