Password Prompt When Accessing User Setting in Terraform Enterprise

Avatar
Zachary Isom
  • Updated

Problem

A user is being prompted to enter a password before being able to access the user settings page.

Prerequisites

  • Terraform Enterprise (TFE) is version 202309-1

  • Terraform Enterprise (TFE) is version 202310-1 with the TFE application setting consolidated_services_enabled set to a value of 0

Cause

An authentication feature specific to Terraform Cloud was erroneously enabled within these builds of Terraform Enterprise.

Solutions

  • If you are using TFE version 202309-1:
    • Upgrade to version 202310-1 of TFE
  • If you are using TFE version 202310-1 with the TFE application setting consolidated_services_enabled set to a value of 0:
    • Set the value for consolidated_services_enabled to 1, or upgrade to 202311-1 when available

Workaround for TFE admins

For users who do not know their passwords, or were initially created through SSO:

 

If consolidated_services_enabled is set to or using it's default value of 1:

  1. Have the user provide you their TFE username
    • This by default is whatever exists to the left of the @ symbol in their email address when the user is automatically created through SSO
  2. SSH into one of your TFE nodes, if multiple
  3. Execute this command to start an interactive session within the terraform-enterprise container: docker exec -it terraform-enterprise bash
  4. Execute this command to connect to the Rails console of TFE: tfectl support console
    • Type yes to continue
  5. Replace CHANGE_ME with the user's username, then execute this command: u = User.find_by_username("CHANGE_ME")
  6. Replace CHANGE_ME with the new password the user will use, then execute this command: u.password = 'CHANGE_ME'
  7. Execute this command to save the change: u.save!
  8. Execute this command to exit the session, and to have other save functions enacted: exit
  9. Have the user confirm that they can use the new password when prompted for it

If consolidated_services_enabled is set to or using it's default value of 0:

  1. Have the user provide you their TFE username
    • This by default is whatever exists to the left of the @ symbol in their email address when the user is automatically created through SSO
  2. SSH into one of your TFE nodes, if multiple
  3. Execute this command to connect to the Rails console: sudo docker exec -it tfe-atlas /usr/bin/init.sh /app/scripts/wait-for-token -- bash -ic 'cd /app && bin/rails c'
  4. Replace CHANGE_ME with the user's username, then execute this command: u = User.find_by_username("CHANGE_ME")
  5. Replace CHANGE_ME with the new password the user will use, then execute this command: u.password = 'CHANGE_ME'
  6. Execute this command to save the change: u.save!
  7. Execute this command to exit the session, and to have other save functions enacted: exit
  8. Have the user confirm that they can use the new password when prompted for it

Articles in this section

See more

Related articles