Skip to content

fix: Update Terraform MCP server tool permissions #232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 1, 2025
Merged

fix: Update Terraform MCP server tool permissions #232

merged 1 commit into from
Sep 1, 2025

Conversation

lgallard
Copy link
Owner

@lgallard lgallard commented Sep 1, 2025

Fix Tool Permissions for HashiCorp Terraform MCP Server

Problem Identified

After fixing MCP connectivity, workflow failing due to tool permission mismatch:

  • MCP Connectivity: Both terraform and context7 servers connecting successfully
  • Tool Permissions: Claude trying to use mcp__terraform__get_latest_provider_version but only mcp__terraform-server__* tools were allowed

Root Cause

HashiCorp Terraform MCP server uses different tool naming pattern than expected:

  • HashiCorp Server Tools: mcp__terraform__search_providers, mcp__terraform__get_provider_details, etc.
  • Previous Workflow: Expected mcp__terraform-server__getProviderDocs, mcp__terraform-server__resolveProviderDocID, etc.

Solution

Updated allowed_tools to match HashiCorp MCP server actual tool names for providers, modules, and policies toolsets.

Evidence

MCP servers now show connected status but tool permission errors prevent execution.

Resolves: #224

@lgallard
fix: Update Terraform MCP server tool permissions
fafca47 
- Fix tool name mismatch with HashiCorp terraform-mcp-server
- Use correct tool names: mcp__terraform__search_providers, etc.
- Previous run showed MCP connectivity working but permission errors
- Both terraform and context7 servers now connect successfully

Resolves: #224
@lgallard lgallard self-assigned this Sep 1, 2025
@lgallard lgallard mentioned this pull request Sep 1, 2025
Closed
@lgallard lgallard merged commit f86ae31 into master Sep 1, 2025
38 of 39 checks passed
@lgallard lgallard deleted the fix/terraform-mcp-tool-permissions branch September 1, 2025 01:37
@github-actions github-actions bot mentioned this pull request Sep 1, 2025
Merged
@lgallard
Copy link
Owner Author

lgallard commented Sep 1, 2025

🎉 SUCCESS! This PR fixes Issue #224

Validation Results

Latest Workflow Run: https://github.com/lgallard/terraform-aws-backup/actions/runs/17365092199

MCP Server Connectivity - RESOLVED ✅

  • Terraform: "status": "connected"
  • Context7: "status": "connected"
  • Evidence: Both servers connecting successfully via Docker and NPX respectively

Tool Permissions - RESOLVED ✅

  • Before: Permission errors for HashiCorp tool names
  • After: All tools accessible, no permission errors
  • Fix: Updated allowed_tools to match HashiCorp server's actual API

Claude Code Feature Discovery - WORKING ✅

  • Status: "conclusion": "success"
  • Duration: 4+ minutes of successful execution
  • Evidence: Full analysis completed, feature discovery functional

Issue Creation

  • No new features discovered (module appears up to date)
  • Workflow properly configured for issue creation when features found

📋 Technical Resolution Summary

  1. MCP Connectivity: Fixed by switching to official HashiCorp Docker-based terraform-mcp-server
  2. Tool Permissions: Fixed by updating allowed_tools to match HashiCorp server's naming convention
  3. End-to-End Functionality: Verified working via successful 4+ minute workflow execution

Ready to merge - Issue #224 is resolved! 🚀

@lgallard lgallard mentioned this pull request Sep 1, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lgallard lgallard

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add id-token: write to workflow permissions to fix OIDC error
1 participant
@lgallard