provider does not support ed25519 ssh keys while azure does.

jkroepke commented 1 month ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.0

AzureRM Provider Version

3.101.0

Affected Resource(s)/Data Source(s)

azurerm_linux_virtual_machine

Terraform Configuration Files

Debug Output/Panic Output

Expected Behaviour

The Terraform provider should support ed25519 keys like the portal does

Actual Behaviour

There is an local validation which is not in sync with the Azure capabilities

https://github.com/hashicorp/terraform-provider-azurerm/blob/e5efc92cda078405c8ea74ec5c00311f52278115/internal/services/compute/validate/ssh_key.go#L38-L39

Steps to Reproduce

No response

Important Factoids

No response

References

https://azure.microsoft.com/en-us/updates/v2/SSH-Key-Support-for-Linux-VMs

ms-zhenhua commented 1 month ago

@jkroepke, thank you reporting this issue. I have created a new PR to support this new type of SSH key.

makkes commented 1 month ago

I don't want to hijack this issue but thought it might be related to what I experienced today where I wasn't able to use an Ed25519 public key for an AKS node pool (https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#ssh_key):

│ Kubernetes Cluster Name: "dev"): managedclusters.ManagedClustersClient#CreateOrUpdate: 
Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameter" Message="The 
value of parameter linuxProfile.ssh.publicKeys.keyData is invalid. Please see https://aka.ms/
aks-naming-rules for more details." Target="linuxProfile.ssh.publicKeys.keyData"

It looks like the validation mentioned in the issue description isn't applied here but the value is rather directly passed to the Azure API. My understanding is that Azure supports Ed25519 keys now but maybe the API is different?!

jkroepke commented 1 month ago

@makkes If Azure says, the feature is released for VMs doesn't mean that the feature is availible for Kubernetes Worker Pools.

makkes commented 1 month ago

Yes, I'm really not sure about that and as I said it might just be the case that Ed25519 is not supported for AKS node pools. I guess I'll have to open an issue over at https://github.com/Azure/AKS/ to get clarity on that. 🤔

makkes commented 1 month ago

https://github.com/Azure/AKS/issues/4431

magodo commented 5 days ago

Fixed by #27202

hashicorp / terraform-provider-azurerm