Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Unable to Discover with Terraform Cloud

Go to solution
Brent Langdon
Tera Contributor

‎02-26-2020 03:23 PM

I am quite new to ServiceNow.  I am working with a developer instance to develop a proof of concept to integrate ServiceNow with Terraform.  I got it working with a "Terraform Environment" (a Linux vm with Terraform installed).  I could not get Discovery to work with Terraform Cloud.  I am looking for any tips on what I might be doing wrong.

I created a Config Provider with the following settings:

  • Provider: Terraform Enterprise
  • Server Type: Cloud
  • Organization: my organization in Terraform Cloud
  • URL: https://app.terraform.io/api/v2/
  • Credentials: (created using API Token from Terraform Cloud)


Based on some trial and error, I think the URL is correct.  I have tried using an API Token for the User, Group and Organization without any luck.

When I run this, I see some lines in my MID Server log that look valid and don't report any errors.

I don't understand what "Ensure that you create a credential alias with Type > Connection." from this page:
https://docs.servicenow.com/bundle/orlando-it-operations-management/page/product/cloud-management-v2-setup/task/terraform-enterprise-config-provider.html

Not sure if that is supposed to say "Type > Credential".  I added an alias of type Credential, but I don't really know what that does.  Adding an Alias of Type "Connection and Credential" generates a validation message: "Alias X is not of type Credential"

I tried upgrading my dev instance to Orlando to see if that would make a difference, but it did not.

I see the following entries in my ServiceNow System Log each time I run Discovery (messages at the bottle are generated first).

==========
Failure while processing chunk : ChunkedStepResult{correlationId='68afdebfdbcf00102655d426ca961901', error='
Outbound REST call to get TFE VCS failed StatusCode:401, ErrorCode:3, Message:Method failed: (/api/v2/organizations/ngc-cssg/oauth-clients) with code: 401 - Invalid username/password combo', output='[]', chunkNumber=1, totalChunks=1, isRouteComplete=true, exception=null}:
==========
Failure to handle chunked result: com.snc.cloud.mgmt.modules.svccatalog.orchestration.BPOException:
Outbound REST call to get TFE VCS failed StatusCode:401, ErrorCode:3, Message:Method failed: (/api/v2/organizations/ngc-cssg/oauth-clients) with code: 401 - Invalid username/password combo:
==========
Failed to parse the output of new CMPCIRelationshipUtil().getLdcAndServiceAccount('<param value removed>'), exception: : com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
==========
Failed to parse the output of new CMPCIRelationshipUtil().getLdcAndServiceAccount('<param value removed>'), exception: : com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
==========

I am able to call /api/v2/organizations/ngc-cssg/oauth-clients using curl (from a command prompt on my Linux based MID Server) and passing in any of the 3 API Tokens (User, Group or Org) following the Terraform Cloud API. (example here: https://www.terraform.io/docs/cloud/api/oauth-clients.html)

Any tips appreciated!  Thanks!!

  • 7,147 Views
1 ACCEPTED SOLUTION

Go to solution
aniket_singh
ServiceNow Employee
ServiceNow Employee

‎02-26-2020 08:40 PM

Hi Brent,

    Here are steps to create credentials for Terraform Enterprise:

  • TFE Credential key must start with Bearer<SPACE><GENERATED-KEY>. (Bearer mg20XBGc7unMUw.atlasv1.03as07OX4PbTT9WFIP8QMVbt4h8z…)

 

  • TFE credential must have alias associated to it.find_real_file.png
  • New alias should be type of credential.find_real_file.png

 

  • Key for vcs system should be like this token<SPACE>< GENERATED-KEY >. (token f59f323ae7db8bf2aa64aa6437…)
  • url for Terraform Cloud: https://app.terraform.io/api/v2

 

View solution in original post

Preview file
61 KB
Preview file
99 KB
36 REPLIES 36

Go to solution
anthonype
Kilo Contributor
In response to anthonype

‎03-24-2020 11:58 AM

I was able to solve my issue above by using Github's personal access token. I thought it was the OAuth token from Terraform cloud.

0 Helpfuls

Go to solution
arielgritti
Mega Sage
In response to aniket_singh

‎10-31-2020 04:49 AM

Hi

I've the same issue. I don't understand the "Bearer" use.

I did generated and API Token in the Terraform Cloud.

How I must create the credentials?

"Bearer mg20XBGc7unMUw.atlasv1.03as07OX4PbTT9WFIP8QMVbt4h8z<space><API Token from Terraform>"?


Thanks

Ariel

0 Helpfuls

Go to solution
arielgritti
Mega Sage
In response to arielgritti

‎11-01-2020 09:58 AM

Hi

I solved it, with your help.

Thanks,

Ariel

0 Helpfuls

Go to solution
Ashok Madhavan1
ServiceNow Employee
ServiceNow Employee

‎02-26-2020 09:56 PM

Hi Brent,

Can you use this article on TFE and CMP : https://community.servicenow.com/community?id=community_article&sys_id=ec83826f1b430490d01143f6fe4bc...

Regards

Ashok 

Go to solution
Brent Langdon
Tera Contributor
In response to Ashok Madhavan1

‎02-27-2020 07:04 AM

Thanks!  I am new to the ServiceNow community and I did not know that such documents would exist (I was just using the info at docs.servicenow.com).  This looks very comprehensive and exactly what I would have needed...though it looks very new and it looks like it covers some areas I have not gotten to yet.

Do you have any input on a workflow for managing updates to Terraform files?  I get the idea that I can commit changes to my Terraform files to version control, pull those into Terraform Cloud or my Terraform Environment, then create Catalog Items in ServiceNow for them.  If I have a team that is adding new Terraform Projects (new folders) and making updates to existing Terraform Projects, do I then rerun Discovery and regenerate my Catalog Items?  If the inputs/variables to the Terraform project does not change, do I need to do this?