Missing legacy provider keys in OpenTofu Registry

[cam72cam]

Hello, I've been going through the organizations who have submitted provider keys in OpenTofu and saw that NewRelic only uploaded their latest key and not any keys for older versions. As people migrate their infrastructure over to OpenTofu they run into issues only having knowledge of the latest provider key for older releases.

Could you submit your legacy public keys at: https://github.com/opentofu/registry/issues/new/choose

Error while installing newrelic/newrelic v1.19.1: authentication signature
Error while installing newrelic/newrelic v1.20.0: authentication signature
...
Error while installing newrelic/newrelic v3.6.1: authentication signature
Error while installing newrelic/newrelic v3.7.0: authentication signature
Error while installing newrelic/newrelic v3.7.1: authentication signature
Error while installing newrelic/newrelic v3.8.0: authentication signature
Error while installing newrelic/newrelic v3.9.0: authentication signature

[pranav-new-relic]

Thanks for reporting this @cam72cam we'll take a look fairly soon 👍

[pranav-new-relic]

@cam72cam a question - I don't find this to be affecting running tofu init on older versions of the provider. When exactly is (or, do you think) this is an issue?

[cam72cam]

Here's the .tf file I'm using to reproduce this issue:

terraform {
        required_providers {
                newrelic = {
                        source = "newrelic/newrelic"
                        version = "3.0.3"
                }
        }
}

[pranav-new-relic]

👍 thanks for the catch. Looks like we've had quite a few updates to the GPG key over time, so it'll certainly take us a while to have the right keys identified and have them updated with OpenTofu.

I don't seem to also find an exact procedure to have legacy keys updated as well (with OpenTofu), so I'll try engaging in a conversation with an OpenTofu maintainer (who I'd initially reached out to, to have the latest GPG key merged).

Thanks for spotting this for us :)

[cam72cam]

You can use the standard "Submit a new provider key" at https://github.com/opentofu/registry/issues/new/choose. It will add the key to the list of valid keys for your organization.

Also, I'm the Tech Lead of OpenTofu, Hi!

I'll add a task to describe how keys are managed to make legacy keys a bit more clear!

[pranav-new-relic]

oops, how did I not know this (despite sifting through so many issues you'd created in other providers as well) - thanks so much for reaching out and helping us with this :)

[pranav-new-relic]

@cam72cam since we're at it - just so I'm clear on what to do - my understanding currently is as follows: with any GPG key I identify (corresponding to any old version of our provider), I should simply go ahead and request for having it added to the OpenTofu repository, just like I did via this issue https://github.com/opentofu/registry/issues/646 in the past. Is this correct? Thanks in advance for confirming :)

[cam72cam]

Correct!

[NSSPKrishna]

@cam72cam https://github.com/opentofu/registry/issues/691 opened an issue in the tofu registry to resolve this

[cam72cam]

Thanks for the submission, it looks like there may be additional keys that are needed. For example, 3.20.2, 3.5.0, 2.10.3 all don't work with the two keys that have been added so far.

[NSSPKrishna]

Hey @cam72cam, I have tried with 3.20.2 and it seems to be working fine (image below). I have found only 2 keys for our provider for all the versions(file attached below).

newrelic_gpg_map.txt