terraform-provider-github icon indicating copy to clipboard operation
terraform-provider-github copied to clipboard
verified publisher icon integrations

[Feature Request] Allow app_auth using path to PEM file (ex: GITHUB_APP_PEM_FILE_PATH) with precedence over GITHUB_APP_PEM_FILE

Open dgteixeira opened this issue 4 years ago • 4 comments

Hi there,

Software Versions

Terraform:

Terraform v1.0.7
on linux_amd64

GitHub Provider:

    github = {
      source  = "integrations/github"
      version = "~> 4.14.0"
    }

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration Files

provider "github" {
  owner = var.org_name
  app_auth {} # When using `GITHUB_APP_XXX` environment variables - GITHUB_APP_ID + GITHUB_APP_INSTALLATION_ID + GITHUB_APP_PEM_FILE
}

Expected Behavior

GitHub provider should accept an environment variable like GITHUB_APP_PEM_FILE_PATH that should take precedence over GITHUB_APP_PEM_FILE, if it is set as an environment variable.

Actual Behavior

Whenever I try to insert a path in GITHUB_APP_PEM_FILE instead of the contents, I get the following error:

╷
│ Error: No decodeable PEM data found
│
│ with provider["registry.terraform.io/integrations/github"],
│ on main.tf line 17, in provider "github":
│ 17: provider "github" {
│
╵

Steps to Reproduce

  1. Create a root module with github provider with an empty app_auth{} configuration;
  2. Create env variables for GITHUB_APP_ID + GITHUB_APP_INSTALLATION_ID + GITHUB_APP_PEM_FILE (this one using a path to a file):

Important Factoids

We wanted this feature because we have atlantis deployed on a Kubernetes cluster and we want it to manage our github organization. On K8s, it is preferable to mount the certificate on a file (with restrict access) than importing its contents as a env var.

References

  • GitHub Issue #861

dgteixeira avatar Oct 18 '21 15:10 dgteixeira

Same thing, version 5.9.0 still has no support for this

│ Error: no decodeable PEM data found
│ 
│   with provider["registry.terraform.io/integrations/github"],
│   on config.tf line 83, in provider "github":
│   83: provider "github" {
│ 
╵
make: *** [Makefile:44: plan] Error 1

dmitry-mightydevops avatar Nov 19 '22 01:11 dmitry-mightydevops

if it wasn't clear, should use the file function

provider "github" {
  owner = "joshjohanning-org"
  app_auth {
    id              = var.app_id                                # or `GITHUB_APP_ID`
    installation_id = var.app_installation_id  # or `GITHUB_APP_INSTALLATION_ID`
    pem_file        = file(var.app_pem_file)                    # or `GITHUB_APP_PEM_FILE`
  }
}

joshjohanning avatar Sep 15 '23 20:09 joshjohanning

I feel like the naming of the pem_file argument in app_auth is a little confusing because it expects the content of the file, not its path. Maybe calling it private_key would have been clearer (I know PEM files can be more than just a private key...)

laurenty avatar Oct 02 '23 20:10 laurenty

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

github-actions[bot] avatar Jun 29 '24 01:06 github-actions[bot]