SIC-001 Error

Avatar
Jacob McSwain
  • Updated

Introduction

The SIC-001 error in Terraform Enterprise indicates a generic failure by the Source Ingress Controller (SIC) to process a Terraform configuration from a Version Control System (VCS) provider. This article outlines the common causes and solutions for this error.

Problem

When a run is initiated, it fails with a generic configuration error in the Terraform Enterprise UI.

Configuration errored
Your configuration has been uploaded but contains errors (Internal error: SIC-001).

More detailed errors may appear in the UI or in the logs for the slug-ingress component (/var/log/terraform-enterprise/slug-ingress.log). These often point to authentication failures or network issues.

Example UI Error:

Failed to ingress slug: Failed to reach repo: Failed on ls-remote: exit status 128
Output: remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab.example.com/my-org/my-repo.git/'

Example Log Output from slug-ingress component:

{
  "@level": "error",
  "@message": "Failed on ls-remote",
  "@module": "slug-ingress",
  "error": "exit status 128",
  "output": "remote: HTTP Basic: Access denied\nfatal: Authentication failed for 'https://gitlab.example.com/my-org/my-repo.git/'\n"
}

Another common log error indicates a failure to upload the configuration to Terraform Enterprise's internal storage.

Example Log Output for TFE v202205-1 or later:

Internal error: SIC-001
Failed to ingress slug: Failed to upload slug: failed uploading: PUT http://archivist.tfe:7675/v1/object/... giving up after 5 attempts

Cause

The SIC-001 error is a general error that can result from several underlying issues related to the connection between Terraform Enterprise and your VCS provider. Common causes include:

  • Authentication Failures: The OAuth token may have expired, or its permissions may have been changed or revoked on the VCS provider side.
  • Network Issues: Terraform Enterprise may be unable to reach the VCS provider or its internal object storage due to firewalls, proxies, or other network misconfigurations.
  • Configuration Conflicts: The workspace and the Terraform Enterprise instance may both be attempting to manage VCS authentication, creating a conflict.
  • Repository Issues: The repository may be very large, contain symlinks that point outside of the repository's directory, or have an incorrect Terraform Working Directory set in the workspace settings.

Solutions

Here are two common solutions to resolve the SIC-001 error.

Solution 1: Recreate the VCS Connection

In many cases, the issue is caused by a stale or invalid VCS connection token. Recreating the VCS connection for the affected workspace often resolves the problem. You can automate the creation of new OAuth clients for your VCS provider using the Terraform Enterprise API or the tfe Terraform provider.

Solution 2: Use a Personal Access Token with GitLab

If you are using GitLab as a VCS provider and are facing issues where the OAuth token is expiring and not being refreshed correctly because of Gitlab settings, the recommended workaround is to use a user-generated Personal Access Token (PAT) for authentication instead of the OAuth connection.

A PAT is generated by a user and remains valid until it is manually revoked. By creating a new VCS connection using the API or the tfe provider, you can configure Terraform Enterprise to use this PAT, which provides a more stable authentication method.

Additional Information

For more details on automating VCS client configuration, refer to the following documentation:

Articles in this section

See more

Related articles