-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] git.latest fails with permission error on macOS when using identity file and non-standard user #57233
Comments
Right now I have no chance to reproduce this on MacOS. The described configuration works good for me in Linux. Probably it's something specific for Mac. @tam-core could anyone try this? |
I've just found that it actually isn't an issue with the machine running both the master and a minion, it seems to be some other identity/ssh/permission issue. I disabled the ssh config and other old keys for the user on a different machine running a minion and also cleared out the stored keys using |
So, I just ran this command on the machine running the minion that exhibits this behavior as mentioned above: ...
[INFO ] Checking remote revision for git@github.com:<repo>.git
[DEBUG ] In saltenv 'base', ** considering ** path '/tmp/__salt.tmp.5n5z96o9' to resolve 'salt://data/ssh/<key>'
[DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://data/ssh/<key>'
[INFO ] Fetching file from saltenv 'base', ** done ** 'data/ssh/<key>'
[WARNING ] /usr/local/Cellar/salt/3000.1/libexec/lib/python3.7/site-packages/salt/modules/file.py:32: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3,and in 3.9 it will stop working
from collections import Iterable, Mapping, namedtuple
[DEBUG ] LazyLoaded file.user_to_uid
[INFO ] Attempting git authentication using identity file /tmp/__salt.tmp.5n5z96o9
[INFO ] Executing command ['git', 'ls-remote', 'git@github.com:<repo>.git'] as user '<user>' in directory '/Users/<user>'
[WARNING ] /usr/local/Cellar/salt/3000.1/libexec/lib/python3.7/site-packages/salt/utils/decorators/signature.py:31: DeprecationWarning: `formatargspec` is deprecated since Python 3.5. Use `signature` and the `Signature` object directly
*salt.utils.args.get_function_argspec(original_function)
[DEBUG ] LazyLoaded user.info
[ERROR ] Command '['su', '-l', '<user>', '-c', "/usr/local/bin/bash -l -c 'cd -- /Users/<user> && { git ls-remote git@github.com:<repo>.git\n }'"]' failed with return code: 128
[ERROR ] stderr: git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
[ERROR ] retcode: 128
[DEBUG ] Removed identity file /tmp/__salt.tmp.5n5z96o9
[ERROR ] Failed to check remote refs: Unable to authenticate using identity file:
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
... The above command executes successfully when I remove the |
Description
When using
git.latest
I get a permission error if using theuser
parameter combined with theidentity
parameter.Edit: Looks like this only happens when I am trying to run this state against a minion that is running on the same machine as the master. This works fine if used on a minion running on another machine...
Setup
sls file that fails:
sls file that works (but clones/updates repo as root):
minion_user
is just a different user than root in this caseminion_home
is the above user's home directoryExpected behavior
The repo should be cloned/updated to latest correctly by the user specified using the
user
parameter.Versions Report
salt --versions-report
Additional context
This seems like it might be related to: #42550
The text was updated successfully, but these errors were encountered: