Open sebastiencaty opened 3 days ago
Hey Sebastien,
Sorry that you’re experiencing these issues. I would recommend enabling debug and then going to the url in the browser to see the error that you get from the 403 (I believe terraform should show you the body - are you using an old version of terraform (pre-1?) as I believe this didn’t Show the response body)
Matt
Sent from my iPhone
On 1 Oct 2024, at 19:12, sebastiencaty @.***> wrote:
I've configured terrareg (v3.12) to force auth on all users and download. I have configured to following var :
PUBLIC_URL=https://internal.domain DOMAIN_NAME=internal.domain ADMIN_AUTHENTICATION_TOKEN=secret ALLOW_UNAUTHENTICATED_ACCESS=False TERRAFORM_PRESIGNED_URL_SECRET=secret TERRAFORM_OIDC_IDP_SUBJECT_ID_HASH_SALT=secret TERRAFORM_OIDC_IDP_SIGNING_KEY_PATH=/path/to/key.pem DISABLE_ANALYTICS=True ALLOW_MODULE_HOSTING=Enforce DEFAULT_TERRAFORM_VERSION=1.9.5 Got a few modules uploaded (using S3 for storage).
I can run the following command successfully : terraform login internal.domain. Browser pops up, I can login using the value from ADMIN_AUTHENTICATION_TOKEN and terraform sets the auth token properly in ~/.terraform.d/credentials.tfrc.json
However when running terraform init I get the following error message :
Error: Failed to download module Could not download module "module" from https://internal.domain/v1/terrareg/modules/namespace/module/provider/version/source.zip//modules/module?presign=xxxxxxxxxxxxxxxxxxxx: bad response code: 403. Without auth terraform init works fine but I wanted to required some auth quickly before going for OIDC.
Should this work? Am I missing some conf?
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.
This DEFAULT_TERRAFORM_VERSION=1.9.5
should set terraform to version 1.9.5?
Interresting, following the URL, I get a 404.
https://internal.domain/v1/terrareg/modules/namespace/module/provider/version/source.zip//modules/module?presign=xxxxxxxxxxxxxxxxxxxx
But this works (get a presign key error)
https://internal.domain/v1/terrareg/modules/namespace/module/provider/version/source.zip?presign=xxxxxxxxxxxxxxxxxxxx
If I set ALLOW_UNAUTHENTICATED_ACCESS=False
, then terraform init downloads the module and terraform plan works as expected.
URL not generated correctly?
I have used the terraform provider to create all the namespaces and modules. git_path is defined as : /modules/{module} git_tag_format : {version}
From the web interface everything looks good. I can see all namespaces/modules/version releases. Source code URL goes right to the module source, usage example looks good and works for unauthenticated access.
I’m afraid I’m travelling atm. But yes, that url is wrong. I think it was broken in a recent release so for now I think downgrading to URL not generated correctly For now I think downgrading to v3.7.1 should fix your issue, im afraid I’ll take a look at fixing tomorrow - apologies! Matt
Sent from my iPhone
On 2 Oct 2024, at 17:42, sebastiencaty @.***> wrote:
This DEFAULT_TERRAFORM_VERSION=1.9.5 should set terraform to version 1.9.5?
Interresting, following the URL, I get a 404.
But this works (get a presign key error)
If I set ALLOW_UNAUTHENTICATED_ACCESS=False, then terraform init downloads the module and terraform plan works as expected.
URL not generated correctly?
I have used the terraform provider to create all the namespaces and modules. git_path is defined as : /modules/{module} git_tag_format : {version}
From the web interface everything looks good. I can see all namespaces/modules/version releases. Source code URL goes right to the module source, usage example looks good and works for unauthenticated access.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.
For info, the generated url, I suspect, should be
…./download?signingkey=abcsnne//path/to/module As a result of the signing key being on the end, terraform is not treating the module path as such and is just passing it to the request to terrareg
Sent from my iPhone
On 2 Oct 2024, at 17:42, sebastiencaty @.***> wrote:
This DEFAULT_TERRAFORM_VERSION=1.9.5 should set terraform to version 1.9.5?
Interresting, following the URL, I get a 404.
But this works (get a presign key error)
If I set ALLOW_UNAUTHENTICATED_ACCESS=False, then terraform init downloads the module and terraform plan works as expected.
URL not generated correctly?
I have used the terraform provider to create all the namespaces and modules. git_path is defined as : /modules/{module} git_tag_format : {version}
From the web interface everything looks good. I can see all namespaces/modules/version releases. Source code URL goes right to the module source, usage example looks good and works for unauthenticated access.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.
Rolling back is a bit of a pain since the current database isn't backwards compatible to 3.7.1
I'll wait for when you get a chance to fix this. Happy to help debug and test.
I've configured terrareg (v3.12) to force auth on all users and download. I have configured to following var :
Got a few modules uploaded (using S3 for storage).
I can run the following command successfully :
terraform login internal.domain
. Browser pops up, I can login using the value fromADMIN_AUTHENTICATION_TOKEN
and terraform sets the auth token properly in~/.terraform.d/credentials.tfrc.json
However when running
terraform init
I get the following error message :Without auth terraform init works fine but I wanted to required some auth quickly before going for OIDC.
Should this work? Am I missing some conf?