Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workspace Settings - Local Execution Mode - Explicitly state that team permissions are not gracefully regulated somehow #145

Open
zisom-hc opened this issue Sep 23, 2022 · 0 comments
Open

Workspace Settings - Local Execution Mode - Explicitly state that team permissions are not gracefully regulated somehow #145

zisom-hc opened this issue Sep 23, 2022 · 0 comments

Comments

@zisom-hc
Copy link
Contributor

A customer is not satisfied that within the current iteration of our documentation regarding Execution Modes there's not an explicit statement about team permissions not getting gracefully regulated/upheld when using the local execution mode, and I'm struggling to figure out an eloquent way to do this.

For example:

You are running terraform apply against a workspace in your TFC org, where the team your token is associated to does not have permissions to upload state files, or run applies

If remote execution is selected, you'd get this message when you attempted to execute terraform apply:

PS C:\Users\zisom\Documents\exxon> terraform apply
╷
│ Error: Insufficient rights to apply changes
│
│ The provided credentials have insufficient rights to apply changes. In order to apply changes at least write permissions on the workspace are required.
╵
PS C:\Users\zisom\Documents\exxon>

If local execution is selected, the apply phase would execute, and when the apply was finished and terraform attempts to upload the new state file you'd see this message:

null_resource.delay (local-exec):                                  [01]: 172.17.176.1
null_resource.delay (local-exec):                                  [02]: fe80::8167:3d5c:2f54:7577
null_resource.delay (local-exec): Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.
null_resource.delay: Creation complete after 2s [id=2000534191006407307]
╷
│ Error: Failed to save state
│
│ Error saving state: Error uploading state: resource not found
╵
╷
│ Error: Failed to persist state to backend
│
│ The error shown above has prevented Terraform from writing the updated state to the configured backend. To allow for recovery, the state has been written to the 
│ file "errored.tfstate" in the current working directory.
│
│ Running "terraform apply" again at this point will create a forked state, making it harder to recover.
│
│ To retry writing this state, use the following command:
│     terraform state push errored.tfstate
│
╵

Through local execution, team permissions do not regulate the local execution of the binary. A person only would run into a situation with their permissions when there was an api call from the local binary that is not permitted, like in this case, uploading a state file. How can this be expressed within our documentation?
hashibot-web added a commit that referenced this issue Sep 28, 2023
@hashibot-web
Merge pull request #145 from hashicorp/repo-sync
2e41279 
repo sync
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zisom-hc