-
-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
possible bug - unauthenticated state downloads #139
Comments
Also experiencing the same issue. |
Thank you for reporting! https://github.com/fujiwara/tfstate-lookup/releases/tag/v1.1.4 |
Fix failed to read TFE (Terraform Cloud/Enterprise) state. fujiwara/tfstate-lookup#139
@fujiwara FYI, this is the statement from Hashicorp on this particular issue. Basically the download URL endpoint used for state files changed and it used to be pre-signed and the new endpoint is not and requires a bearer token.
|
@joeybenamy Thank you for the sharing! I understood perfectly. |
Another explanation from Hashicorp:
|
The DevOps team at my company has run into issues deploying applications using
tfstateremote
through helmfile in the last 24ish hours. No tooling changes in our pipelines.We suspect that the download code located here was able to download state in an unauthenticated manner up until yesterday. The go-tfe client does not provide download methods for the state file, just links to the download URLs. The HTTP client in the above file does not configure any sort of authenticated context via cookies or headers.
The error we are seeing via helmfile is (modified for brevity):
And with
tfstate-lookup
directly:After modifying the source and adding some logging statements:
We suspect that TFE patched this silently as a security issue.
Are we crazy? Anybody else experiencing or able to reproduce this issue?
The text was updated successfully, but these errors were encountered: