<!-- Hi there, Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html. If your issue relates to Terraform Cloud/Enterprise, please contact tf-cloud@hashicorp.support. If your issue relates to a specific Terraform provider, please open it in the provider's own repository. The index of providers is at https://registry.terraform.io/browse/providers. To fix problems, we need clear reproduction cases - we need to be able to see it happen locally. A reproduction case is ideally something a Terraform Core engineer can git-clone or copy-paste and run immediately, without inventing any details or context. * A short example can be directly copy-pasteable; longer examples should be in separate git repositories, especially if multiple files are needed * Please include all needed context. For example, if you figured out that an expression can cause a crash, put the expression in a variable definition or a resource * Set defaults on (or omit) any variables. The person reproducing it should not need to invent variable settings * If multiple steps are required, such as running terraform twice, consider scripting it in a simple shell script. Providing a script can be easier than explaining what changes to make to the config between runs. * Omit any unneeded complexity: remove variables, conditional statements, functions, modules, providers, and resources that are not needed to trigger the bug * When possible, use the [null resource](https://www.terraform.io/docs/providers/null/resource.html) provider rather than a real provider in order to minimize external dependencies. We know this isn't always feasible. The Terraform Core team doesn't have deep domain knowledge in every provider, or access to every cloud platform for reproduction cases. --> ### Terraform Version <!--- Run `terraform version` to show the version, and paste the result between the ``` marks below. If you are not running the latest version of Terraform, please try upgrading because your issue may have already been fixed. --> ``` Terraform v1.0.4 on linux_amd64 + provider registry.terraform.io/equinix/metal v3.1.0 + provider registry.terraform.io/hashicorp/aws v3.53.0 + provider registry.terraform.io/hashicorp/null v3.1.0 ``` ### Terraform Configuration Files <!-- Paste the relevant parts of your Terraform configuration between the ``` marks below. For Terraform configs larger than a few resources, or that involve multiple files, please make a GitHub repository that we can clone, rather than copy-pasting multiple files in here. For security, you can also encrypt the files using our GPG public key at https://www.hashicorp.com/security. --> `providers.tf` ```terraform terraform { required_providers { aws = { source = "hashicorp/aws" } metal = { source = "equinix/metal" } } ``` `main.tf` ```terraform resource "null_resource" "remote-exec-test" { provisioner "remote-exec" { inline = [ #"ansible-playbook /home/user/config_deploy_del_rm_test/hw.yml", "ansible-playbook --version", "terraform version", "echo Done!", ] } connection { type = "ssh" user = "ubuntu" host = "8.8.8.8" timeout = "20s" private_key = file("${path.module}/aws_terra_ansible") #private_key = file("~/.ssh/aws_terra_ansible") #private_key = file("/home/user/.ssh/aws_terra_ansible") #private_key = "${file(var.ssh_key_private)}" #private_key = file("${var.ssh_key_private}") #private_key = "${file("~/.ssh/aws_terra_ansible")}" #private_key = "${file("/home/user/.ssh/aws_terra_ansible")}" } ``` `variables.tf` ```terraform variable "ssh_key_private" { default = "~/.ssh/aws_terra_ansible" } ``` `backend.tf` ```terraform terraform { backend "remote" { organization = "org-name" workspaces { name = "ws-name" } } } } ``` ### Debug Output <!-- Full debug output can be obtained by running Terraform with the environment variable `TF_LOG=trace`. Please create a GitHub Gist containing the debug output. Please do _not_ paste the debug output in the issue, since debug output is long. Debug output may contain sensitive information. Please review it before posting publicly, and if you are concerned feel free to encrypt the files using the HashiCorp security public key. --> `TF_LOG=TRACE` gave no additional information ### Crash Output <!-- If the console output indicates that Terraform crashed, please share a link to a GitHub Gist containing the output of the `crash.log` file. --> NIL ### Expected Behavior <!