Open den-is opened 11 months ago
Hello, I have the same issue , in my ~/.ssh/config
:
Host github.com-work
HostName github.com
User git
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsa_passculture
But when I try to terragrunt plan
:
terragrunt plan
ERRO[0009] 1 error occurred:
* error downloading 'ssh://git@github.com/pass-culture/terraform-iam-module.git?ref=v0.3.0': /usr/bin/git exited with 128: Cloning into '/home/dka/workspace/github.com/pass-culture/infrastructure/terragrunt/gcp/passculture.app/projects/passculture-metier-ehp/iam/bindings/database-operations@passculture-metier-ehp.iam.gserviceaccount.com/.terragrunt-cache/x6MEuSbHq6F0DkT4ouqWwcnb5Pc/5WJFw-YYiKazfoQ7ur-215Tf4XU'...
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
ERRO[0009] Unable to determine underlying exit code, so Terragrunt will exit with error code 1
Any clue how to fix this terragrunt side ?
Hello, I suspect that may be invalid repo path since error is
ERROR: Repository not found.
fatal: Could not read from remote repository.
Usually, when credentials are invalid error is like:
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Simplified example which worked fine:
# ~/.ssh/config
Host github.com-work
HostName github.com
User git
AddKeysToAgent yes
IdentityFile ~/key
# terragrunt.hcl
terraform {
source = "git::git@github.com-work:denis256/terraform-test-module-private.git//modules/test-file?ref=v0.0.4"
}
$ terragrunt plan --terragrunt-log-level debug
DEBU[0000] Terragrunt Version: 0.53.2
DEBU[0000] Did not find any locals block: skipping evaluation.
DEBU[0000] Running command: terraform --version prefix=[/home/runner/work/proj]
DEBU[0000] terraform version: 1.6.3
DEBU[0000] Reading Terragrunt config file at /home/runner/work/proj/terragrunt.hcl
DEBU[0000] Did not find any locals block: skipping evaluation.
DEBU[0000] Did not find any locals block: skipping evaluation.
DEBU[0000] Downloading Terraform configurations from git::ssh://git@github.com-work/denis256/terraform-test-module-private.git?ref=v0.0.4 into /home/runner/work/proj/.terragrunt-cache/-XbQmm0QHEkIaLvL9Bh59nptzcM/XhWZ6BzxNeQB2PsK8ZcG47BfuPA
DEBU[0001] Copying files from /home/runner/work/proj into /home/runner/work/proj/.terragrunt-cache/-XbQmm0QHEkIaLvL9Bh59nptzcM/XhWZ6BzxNeQB2PsK8ZcG47BfuPA/modules/test-file
DEBU[0001] Setting working directory to /home/runner/work/proj/.terragrunt-cache/-XbQmm0QHEkIaLvL9Bh59nptzcM/XhWZ6BzxNeQB2PsK8ZcG47BfuPA/modules/test-file
DEBU[0001] Running command: terraform init prefix=[/home/runner/work/proj]
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of hashicorp/local from the dependency lock file
- Installing hashicorp/local v2.4.0...
- Installed hashicorp/local v2.4.0 (signed by HashiCorp)
Terraform has been successfully initialized!
I suspect that may be invalid repo path since error is
ERROR: Repository not found.
fatal: Could not read from remote repository.
I managed to clone by hand, using ssh-add and git clone, then I tried again with terragrunt and hit the same error. Also my other mates does not have the issue because they do not have a git config .
The repository is there and is working.
Standard, usual organizational private repo ssh_ed
git url that is hardcoded across hundreds of modules across the organization.
Maybe there is a difference between user's and organization's private repos ""visibility"".
If your simplified step works, that means that issue is with the missing gitconfig step.
Curious if it is possible to do debug outputs for terragrunt trying to pull src.
I just realised that in your answer https://github.com/gruntwork-io/terragrunt/issues/2777#issuecomment-1806413059, you edit the git url to append -work
, which is not something I want or can commit, as this config works only for me. Of course if I ssh-add and do that, it will work, but that is very inconvenient.
good catch The idea of gitconfig is to seamlessly substitute source URL, and then use connection settings from sshconfig
Hello,
my example with ~/.ssh/config
shows that Terragrunt uses configuration for github.com-work
for other cases, will be helpful to have example repos to see how the issue occurs
https://github.com/gruntwork-io/terragrunt/issues/2777#issuecomment-1803595293
Nobody here was questioning if terragrunt can pull over SSH.
Your "test" only shows that terragrunt (library that it uses) is respecting sshconfig
In opposite, Terragrunts logic (git library used by terragrunt) is not respecting ~/.gitconfig
for other cases, will be helpful to have example repos to see how the issue occurs
Well nobody is going to share their private/corporate repos with you.
Let me show how you can test it here (if the original configuration snippets were not enough):
mkdir ~/path/to/test/ ; cd ~/path/to/test/
ssh-keygen -t ed25519 -f "~/path/to/test/tempkey" -q -N "" -C "test-tg-ssh"
Deploy key
from cat testtgsshkey.pub
~/.gitconfig
add:
[includeIf "gitdir:~/path/to/test/"]
path = ~/path/to/test/.gitconfig
~/path/to/test/.gitconfig
with content:
[url "git@github.com-work"]
insteadOf = git@github.com
Host github.com-work
HostName github.com
IdentitiesOnly yes
IdentityFile ~/path/to/test/tempkey
git pull git@github.com:accountid/private-repo-name.git
terragrunt.hcl
source git@github.com:accountid/private-repo-name
. Without changing URL to git@github.com-work...
! :)An alternative use case- I just ran into this making a github action job and trying to use the job's own GITHUB_TOKEN oauth2 flow for checking out organization repos. The normal base config would involve something like:
git config --global url."https://github.com/your-organization".insteadOf "git::git@github.com/your-organization": git config --global http.https://github.com/.extraheader "AUTHORIZATION: bearer ${GITHUB_TOKEN}"
As of now I'm forced to create an ssh key as a secret and use that instead.
@den-is, Terragrunt, like Terraform, uses the go-getter library to clone repositories. The only difference may be the version, Terragrunt uses an older version. Try experimenting with Terraform configurations without Terragrunt. If it works, then it makes sense to update go-getter, otherwise there is no point in doing it if Terraform itself does not work with your ssh config the way you want.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for raising this issue.
/unstale
Describe the bug I have custom SSH and Gitconfigs configurations for various projects hosted on github.com Different projects use different SSH keys and/or git-related configs.
Global gitconfig
Project specific gitconfig
And finally SSH Config
So you can see that while I'm in a specific project's directory git@github.com by a custom host which is listed in my SSH config. This has worked like a charm for me for a multitude of different projects for many years. Feel free to use this workflow. :)
Worked until I have encountered issue in a terragrunt project that is sourcing TF module from another git repository, which is not public and belongs to an organization.
The error:
Expected behavior Respect global gitconfig to properly fetch/connect to repositories
Versions
Maybe this issue is similar https://github.com/hashicorp/terraform/issues/28968