Unable to Discover with Terraform Cloud

Brent Langdon · ‎02-26-2020

I am quite new to ServiceNow. I am working with a developer instance to develop a proof of concept to integrate ServiceNow with Terraform. I got it working with a "Terraform Environment" (a Linux vm with Terraform installed). I could not get Discovery to work with Terraform Cloud. I am looking for any tips on what I might be doing wrong.

I created a Config Provider with the following settings:

Provider: Terraform Enterprise
Server Type: Cloud
Organization: my organization in Terraform Cloud
URL: https://app.terraform.io/api/v2/
Credentials: (created using API Token from Terraform Cloud)

Based on some trial and error, I think the URL is correct. I have tried using an API Token for the User, Group and Organization without any luck.

When I run this, I see some lines in my MID Server log that look valid and don't report any errors.

I don't understand what "Ensure that you create a credential alias with Type > Connection." from this page:
https://docs.servicenow.com/bundle/orlando-it-operations-management/page/product/cloud-management-v2-setup/task/terraform-enterprise-config-provider.html

Not sure if that is supposed to say "Type > Credential". I added an alias of type Credential, but I don't really know what that does. Adding an Alias of Type "Connection and Credential" generates a validation message: "Alias X is not of type Credential"

I tried upgrading my dev instance to Orlando to see if that would make a difference, but it did not.

I see the following entries in my ServiceNow System Log each time I run Discovery (messages at the bottle are generated first).

==========
Failure while processing chunk : ChunkedStepResult{correlationId='68afdebfdbcf00102655d426ca961901', error='
Outbound REST call to get TFE VCS failed StatusCode:401, ErrorCode:3, Message:Method failed: (/api/v2/organizations/ngc-cssg/oauth-clients) with code: 401 - Invalid username/password combo', output='[]', chunkNumber=1, totalChunks=1, isRouteComplete=true, exception=null}:
==========
Failure to handle chunked result: com.snc.cloud.mgmt.modules.svccatalog.orchestration.BPOException:
Outbound REST call to get TFE VCS failed StatusCode:401, ErrorCode:3, Message:Method failed: (/api/v2/organizations/ngc-cssg/oauth-clients) with code: 401 - Invalid username/password combo:
==========
Failed to parse the output of new CMPCIRelationshipUtil().getLdcAndServiceAccount('<param value removed>'), exception: : com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
==========
Failed to parse the output of new CMPCIRelationshipUtil().getLdcAndServiceAccount('<param value removed>'), exception: : com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
==========

I am able to call /api/v2/organizations/ngc-cssg/oauth-clients using curl (from a command prompt on my Linux based MID Server) and passing in any of the 3 API Tokens (User, Group or Org) following the Terraform Cloud API. (example here: https://www.terraform.io/docs/cloud/api/oauth-clients.html)

Any tips appreciated! Thanks!!

aniket_singh · ‎02-26-2020

Hi Brent,

Here are steps to create credentials for Terraform Enterprise:

TFE Credential key must start with Bearer<SPACE><GENERATED-KEY>. (Bearer mg20XBGc7unMUw.atlasv1.03as07OX4PbTT9WFIP8QMVbt4h8z…)

TFE credential must have alias associated to it.

New alias should be type of credential.

Key for vcs system should be like this token<SPACE>< GENERATED-KEY >. (token f59f323ae7db8bf2aa64aa6437…)
url for Terraform Cloud: https://app.terraform.io/api/v2

View solution in original post

anthonype · ‎03-30-2020

I had a similar issue when I ran the initial "Discover Now" and got a blank name. The name field will need to be entered so that it will show up during the provider discovery. Screenshots are attached to illustrate the point.

Vivektietsood · ‎05-12-2020

Thanks everyone. I am trying to setup Terraform Environment on a Linux server. Now I understand that when using Terraform Cloud, terraform templates are picked from github. I hope that it is not the case when using enviornment that is if I put templates on a Linux server, I hope that ServiceNow can execute those templates ? Please let me know. Thanks Vivek

Brent Langdon · ‎05-13-2020

Your understanding matches up with my experience. When using the Terraform Environment integration it works much more like executing Terraform from the command line. ServiceNow will execute the Terraform templates in a specific directory. For each execution a new Workspace is created and the state is associated with that Workspace. You can see them by running 'terraform workspace list' from the command line.

On the other hand, the Terraform Cloud/Enterprise integration seems pretty weak and mostly a pass thru to the git repository. It did not seem to take advantage of Workspaces defined in Terraform (including stuff like variables or repository tags/branches). I was not even sure where the state was being stored.

Terraform/HashiCorp provides an integration with Terraform Cloud/Enterprise that actually integrates with Workspaces in Terraform, but it seems to lack integration on the ServiceNow side with the CMDB and Cloud Management features.

I have been focused on building out the Terraform side for the last few months, so I don't know if anything has changed. Hopefully HasihCorp and ServiceNow will join up to combine the best of their two integrations.

Vivektietsood · ‎05-13-2020

Good deal, Thanks for replying!

Vivektietsood · ‎05-14-2020

Thanks. This has been very helpful. I installed Terraform Enterprise and not Cloud on EC 2 and I am able to run terraform plan etc to provision resources on IBM Cloud. Now the next step was to bring it to ServiceNow, so I created a config provider record. But when I try to discover now the discovery fails

Details of Config provider

SSH Credentials are working fine. Here is the test

I have ensured that home directory contains .tf files, too. Please help where can I get reasons of why discovery is failing.

ECC Queue does not seem to give a clue too.

<?xml version="1.0" encoding="UTF-8"?><results probe_time="1234" result_code="0"><result><output/></result><parameters><parameter name="agent" value="mid.server.My Mid Server"/><parameter name="used_by_runbook" value="true"/><parameter name="glide.xmlhelper.trim.enable" value="true"/><parameter name="error_detail"