"Error: Conflicting Parameters" on role_arn when assume_role block is defined

[erikpaasonen]

Under circumstances still under investigation, init fails with the following error:

[INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) Initializing the backend...
[INFO] (deploy track/step/primary/us-east-1) Initializing modules...
[INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) Warning: Deprecated Parameters
[INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) on backend.tf line 2, in terraform:
[INFO] (deploy track/step/primary/us-east-1) 2: backend "s3" {
[INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) The following parameters have been deprecated. Replace them as follows:
[INFO] (deploy track/step/primary/us-east-1) * role_arn -> assume_role.role_arn
[INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) Error: No valid credential sources found
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) Please see https://www.terraform.io/docs/language/settings/backends/s3.html
Error: (deploy track/step/primary/us-east-1) for more information about providing credentials.
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) Error: failed to refresh cached credentials, no EC2 IMDS role found,
Error: (deploy track/step/primary/us-east-1) operation error ec2imds: GetMetadata, failed to get API token, operation
Error: (deploy track/step/primary/us-east-1) error ec2imds: getToken, http response error StatusCode: 400, request to EC2
Error: (deploy track/step/primary/us-east-1) IMDS failed
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1)

When the following block is added to backend.tf in the step:

  assume_role = {
    role_arn = "[MY_ARN]"
  }

The error message at runtime changes to:

[INFO] (deploy track/step/primary/us-east-1)
[INFO] (deploy track/step/primary/us-east-1) Initializing the backend...
[INFO] (deploy track/step/primary/us-east-1) Initializing modules...
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) Error: Conflicting Parameters
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) on backend.tf line 2, in terraform:
Error: (deploy track/step/primary/us-east-1) 2: backend "s3" {
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1) The following deprecated parameters conflict with the parameter
Error: (deploy track/step/primary/us-east-1) "assume_role". Replace them as follows:
Error: (deploy track/step/primary/us-east-1) * role_arn -> assume_role.role_arn
Error: (deploy track/step/primary/us-east-1)
Error: (deploy track/step/primary/us-east-1)

It is suspected this is due to RunIAC injecting role_arn as a -backend-config=key=value command line param at runtime.

Perhaps it is not aware of an assume_role element in the backend config map and does not think a role_arn is defined?

[erikpaasonen]

Likely involves paying down this TODO.

[mmraz]

Likely involves paying down this TODO.

Good example of the HCL decode and struct model that could fulfill the TODO and allow native parsing instead of string replacements. HCL file schema and struct loading example