terraform-ls: Failed to get schema due to backend authentication

What exactly is it doing with the state - some type of schema merge?

Generally a combination of config and state is needed to pick the providers before any plan or apply operation. Config may not be sufficient in cases where the user is removing resources - e.g. say you have a single aws_instance block in your config and you remove that - then Terraform still has to figure out how to remove it, even though it’s not in the config anymore and therefore it probes the state which then prompts it to find aws provider.

I’m unsure what other use cases terraform providers schema -json was designed for, and so I can’t comment on potential implications of changing the default behaviour, but I do think there should be a way of obtaining schema from any initd providers, regardless of config or state. That would IMO help resolve most language server use cases.

Since terraform 0.13 is in beta now, is it the time to bring up making that command function independently of remote state?

See https://github.com/hashicorp/terraform/issues/24261

So yes - I think that would be probably the ideal longer-term solution, but it still raises the question of 0.12 and any earlier 0.13 releases which may not have this feature - and these versions will be around for a while, so we’re hoping to find some solutions for these too, without having to backport any patches.

Thanks for the quick reply.

I’m seeing this in the logs quite soon after starting vscode:

2020/06/01 10:09:43 schema_storage.go:112: error obtaining schemas: Unable to retrieve schemas: failed to get schemas: terraform (pid 17099) exited (code 1): exit status 1
stdout: ""
stderr: "\x1b[31m\n\x1b[1m\x1b[31mError: \x1b[0m\x1b[0m\x1b[1mNo valid credential sources found for AWS Provider.\n\tPlease see https://terraform.io/docs/providers/aws/index.html for more information on\n\tproviding credentials for the AWS Provider\x1b[0m\n\n\x1b[0m\x1b[0m\x1b[0m\n"

Then while editing references to a missing schema file are displayed:

2020/06/01 10:15:20 complete.go:53: HCL block found at HCL pos hcl.Pos{Line:32, Column:14, Byte:1181}
2020/06/01 10:15:20 complete.go:66: Configuration block "resource" parsed
2020/06/01 10:15:20 schema_storage.go:189: Reading "aws" resource schema
2020/06/01 10:15:20 schema_storage.go:141: Acquiring semaphore before reading schema
2020/06/01 10:15:20 rpc_logger.go:45: Error for "textDocument/completion" (ID 6): [-32098] finding completion items failed: no schema available
2020/06/01 10:15:20 server.go:204: Completed 1 requests [1.18848ms elapsed]

The workspace is initialised and all terraform actions work without errors on the command line.

Maybe I installed the extension incorrectly? I cloned into extensions directory and ran npm install.

Yikes, this issue is causing me and my org quite a headache. We pull in our AWS creds via vault (in a wrapper) and those paths differ between projects. This makes the solution suggested earlier not work in our use-case.

well or just not requiring authentication … its a definitely a bit silly my editor language server needing to do authenticated calls to terraform … it shouldn’t need to do that and its a potential security risk

ok I’m the right track now … but having one more issue now … the wrapper requires some manually entered credentials like keychain password and OTP code … these come as popups which is fine … the issue is that it seems like the language server is concurrently invoked a LOT of times … (I guess once per root) … is there a way to make it reduce the concurrency or something? if you launch them all at once … they all ask for password … if you launch them in serial the first one will ask for password only …

Can this schema document be downloaded separately and placed in a directory manually for use by the extension?