Introduction
Problem
Upgrading the HCP provider to version 0.45 or higher results in an authentication error such as the following:
Error: unable to fetch organization list: could not complete request: please ensure your HCP_API_HOST, HCP_CLIENT_ID, and HCP_CLIENT_SECRET are correct
│
│ with provider["registry.terraform.io/hashicorp/hcp"].pro,
│ on providers.tf line 94, in provider "hcp":
│ 94: provider "hcp" {
Error: unable to get project from credentials
│
│ with provider["registry.terraform.io/hashicorp/hcp"].pro,
│ on providers.tf line 94, in provider "hcp":
│ 94: provider "hcp" {
Upgrading the HCP provider to version 0.64 shows a slightly different error:
│ Error: unable to fetch organization list: Get "https://api.cloud.hashicorp.com:443/resource-manager/2019-12-10/organizations": Post "https://auth.idp.hashicorp.com/oauth2/token": Forbidden
│
│ with provider["registry.terraform.io/hashicorp/hcp"].pro,
│ on main_hcp_issue.tf line 35, in provider "hcp":
│ 35: provider "hcp" {
│
╵
╷
│ Error: unable to get project from credentials
│
│ with provider["registry.terraform.io/hashicorp/hcp"].pro,
│ on main_hcp_issue.tf line 35, in provider "hcp":
│ 35: provider "hcp" {
Notice the Post "https://auth.idp.hashicorp.com/oauth2/token": Forbidden
Cause
A proxy or firewall in your network is probably blocking requests to the authentication endpoint of HCP.
Solutions:
Please check your proxy and/or firewall if connections to auth.idp.hashicorp.com are blocked and add the url to the whitelist.
Additional Information
In version 0.22 of hcp-sdk-go the authentication url changed from auth.hashicorp.com to auth.idp.hashicorp.com
This was implemented in version 0.45 of the HCP Provider.