Access Denied during Terraform Apply Step


(Theodor Chichirita) #1

Hi, I have a release which uses the Apply Terraform script step, and after it’s downloading the azurerm provider, i get this error:

"C:\Octopus\OctopusServer\Tools\Octopus.Dependencies.TerraformCLI\0.11.7\contentFiles\any\win\plugins\windows_386\terraform-provider-azurerm_v1.13.0_x4.exe: Access is denied… "

If you need the full log, let me know.

I tried to download the provider plugin and save it in a different folder “C:\TerraformPlugins”, but i get the same error. I’m running on Octopus Cloud and the step is supposed to run on the server.

How can I solve this issue?

Thank you,

(Mark Siedle) #3

Hi Theodor,

Thanks for getting in touch.

Unfortunately this is a known issue that describes the problem. You can track this issue to be notified when a fix is available.

Currently our Terraform dependencies include a single version of AWS (1.14.0) and Azure (0.1.1) providers. Because your script is depending on 1.13.0 of the Azure provider, it’s trying to download and unpack this dependency. For on-prem Octopus servers, this is no problem. However on cloud-hosted instances of Octopus there are restricted permissions that are then producing that “access denied” error.

We can look at updating the versions we have bundled in our dependencies, then they wouldn’t need to download and unpack. But this is an ongoing problem we need to solve as new versions are released.

Are you able to try using the 0.1.1 version we have available at the moment in your script, or does your script rely on features from the newer plugins?


(Theodor Chichirita) #4

Thank you Mark, I’ll try to downgrade to the 0.1.1 version until the issue is fixed.



I just tried to downgrade to 0.1.1 but that’s a quite old version, and it’s missing quite a few resources.
Is there any workaround I can use to run on a newer one, preferable 1.13?

(Mark Siedle) #5

Hi Theodor,

Until we can automate a solution to keep these plugins up to date with latest, I’ve uploaded the latest AzureRM Terraform provider version 1.13.0 to this dependency repo.

That will generate a new package dependency that is included in Octopus.Server in the next release (looking like 2018.8.1 which will happen next week). Then you’ll also have to wait until that release gets rolled out to the Octopus Cloud / hosted instances.

Sorry for the bad news. But hopefully the turnaround time won’t be too long for you. This is just an unfortunate (but necessary) limitation of cloud hosted instances due to security considerations.

Hope this helps.


(Peri Thompson) #6

Hi Mark,

This has now moved on again and we are up to 1.17.0, what is the latest version can I reliably use for this and can we get the packages updated please and is there any update on when this is going to be maintained automatically?

Many Thanks,

(Mark Siedle) #7

Hi, We’ve updated our Terraform dependencies to include AzureRM 1.17.0. This will go out in the next release (likely 2018.9.1).

Sorry there’s no update on when this will be automatically updated.