Unable to Discover with Terraform Cloud

Go to solution
Brent Langdon
Tera Contributor

‎02-26-2020 03:23 PM

I am quite new to ServiceNow.  I am working with a developer instance to develop a proof of concept to integrate ServiceNow with Terraform.  I got it working with a "Terraform Environment" (a Linux vm with Terraform installed).  I could not get Discovery to work with Terraform Cloud.  I am looking for any tips on what I might be doing wrong.

I created a Config Provider with the following settings:

  • Provider: Terraform Enterprise
  • Server Type: Cloud
  • Organization: my organization in Terraform Cloud
  • URL: https://app.terraform.io/api/v2/
  • Credentials: (created using API Token from Terraform Cloud)


Based on some trial and error, I think the URL is correct.  I have tried using an API Token for the User, Group and Organization without any luck.

When I run this, I see some lines in my MID Server log that look valid and don't report any errors.

I don't understand what "Ensure that you create a credential alias with Type > Connection." from this page:
https://docs.servicenow.com/bundle/orlando-it-operations-management/page/product/cloud-management-v2-setup/task/terraform-enterprise-config-provider.html

Not sure if that is supposed to say "Type > Credential".  I added an alias of type Credential, but I don't really know what that does.  Adding an Alias of Type "Connection and Credential" generates a validation message: "Alias X is not of type Credential"

I tried upgrading my dev instance to Orlando to see if that would make a difference, but it did not.

I see the following entries in my ServiceNow System Log each time I run Discovery (messages at the bottle are generated first).

==========
Failure while processing chunk : ChunkedStepResult{correlationId='68afdebfdbcf00102655d426ca961901', error='
Outbound REST call to get TFE VCS failed StatusCode:401, ErrorCode:3, Message:Method failed: (/api/v2/organizations/ngc-cssg/oauth-clients) with code: 401 - Invalid username/password combo', output='[]', chunkNumber=1, totalChunks=1, isRouteComplete=true, exception=null}:
==========
Failure to handle chunked result: com.snc.cloud.mgmt.modules.svccatalog.orchestration.BPOException:
Outbound REST call to get TFE VCS failed StatusCode:401, ErrorCode:3, Message:Method failed: (/api/v2/organizations/ngc-cssg/oauth-clients) with code: 401 - Invalid username/password combo:
==========
Failed to parse the output of new CMPCIRelationshipUtil().getLdcAndServiceAccount('<param value removed>'), exception: : com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
==========
Failed to parse the output of new CMPCIRelationshipUtil().getLdcAndServiceAccount('<param value removed>'), exception: : com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
==========

I am able to call /api/v2/organizations/ngc-cssg/oauth-clients using curl (from a command prompt on my Linux based MID Server) and passing in any of the 3 API Tokens (User, Group or Org) following the Terraform Cloud API. (example here: https://www.terraform.io/docs/cloud/api/oauth-clients.html)

Any tips appreciated!  Thanks!!

  • 5,241 Views
1 ACCEPTED SOLUTION

Go to solution
aniket_singh
ServiceNow Employee
ServiceNow Employee

‎02-26-2020 08:40 PM

Hi Brent,

    Here are steps to create credentials for Terraform Enterprise:

  • TFE Credential key must start with Bearer<SPACE><GENERATED-KEY>. (Bearer mg20XBGc7unMUw.atlasv1.03as07OX4PbTT9WFIP8QMVbt4h8z…)

 

  • TFE credential must have alias associated to it.find_real_file.png
  • New alias should be type of credential.find_real_file.png

 

  • Key for vcs system should be like this token<SPACE>< GENERATED-KEY >. (token f59f323ae7db8bf2aa64aa6437…)
  • url for Terraform Cloud: https://app.terraform.io/api/v2

 

View solution in original post

Preview file
61 KB
Preview file
99 KB
36 REPLIES 36

Go to solution
anthonype
Kilo Contributor
In response to anthonype

‎03-24-2020 11:58 AM

I was able to solve my issue above by using Github's personal access token. I thought it was the OAuth token from Terraform cloud.

0 Helpfuls

Go to solution
arielgritti
Mega Sage
In response to aniket_singh

‎10-31-2020 04:49 AM

Hi

I've the same issue. I don't understand the "Bearer" use.

I did generated and API Token in the Terraform Cloud.

How I must create the credentials?

"Bearer mg20XBGc7unMUw.atlasv1.03as07OX4PbTT9WFIP8QMVbt4h8z<space><API Token from Terraform>"?


Thanks

Ariel

0 Helpfuls

Go to solution
arielgritti
Mega Sage
In response to arielgritti

‎11-01-2020 09:58 AM

Hi

I solved it, with your help.

Thanks,

Ariel

0 Helpfuls

Go to solution
Ashok Madhavan1
ServiceNow Employee
ServiceNow Employee

‎02-26-2020 09:56 PM

Hi Brent,

Can you use this article on TFE and CMP : https://community.servicenow.com/community?id=community_article&sys_id=ec83826f1b430490d01143f6fe4bc...

Regards

Ashok 

Go to solution
Brent Langdon
Tera Contributor
In response to Ashok Madhavan1

‎02-27-2020 07:04 AM

Thanks!  I am new to the ServiceNow community and I did not know that such documents would exist (I was just using the info at docs.servicenow.com).  This looks very comprehensive and exactly what I would have needed...though it looks very new and it looks like it covers some areas I have not gotten to yet.

Do you have any input on a workflow for managing updates to Terraform files?  I get the idea that I can commit changes to my Terraform files to version control, pull those into Terraform Cloud or my Terraform Environment, then create Catalog Items in ServiceNow for them.  If I have a team that is adding new Terraform Projects (new folders) and making updates to existing Terraform Projects, do I then rerun Discovery and regenerate my Catalog Items?  If the inputs/variables to the Terraform project does not change, do I need to do this?