When my runners try to lock the terraorm state they get a 404. I’ve tested it working with my access token and it works fine. As a simple example, with this /gitlab-ci:
Gitlab v13.9.6
include:
- template: Terraform/Base.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
variables:
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/compman
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- ${TF_ROOT}/.terraform
stages:
- init
- validate
- build
- deploy
init:
extends: .init
validate:
extends: .validate
plan:
extends: .build
apply:
extends: .deploy
It gets the state, but 404’s on the lock:
Terraform has been successfully initialized!
[DEBUG] POST https://<HOST>/api/v4/projects/20/terraform/state/<PROJECT>/lock
│ Error: Error acquiring the state lock │
│ Error message: Unexpected HTTP response code 404 │
This seems to be an issue with using the CI_JOB_TOKEN, as using this works:
plan:
stage: build
image: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
script:
- export TF_USERNAME=<USERNAME>
- export TF_PASSWORD=<ACCESS_TOKEN>
- terraform init -backend-config=address=${TF_ADDRESS} -backend-config=lock_address=${TF_ADDRESS}/lock -backend-config=unlock_address=${TF_ADDRESS}/lock -backend-config=username=${TF_USERNAME} -backend-config=password=${TF_PASSWORD} -backend-config=lock_method=POST -backend-config=unlock_method=DELETE -backend-config=retry_wait_min=5
- terraform plan
but when the username is set as gitlab-ci-token
and the password is set by ${CI_JOB_TOKEN}
it fails in the same way as it does from using the template.