Problem
Terraform Enterprise fails to start with an error google storage bucket,
credentials, and project must be set in the terraform-enterprise container, despite there being a service account attached to the VM.
{"component":"terraform-enterprise","log":"2023-10-13T17:09:10.267Z [ERROR] terraform-enterprise: check failed: name=config duration=\"4.021µs\" err=\"google storage bucket, credentials, and project must be set\""}
Prerequisites
- Terraform Enterprise v202307-1 through v202310-1
- Flexible Deployment Options or Replicated Deployment with Consolidated Services Architecture
Cause
This is a bug affecting releases v202307-1 through v202310-1 (Flexible Deployment Options or Replicated Deployment in consolidated services mode) in which the Configuration Variables check validates that the user has provided a GCP project, bucket, and JSON credentials in their settings. Terraform Enterprise traditionally supports authenticating to Google Cloud Storage through the service account attached to the instance while leaving the gcs_credentials setting (TFE_OBJECT_STORAGE_GOOGLE_CREDENTIALS in FDO) unset and should not require JSON credentials to be provided.
Solution
Replicated Deployment
Disable consolidated services mode to revert to multi-container mode, in which Terraform Enterprise does not run this startup check. Alternatively, supply JSON credentials via the gcs_credentials setting to allow Terraform Enterprise to complete startup in consolidated service mode. As a long term fix and to utilize service account authentication in consolidated services mode, upgrade to a release > v202310-1.
Flexible Deployment Options
Supply JSON credentials via the TFE_OBJECT_STORAGE_GOOGLE_CREDENTIALS setting or upgrade to a release > v202310-1.
Additional Information
-
If you continue to experience issues, please contact HashiCorp Support.