Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform / go-getter git does not read local .gitconfig or .git/config and defaults to always try to use id_rsa #33019

Closed
NicoForce opened this issue Apr 11, 2023 · 3 comments
Closed

Terraform / go-getter git does not read local .gitconfig or .git/config and defaults to always try to use id_rsa #33019

NicoForce opened this issue Apr 11, 2023 · 3 comments
Labels
bug duplicate issue closed because another issue already tracks this problem

Comments

@NicoForce
Copy link

Terraform Version

Terraform v1.2.1

Terraform Configuration Files

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.51.0"
    }
  }
  required_version = ">= 1.2"
}

module "eks" {
  source                          = "[email protected]:xxx/terraform_shared_modules.git//modules/eks"
}

Debug Output

Expected Behavior

Terraform init should use the right ssh key based on the included git configuration.

Actual Behavior

For some reason terraform is always looking for the default id_rsa file even if git config -l says otherwise.

When ~/.ssh/id_rsa does not exist:

╷
│ Error: Failed to download module
│ 
│ Could not download module "eks" (main.tf:54) source code from
│ "git::ssh://[email protected]/xxx/terraform_shared_modules.git": error downloading
│ 'ssh://[email protected]/xxx/terraform_shared_modules.git': /usr/bin/git exited with 128: Cloning into
│ '.terraform/modules/eks'...
│ [email protected]: Permission denied (publickey).
│ fatal: Could not read from remote repository.
│ 
│ Please make sure you have the correct access rights
│ and the repository exists.
│ 
╵

When ~/.ssh/id_rsa does exist but belongs to a different Github account that does not have access to the private repository:

╷
│ Error: Failed to download module
│ 
│ Could not download module "eks" (main.tf:54) source code from
│ "git::ssh://[email protected]/xxx/terraform_shared_modules.git": error downloading
│ 'ssh://[email protected]/xxx/terraform_shared_modules.git': /usr/bin/git exited with 128: Cloning into
│ '.terraform/modules/eks'...
│ ERROR: Repository not found.
│ fatal: Could not read from remote repository.
│ 
│ Please make sure you have the correct access rights
│ and the repository exists.
│ 
╵

Steps to Reproduce

  1. terraform init

Additional Context

The repository where the module exists is private.

Unsure if the issue is caused in go-getter or in terraform, related pieces of code:

I created a simple script to test local behavior of the os/exec/Command:

package main

import (
	"log"
	"os/exec"
	"bytes"
)

func main() {
	args := []string{"config", "-l"}
	cloneArgs := []string{"clone", "[email protected]:xxx/terraform_shared_modules.git"}
	pwd := exec.Command("pwd")
	cmd := exec.Command("git", args...)
	clone := exec.Command("git", cloneArgs...)
	var outb, errb bytes.Buffer
	pwd.Stdout = &outb
	cmd.Stdout = &outb
	clone.Stdout = &outb
	clone.Stderr = &errb
	pwd.Run()
	cmd.Run()
	clone.Run()
	log.Println("\n", outb.String(), "\nerr:", errb.String())
}

And it clones without issue, so there seems to be some truth to @mkielar 's comment when it mentions that go-getter git does not use the local .git/config or .gitconfig.

Related global .gitconfig:

[core]
    sshCommand = ssh -i ~/.ssh/personal_rsa -F /dev/null
[push]
    autoSetupRemote = true
[pull]
    rebase = false

Unrelated to the actual issue setting export GIT_SSH_COMMAND="ssh -i ~/.ssh/work_id_rsa" for example, does work but I would guess if git runs as expected the above issue should work as well.

References
@NicoForce NicoForce added bug new new issue not yet triaged labels Apr 11, 2023
@crw
Copy link
Collaborator

crw commented Apr 12, 2023

I believe this is a duplication of #28968 and is fixed in hashicorp/go-getter#300.

I need to follow up on is when / if hashicorp/terraform updated the dependency on go-getter. I'll check that out and close the original issue if so.

Can you please confirm whether this is in fact a duplicate? Or, is is this a different issue?

@NicoForce
Copy link
Author

I believe it's a duplicate of #28968, will go ahead and watch the other issue, thanks for the heads up!

@crw crw added duplicate issue closed because another issue already tracks this problem and removed new new issue not yet triaged labels Apr 12, 2023
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug duplicate issue closed because another issue already tracks this problem
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crw @NicoForce