[Feature Request] Allow app_auth using path to PEM file (ex: GITHUB_APP_PEM_FILE_PATH) with precedence over GITHUB_APP_PEM_FILE

[dgteixeira]

Hi there,

Software Versions

Terraform:

Terraform v1.0.7
on linux_amd64

GitHub Provider:

    github = {
      source  = "integrations/github"
      version = "~> 4.14.0"
    }

Affected Resource(s)

Please list the resources as a list, for example:

• github_provider

Terraform Configuration Files

provider "github" {
  owner = var.org_name
  app_auth {} # When using `GITHUB_APP_XXX` environment variables - GITHUB_APP_ID + GITHUB_APP_INSTALLATION_ID + GITHUB_APP_PEM_FILE
}

Expected Behavior

GitHub provider should accept an environment variable like GITHUB_APP_PEM_FILE_PATH that should take precedence over GITHUB_APP_PEM_FILE, if it is set as an environment variable.

Actual Behavior

Whenever I try to insert a path in GITHUB_APP_PEM_FILE instead of the contents, I get the following error:

╷
│ Error: No decodeable PEM data found
│
│ with provider["registry.terraform.io/integrations/github"],
│ on main.tf line 17, in provider "github":
│ 17: provider "github" {
│
╵

Steps to Reproduce

1. Create a root module with github provider with an empty app_auth{} configuration;
2. Create env variables for GITHUB_APP_ID + GITHUB_APP_INSTALLATION_ID + GITHUB_APP_PEM_FILE (this one using a path to a file):

Important Factoids

We wanted this feature because we have atlantis deployed on a Kubernetes cluster and we want it to manage our github organization. On K8s, it is preferable to mount the certificate on a file (with restrict access) than importing its contents as a env var.

References

• GitHub Issue #861