terraform icon indicating copy to clipboard operation
terraform copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Terraform does not respect gitconfig

Open okgolove opened this issue 3 years ago • 5 comments

I want to config SSH settings for git using gitconfig files and make Terraform using these settings but currently Terraform completely ignores gitconfig.

Terraform Version

Terraform v1.0.0
on linux_amd64

Terraform Configuration Files

module "test" {
  source = "[email protected]:terraform-aws-modules/terraform-aws-vpc.git"
}

Debug Output

https://gist.github.com/okgolove/2392f3245375aae488a21bcffd50cbcb

Crash Output

Expected Behavior

Terraform fails with permission denied error but ssh command settings are used by Terraform and there are verbose logs

Actual Behavior

Terraform fails with permission denied error, no ssh command verbose output, so, settings from gitconfig are ignored

Steps to Reproduce

  1. git config --global core.sshCommand "ssh -vvv"
  2. terraform init
  3. terraform apply
  4. There is an error [email protected]: Permission denied (publickey). but no ssh command verbose output

Additional Context

Is you set GIT_SSH_COMMAND variable directly everything works and an verbose output is shown:

GIT_SSH_COMMAND="ssh -vvv" terraform init

References

okgolove avatar Jun 16 '21 13:06 okgolove

Hi @okgolove !

This appears to be an issue with the upstream go-getter library. This library (eventually) calls git directly, so most of the time it will honor any .gitconfig settings. However there is an exception (according to this go-getter issue: any ssh setting in configuration gets overridden, while any existing GIT_SSH_COMMAND environment variable is not (more details are in the linked issue).

I'll label this so we can keep track of it. Thanks, and sorry for the unexpected behavior!

mildwonkey avatar Jun 18 '21 15:06 mildwonkey

@mildwonkey thanks for the description. Hope one day https://github.com/hashicorp/go-getter/pull/300 will be merged :)

okgolove avatar Jun 19 '21 08:06 okgolove

The same problem appears with url config in gitconfig.

mvoitko avatar Feb 08 '22 14:02 mvoitko

@mildwonkey

Hi Kristin,

Any chance of you nudging the right people to get https://github.com/hashicorp/go-getter/pull/300 merged?

The fix for the upstream library has been sitting unloved for over a year! It's a small change that would make a big difference for a lot of folks bitten by this bug!

It's taken an inordinate amount of time to troubleshoot and find the root cause of this issue!

Merging the fix and updating Terraform to use the newer version of go-getter would be very much appreciated!

DanHam avatar Mar 05 '22 23:03 DanHam

@mildwonkey / @DanHam any update on getting https://github.com/hashicorp/go-getter/pull/300 merged?

n0rig avatar Mar 22 '22 18:03 n0rig

I hate to bump issue threads (small audience, sorry guys...) but is there any update on this? Our team are about to moved to github.com and I'm documenting the client setup. This is horrible. We are using .gitconfig in our codebases, but this totally breaks our terraform modules that are sourced using git. This forces us to try to implement overrides via .ssh/config, but that's nasty since they are based on the hostname (which is always github.com).

raffraffraff avatar Mar 15 '23 11:03 raffraffraff

@raffraffraff

It took just over 2 years 2 months.... but the upstream fix in hashicorp/go-getter#300 has just been merged! :tada:

All we need to do now is wait:

  • For someone to release a new version of go-getter with the needed fix
  • For someone here to then update the version of go-getter used by terraform in go.mod
  • For a version of Terraform to then be released with the fix

DanHam avatar Mar 17 '23 19:03 DanHam

hashicorp/go-getter#300 is finally merged. Praise be to @kmoe.

theherk avatar Mar 17 '23 19:03 theherk

So that means updating the dependency of go-getter would be sufficient to mark this one as fixed?

Edit: I guess there is no release with that fix yet.

maunzCache avatar Apr 24 '23 07:04 maunzCache

@maunzCache

Unfortunately, no - Please see my comment above https://github.com/hashicorp/terraform/issues/28968#issuecomment-1474323708 for the steps required to resolve this.

DanHam avatar Apr 24 '23 08:04 DanHam

Just FYI the blocker right now is getting the Nomad team to sign off on the change, as we share the go-getter v1 dependency.

crw avatar Apr 24 '23 22:04 crw

Following up in https://github.com/hashicorp/nomad/issues/16541#issuecomment-1652317641.

crw avatar Jul 26 '23 18:07 crw

Hello from Nomad Engineering! :wave: Apologies for the hold-up from our end. go-getter v1.7.2 has been released: https://github.com/hashicorp/go-getter/releases/tag/v1.7.2

tgross avatar Jul 26 '23 20:07 tgross

Sorry for the noise but github really needs a crying emoji for this. Thanks a lot @tgross

maunzCache avatar Jul 27 '23 14:07 maunzCache

Now that TF 1.6 is releases the git config settings work but it ignoring the GIT_SSH_COMMAND variable. I don't know if this is intended behavior but it broke my processes.

Now I do both to make sure it works:

export GIT_SSH_COMMAND="ssh -i /my/ssh_key"
git config --global core.sshCommand "$GIT_SSH_COMMAND"

xsaero00 avatar Oct 04 '23 22:10 xsaero00

@xsaero00 I would imagine that is unintended, although I have not deeply examined the source. Since the original issue is resolved, I am going to close this issue; please open a new issue with the new problem. Thanks for reporting it!

crw avatar Oct 04 '23 22:10 crw

Reported in https://github.com/hashicorp/terraform/issues/33985

StephenKing avatar Oct 05 '23 09:10 StephenKing

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Dec 09 '23 02:12 github-actions[bot]