Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unclear how to refresh a user session #450

Open
sbussetti opened this issue Feb 7, 2023 · 3 comments
Open

Unclear how to refresh a user session #450

sbussetti opened this issue Feb 7, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@sbussetti
Copy link

Terraform Version and Provider Version

Terraform version: v1.3.5
HCP provider version: v0.53.0

Affected Resource(s)

  • provider "hcp" {}

Terraform Configuration Files

provider "hcp" {}

Debug Output

╷
│ Error: unable to get project from credentials: unable to fetch organization list: could not complete request: please ensure your HCP_API_HOST, HCP_CLIENT_ID, and HCP_CLIENT_SECRET are correct
│
│   with provider["registry.terraform.io/hashicorp/hcp"],
│   on versions.tf line 32, in provider "hcp":
│   32: provider "hcp" {}
│
╵

Panic Output

Steps to Reproduce

  1. terraform apply and perform browser-based authentication for HCP provider
  2. Do something else for 20 minutes
  3. run terraform apply again after your session has expired. output gives you no clear explanation on how to refresh your session token. For instance for AWS you would run aws sso login --profile profile-name and then resume using your cached AWS auth.

Expected Behavior

Either: the user should be prompted to repeat web-based auth, the error message or documentation provide clear instructions on how to refresh your user session.

Actual Behavior

terraform apply never gets past refresh phase.

Important Factoids

References

  • #0000

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@sbussetti sbussetti added the bug Something isn't working label Feb 7, 2023
@sbussetti sbussetti mentioned this issue Feb 15, 2023
Open
@tmatilai
Copy link

I don't remember seeing this when I first found the OIDC authentication support, so maybe something has changed in the SDK or in the HCP API? 🤔

But removing the expired session cache seems to help:

rm ~/.config/hcp/credentials.json # path might be different if e.g.`$XDG_CONFIG_HOME` is set

@sbussetti
Copy link
Author

@tmatilai that definitely does the trick!

@aidan-mundy
Copy link
Contributor

For context, failure to automatically invalidate/refresh outdated sessions is probably something that would be handled upstream at https://github.com/hashicorp/hcp-sdk-go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tmatilai @sbussetti @aidan-mundy