Provider does not auth with \n in private_key

Tmanoche commented 2 months ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.7.5 on linux_amd64

provider registry.terraform.io/hashicorp/time v0.11.2
provider registry.terraform.io/oracle/oci v5.46.0

Affected Resource(s)

affected_resources = terraform

Terraform Configuration Files

terraform {
  required_version = ">= 1.7.0"
  required_providers {
    oci = {
      source                = "oracle/oci"
      version               = "5.46.0"
    }
  }

  cloud {
    organization = "[redacted]"
    workspaces {
      name = "temptest"
    }
  }
}

provider "oci" {
  region = "us-sanjose-1"
}

Debug Output

https://gist.github.com/Tmanoche/4641860c452e6794f040bfbc4851c637

Panic Output

Expected Behavior

We should be able to use an example private key format in our TF_VAR_private_key:

TF_VAR_private_key="-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----"

We cannot paste keys with actual new lines in Terraform Cloud, so we must use \n.

Actual Behavior

Error:

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: can not create client, bad configuration: did not find a proper configuration for private key
│ 
│   with provider["registry.terraform.io/oracle/oci"].oci-home,
│   on main.tf line 19, in provider "oci":
│   19: provider "oci" {
│ 
╵
╷
│ Error: can not create client, bad configuration: did not find a proper configuration for private key
│ 
│   with provider["registry.terraform.io/oracle/oci"],
│   on main.tf line 24, in provider "oci":
│   24: provider "oci" {
│ 
╵

Steps to Reproduce

Export all of the necessary variables for the OCI provider: TF_VAR_user_ocid TF_VAR_fingerprint TF_VAR_tenancy_ocid TF_VAR_private_key
Run terraform plan.
You will run into an auth error.

Important Factoids

I tested provider changes locally to fix this issue.

I changed these lines: https://github.com/oracle/terraform-provider-oci/blob/master/internal/provider/provider.go#L553-L555

To:

    if privateKey, hasPrivateKey := p.D.GetOkExists(globalvar.PrivateKeyAttrName); hasPrivateKey {
        keyData := privateKey.(string)
        keyData = strings.ReplaceAll(keyData, "\\n", "\n") // Ensure \n is replaced by actual newlines
        return oci_common.PrivateKeyFromBytes([]byte(keyData), &password)
    }

When I run terraform plan with a dev config pointing to my updated test provider, the private key is able to auth just fine. When I point back to the latest OCI provider, it fails. All with the same environment/env vars.

References

tf-oci-pub commented 2 months ago

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format. Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform. Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

Tmanoche commented 2 months ago

Updated with affected resources

Tmanoche commented 1 month ago

I added

affected_resources = terraform

How do I get this to triage properly?

oracle / terraform-provider-oci