-- What should have happened? --> When using `private_key = "${file(var.ssh_key_private)}"` run executes showing ```terraform null_resource.remote-exec-test (remote-exec): Connected! null_resource.remote-exec-test (remote-exec): ansible-playbook [core 2.11.3] null_resource.remote-exec-test (remote-exec): config file = None null_resource.remote-exec-test (remote-exec): configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] null_resource.remote-exec-test (remote-exec): ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible null_resource.remote-exec-test (remote-exec): ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections null_resource.remote-exec-test (remote-exec): executable location = /usr/local/bin/ansible-playbook null_resource.remote-exec-test (remote-exec): python version = 3.8.10 (default, Jun 2 2021, 10:49:15) [GCC 9.4.0] null_resource.remote-exec-test (remote-exec): jinja version = 2.10.1 null_resource.remote-exec-test (remote-exec): libyaml = True null_resource.remote-exec-test (remote-exec): Terraform v1.0.4 null_resource.remote-exec-test (remote-exec): on linux_amd64 null_resource.remote-exec-test (remote-exec): Done! null_resource.remote-exec-test: Creation complete after 6s ``` ### Actual Behavior <!-- What actually happened? --> The only string that works for the `private_key` is `file("${path.module}/aws_terra_ansible")` This requires me to copy my key to every directory I intend to run a `tf` workflow All other combinations (as listed in `main.tf`) error as documented below **Run 1** Using `private_key = file("~/.ssh/aws_terra_ansible")` results in error ```terraform │ Error: Invalid function argument │ │ on pb_rm.tf line 18, in resource "null_resource" "remote-exec-test": │ 18: private_key = file("~/.ssh/aws_terra_ansible") # Error: Invalid function argument │ │ Invalid value for "path" parameter: no file exists at │ ~/.ssh/aws_terra_ansible; this function works only with files that are │ distributed as part of the configuration source code, so if this file will │ be created by a resource in this configuration you must instead obtain this │ result from an attribute of that resource. ``` **Run 2** Using `private_key = file("/home/user/.ssh/aws_terra_ansible")` results in error ```terraform │ Error: Invalid function argument │ │ on pb_rm.tf line 19, in resource "null_resource" "remote-exec-test": │ 19: private_key = file("/home/user/.ssh/aws_terra_ansible") │ │ Invalid value for "path" parameter: no file exists at │ /home/user/.ssh/aws_terra_ansible; this function works only with files │ that are distributed as part of the configuration source code, so if this │ file will be created by a resource in this configuration you must instead │ obtain this result from an attribute of that resource. ``` **Run 3** Using `private_key = "${file(var.ssh_key_private)}"` results in error ```terraform │ Error: Invalid function argument │ │ on pb_rm.tf line 20, in resource "null_resource" "remote-exec-test": │ 20: private_key = "${file(var.ssh_key_private)}" │ ├──────────────── │ │ var.ssh_key_private is "~/.ssh/aws_terra_ansible" │ │ Invalid value for "path" parameter: no file exists at │ ~/.ssh/aws_terra_ansible; this function works only with files that are │ distributed as part of the configuration source code, so if this file will │ be created by a resource in this configuration you must instead obtain this │ result from an attribute of that resource. ``` **Run 4** Using `private_key = file("${var.ssh_key_private}")` results in error ```terraform │ Error: Invalid function argument │ │ on pb_rm.tf line 21, in resource "null_resource" "remote-exec-test": │ 21: private_key = file("${var.ssh_key_private}") │ ├──────────────── │ │ var.ssh_key_private is "~/.ssh/aws_terra_ansible" │ │ Invalid value for "path" parameter: no file exists at │ ~/.ssh/aws_terra_ansible; this function works only with files that are │ distributed as part of the configuration source code, so if this file will │ be created by a resource in this configuration you must instead obtain this │ result from an attribute of that resource. ``` **Run 5** Using `private_key = "${file("~/.ssh/aws_terra_ansible")}"` results in error ```terraform │ Error: Invalid function argument │ │ on pb_rm.tf line 22, in resource "null_resource" "remote-exec-test": │ 22: private_key = "${file("~/.ssh/aws_terra_ansible")}" │ │ Invalid value for "path" parameter: no file exists at │ ~/.ssh/aws_terra_ansible; this function works only with files that are │ distributed as part of the configuration source code, so if this file will │ be created by a resource in this configuration you must instead obtain this │ result from an attribute of that resource. ``` **Run 6** Using `private_key = "${file("/home/user/.ssh/aws_terra_ansible")}"` results in error ```terraform │ Error: Invalid function argument │ │ on pb_rm.tf line 23, in resource "null_resource" "remote-exec-test": │ 23: private_key = "${file("/home/user/.ssh/aws_terra_ansible")}" │ │ Invalid value for "path" parameter: no file exists at │ /home/user/.ssh/aws_terra_ansible; this function works only with files │ that are distributed as part of the configuration source code, so if this │ file will be created by a resource in this configuration you must instead │ obtain this result from an attribute of that resource. ``` ### Steps to Reproduce <!