Provider does not auth with \n in private_key

Tmanoche commented 1 month ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.7.5 on linux_amd64

provider registry.terraform.io/hashicorp/time v0.11.2 provider registry.terraform.io/oracle/oci v6.10.0

Affected Resource(s)

affected_resources = terraform

Terraform Configuration Files

terraform {
  required_version = ">= 1.7.0"
  required_providers {
    oci = {
      source                = "oracle/oci"
      version               = "6.10.0"
    }
  }

  cloud {
    organization = "[redacted]"
    workspaces {
      name = "temptest"
    }
  }
}

provider "oci" {
  region = "us-sanjose-1"
}

Debug Output

https://gist.github.com/Tmanoche/4641860c452e6794f040bfbc4851c637

Panic Output

Expected Behavior

We should be able to use an example private key format in our TF_VAR_private_key:

TF_VAR_private_key="-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----"

We cannot paste keys with actual new lines in Terraform Cloud, so we must use \n.

Actual Behavior

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: can not create client, bad configuration: did not find a proper configuration for private key
│ 
│   with provider["registry.terraform.io/oracle/oci"].oci-home,
│   on main.tf line 19, in provider "oci":
│   19: provider "oci" {
│ 
╵
╷
│ Error: can not create client, bad configuration: did not find a proper configuration for private key
│ 
│   with provider["registry.terraform.io/oracle/oci"],
│   on main.tf line 24, in provider "oci":
│   24: provider "oci" {
│ 
╵

Steps to Reproduce

Export all of the necessary variables for the OCI provider: TF_VAR_user_ocid TF_VAR_fingerprint TF_VAR_tenancy_ocid TF_VAR_private_key
Run Terraform Plan
You will encounter an auth error

Important Factoids

I tested provider changes locally to fix this issue.

I changed these lines: https://github.com/oracle/terraform-provider-oci/blob/master/internal/provider/provider.go#L553-L555

To:

    if privateKey, hasPrivateKey := p.D.GetOkExists(globalvar.PrivateKeyAttrName); hasPrivateKey {
        keyData := privateKey.(string)
        keyData = strings.ReplaceAll(keyData, "\\n", "\n") // Ensure \n is replaced by actual newlines
        return oci_common.PrivateKeyFromBytes([]byte(keyData), &password)
    }

References

tf-oci-pub commented 1 month ago

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

vsin12 commented 1 month ago

@Tmanoche - Did you try the same thing using private_key_path?

vsin12 commented 1 month ago

I don't think we can assume //n new lines in the key and replace the key content. I would recommend to use path instead so that you don't have to modify the key content.

vsin12 commented 1 month ago

https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm#APIKeyAuth

oracle / terraform-provider-oci