Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider/aws: Migrate KeyPair to version 1 #3470

Merged
merged 1 commit into from
Oct 12, 2015
Merged

provider/aws: Migrate KeyPair to version 1 #3470

merged 1 commit into from
Oct 12, 2015

Conversation

catsby
Copy link
Contributor

@catsby catsby commented Oct 9, 2015

This PR upgrades resource_aws_key_pair to version 1.
It fixes #3455 , where reading a key with the file() included a trailing \n.

Copying and pasting that same public key (typically?) did not include this \n.
For example, swapping out the public_key method for the full string below should result in no change:

resource "aws_key_pair" "ssh_thing" {
  key_name = "tf-testing-file"
  public_key = "${file("~/.ssh/github_rsa.pub")}"
  #public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LBtwcFsQAYWw1cn== ctshryock"
}

Gives this plan:

+ aws_key_pair.ssh_thing
    fingerprint: "" => "<computed>"
    key_name:    "" => "tf-testing-file"
    public_key:  "" => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LBtwcFsQAYWw1cn== ctshryock\n"

vs.

resource "aws_key_pair" "ssh_thing" {
  key_name = "tf-testing-file"
  #public_key = "${file("~/.ssh/github_rsa.pub")}"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LBtwcFsQAYWw1cn== ctshryock"
}

and

+ aws_key_pair.ssh_thing
    fingerprint: "" => "<computed>"
    key_name:    "" => "tf-testing-file"
    public_key:  "" => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LBtwcFsQAYWw1cn== ctshryock"

Swapping file() and the full string in-line should not produce a change, but on master it does.

This PR uses strings.TrimSpace() to trim off the trailing \n.

@catsby
Copy link
Contributor Author

catsby commented Oct 9, 2015

Worth noting too, that I checked both formats (with or without \n) to make sure the ability to SSH was maintained 👍

@catsby catsby mentioned this pull request Oct 9, 2015
Closed
@phinze
Copy link
Contributor

phinze commented Oct 12, 2015

LGTM

catsby added a commit that referenced this pull request Oct 12, 2015
@catsby
Merge pull request #3470 from hashicorp/b-aws-key-pair-key-sig
a1f2b82 
provider/aws: Migrate KeyPair to version 1
@catsby catsby merged commit a1f2b82 into master Oct 12, 2015
@catsby catsby deleted the b-aws-key-pair-key-sig branch October 12, 2015 21:33
@mitchellh
Copy link
Contributor

Yeah, this seems right to me. ${file} is doing the right thing and reading the file byte for byte. SSH is just trimming the space off the end. Modifying the state storage is correct.

phinze added a commit that referenced this pull request Oct 20, 2015
@phinze
core: state metadata difference should bump serial
fca44bd 
Remote state includes MD5-based checksumming to protect against State
conflicts. This can generate improper conflicts with states that differ
only in their Schema version.

We began to see this issue with
#3470 which changes the
"schema_version" of aws_key_pairs.
@phinze phinze mentioned this pull request Oct 20, 2015
Merged
@duttadeep55
Copy link

Solved Solution 👍

resource "aws_key_pair" "deployer" {
key_name = "deployer-key"
public_key = "${file("ssh/insecure-deployer.pub")}"
}

This worked for me. :)

produce with terraform plan

  • aws_key_pair.deployer
    fingerprint: ""
    key_name: "deployer-key"
    public_key: "ssh-rsa xxx insecure-deployer"

@duttadeep55
Copy link

But for the instance creation I am getting a long wait and ending

aws_instance.nat: Provisioning with 'remote-exec'...
aws_instance.nat (remote-exec): Connecting to remote host via SSH...
aws_instance.nat (remote-exec): Host: 52.213.15.2
aws_instance.nat (remote-exec): User: centos
aws_instance.nat (remote-exec): Password: false
aws_instance.nat (remote-exec): Private key: false
aws_instance.nat (remote-exec): SSH Agent: true
aws_instance.nat: Still creating... (30s elapsed)
aws_instance.nat: Still creating... (40s elapsed)
aws_instance.nat (remote-exec): Connecting to remote host via SSH...
aws_instance.nat (remote-exec): Host: 52.213.15.2
aws_instance.nat (remote-exec): User: centos
aws_instance.nat (remote-exec): Password: false
aws_instance.nat (remote-exec): Private key: false
aws_instance.nat (remote-exec): SSH Agent: true
aws_instance.nat: Still creating... (50s elapsed)
aws_instance.nat (remote-exec): Connecting to remote host via SSH...
aws_instance.nat (remote-exec): Host: 52.213.15.2
aws_instance.nat (remote-exec): User: centos
aws_instance.nat (remote-exec): Password: false
aws_instance.nat (remote-exec): Private key: false
aws_instance.nat (remote-exec): SSH Agent: true
aws_instance.nat: Still creating... (1m0s elapsed)
aws_instance.nat: Still creating... (1m10s elapsed)
^[[Baws_instance.nat (remote-exec): Connecting to remote host via SSH...
aws_instance.nat (remote-exec): Host: 52.213.15.2
aws_instance.nat (remote-exec): User: centos
aws_instance.nat (remote-exec): Password: false
aws_instance.nat (remote-exec): Private key: false
aws_instance.nat (remote-exec): SSH Agent: true

@duttadeep55
Copy link

Error applying plan:

1 error(s) occurred:

  • ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

@ghost
Copy link

ghost commented Apr 20, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

aws_key_pair: updates AWS keypair unnecessarily
4 participants
@catsby @phinze @mitchellh @duttadeep55