-- Please list the full steps required to reproduce the issue, for example: 1. `terraform login` 2. `terraform init` 3. `terraform apply -auto-approve` --> 1. `terraform login` 2. Modify `main.tf` to enable the `private_key` string 3. `terraform init` 3. `terraform apply -auto-approve` ### Additional Context <!-- Are there anything atypical about your situation that we should know? For example: is Terraform running in a wrapper script or in a CI system? Are you passing any unusual command line options or environment variables to opt-in to non-default behavior? --> I have created a new `Organisation` and new `workspace` in Terraform Cloud to rule out corruption, cache issues etc - the same error occurs no matter what When you remove the remote backend and use local state, all combinations of the `private_key` string work 1. `rm -rf backend.tf` 2. `rm -rf .terraform` 3. `rm -rf .terraform.lock.hcl` 4. `terrform init` 5. `terraform apply -auto-approve` run executes with no errors ```terraform user@terraform:~/config_deploy_del_rm_test_aws$ rm -rf backend.tf user@terraform:~/config_deploy_del_rm_test_aws$ rm -rf .terraform user@terraform:~/config_deploy_del_rm_test_aws$ rm -rf .terraform.lock.hcl user@terraform:~/config_deploy_del_rm_test_aws$ terraform init Initializing the backend... Initializing provider plugins... - Finding latest version of equinix/metal... - Finding latest version of hashicorp/aws... - Finding latest version of hashicorp/null... - Installing equinix/metal v3.1.0... - Installed equinix/metal v3.1.0 (signed by a HashiCorp partner, key ID 11111111111111111) - Installing hashicorp/aws v3.53.0... - Installed hashicorp/aws v3.53.0 (signed by HashiCorp) - Installing hashicorp/null v3.1.0... - Installed hashicorp/null v3.1.0 (signed by HashiCorp) Partner and community providers are signed by their developers. If you'd like to know more about provider signing, you can read about it here: https://www.terraform.io/docs/cli/plugins/signing.html Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. user@terraform:~/config_deploy_del_rm_test_aws$ terraform apply -auto-approve Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # null_resource.remote-exec-test will be created + resource "null_resource" "remote-exec-test" { + id = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. null_resource.remote-exec-test: Creating... null_resource.remote-exec-test: Provisioning with 'remote-exec'... null_resource.remote-exec-test (remote-exec): Connecting to remote host via SSH... null_resource.remote-exec-test (remote-exec): Host: 8.8.8.8 null_resource.remote-exec-test (remote-exec): User: ubuntu null_resource.remote-exec-test (remote-exec): Password: false null_resource.remote-exec-test (remote-exec): Private key: true null_resource.remote-exec-test (remote-exec): Certificate: false null_resource.remote-exec-test (remote-exec): SSH Agent: false null_resource.remote-exec-test (remote-exec): Checking Host Key: false null_resource.remote-exec-test (remote-exec): Target Platform: unix null_resource.remote-exec-test (remote-exec): Connected! null_resource.remote-exec-test (remote-exec): ansible-playbook [core 2.11.3] null_resource.remote-exec-test (remote-exec): config file = None null_resource.remote-exec-test (remote-exec): configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] null_resource.remote-exec-test (remote-exec): ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible null_resource.remote-exec-test (remote-exec): ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections null_resource.remote-exec-test (remote-exec): executable location = /usr/local/bin/ansible-playbook null_resource.remote-exec-test (remote-exec): python version = 3.8.10 (default, Jun 2 2021, 10:49:15) [GCC 9.4.0] null_resource.remote-exec-test (remote-exec): jinja version = 2.10.1 null_resource.remote-exec-test (remote-exec): libyaml = True null_resource.remote-exec-test (remote-exec): Terraform v1.0.4 null_resource.remote-exec-test (remote-exec): on linux_amd64 null_resource.remote-exec-test (remote-exec): Done! null_resource.remote-exec-test: Creation complete after 6s [id=5339437438430000926] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. ``` ### References <!-- Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example: - #6017 -->