provider.oci: can not create client, bad configuration: did not find a proper configuration for private key

[hguetlin]

Terraform Version

```bash $ terraform -v Terraform v0.11.11 + provider.oci v3.14.1 ```

OCI Provider Version

```bash $ ./terraform-provider-oci_v3.14.1_x4 2019/02/07 10:19:43 [INFO] terraform-provider-oci 3.14.1 This binary is a plugin. These are not meant to be executed directly. Please execute the program that consumes these plugins, which will load any plugins automatically ```

My environment

- Ubuntu 18.04.1 - Default shell was dash, I switched then to bash. But the problem stays.

Description:

terraform init worked and downloaded the oci provider.
However terraform plan does always show the same error about not finding a proper configuration for the private key.

Extract from the debug log:

2019/02/07 10:38:57 [DEBUG] Starting graph walk: walkRefresh
2019-02-07T10:38:57.368+0100 [DEBUG] plugin.terraform-provider-oci_v3.14.1_x4: DEBUG 2019/02/07 10:38:57 client.go:185: Configuration provided by: {[Configuration provided by file: /home/hguetlin/snap/terraform/216/.oci/config Configuration provided by file: /home/hguetlin/snap/terraform/216/.oraclebmc/config Configuration provided by environment variables prefixed with: TF_VAR]}
2019/02/07 10:38:57 [ERROR] root: eval: *terraform.EvalConfigProvider, err: can not create client, bad configuration: did not find a proper configuration for private key
<...>
Error: Error refreshing state: 1 error(s) occurred:

2019-02-07T10:50:15.326+0100 [DEBUG] plugin.terraform-provider-oci_v3.14.1_x4: 2019/02/07 10:50:15 [ERR] plugin: plugin server: accept unix /tmp/plugin258371403: use of closed network connection
* provider.oci: can not create client, bad configuration: did not find a proper configuration for private key

- No matter how I configure the path to the private key (as default value in the .tf file, as TF_VAR_..., in terraform.tfvars), it's always the same error. The private key is there, readable only by the current user and has no passphrase. - I have tried with different keys, with passphrase, without passphrase, always the same. - The same error with oci provider version 3.14.0 which was downloaded automatically yesterday. Today I forced the upgrade to 3.14.1 by specifying version =">= 3.14.1" in the provider configuration - All the keys I have tried work perfectly with oci cli When not specifying the private_key_path in any file, only as an environment variable, there is an additional line in the debug output: *2019-02-07T10:50:15.325+0100 [DEBUG] plugin.terraform-provider-oci_v3.14.1_x4: DEBUG 2019/02/07 10:50:15 configuration.go:136: Can not read PrivateKey location from environment variable: TF_VAR_private_key_path* my environment variables in this case are: ```bash hguetlin@hg-w540:~/dev/oci$ env | grep TF_ TF_VAR_compartment_ocid=ocid1.compartment.oc1..a-xxxxx-da TF_VAR_region=eu-frankfurt-1 TF_VAR_private_key_path=/home/hguetlin/.oci/oci_api_key.pem TF_VAR_tenancy_ocid=ocid1.tenancy.oc1..a-xxxxx-aq TF_VAR_user_ocid=ocid1.user.oc1..a-xxxxx-uq TF_VAR_fingerprint=d1:-xxxxx-:d6 TF_VAR_ssh_public_key=ssh-rsa-xxxxxx ```

Terraform Plan

I execute this: TF_LOG=DEBUG OCI_GO_SDK_DEBUG=1 terraform plan > terra.log 2>&1 There is only one .tf file in my folder. The log file is also in below zip file. The oci cli can connect to oci with the same key specified here without problems. [oci-terraform-plan.zip](https://github.com/terraform-providers/terraform-provider-oci/files/2840129/oci-terraform-plan.zip)

[rramge]

Hi Hannes,

what happens when you copy your private key to a location within (or under) the terraform working directory and use this instead? For example a subdirectory /keys/

Regards,

Ralf

From: hguetlin notifications@github.com Sent: Thursday, February 7, 2019 11:09 AM To: terraform-providers/terraform-provider-oci terraform-provider-oci@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [terraform-providers/terraform-provider-oci] provider.oci: can not create client, bad configuration: did not find a proper configuration for private key (#709)

Terraform Version

$ terraform -v

Terraform v0.11.11

• provider.oci v3.14.1

OCI Provider Version

$ ./terraform-provider-oci_v3.14.1_x4

2019/02/07 10:19:43 [INFO] terraform-provider-oci 3.14.1

This binary is a plugin. These are not meant to be executed directly.

Please execute the program that consumes these plugins, which will

load any plugins automatically

My environment

• Ubuntu 18.04.1 - Default shell was dash, I switched then to bash. But the problem stays. Description:

terraform init worked and downloaded the oci provider. However terraform plan does always show the same error about not finding a proper configuration for the private key.

Extract from the debug log:

2019/02/07 10:38:57 [DEBUG] Starting graph walk: walkRefresh

2019-02-07T10:38:57.368+0100 [DEBUG] plugin.terraform-provider-oci_v3.14.1_x4: DEBUG 2019/02/07 10:38:57 client.go:185: Configuration provided by: {[Configuration provided by file: /home/hguetlin/snap/terraform/216/.oci/config Configuration provided by file: /home/hguetlin/snap/terraform/216/.oraclebmc/config Configuration provided by environment variables prefixed with: TF_VAR]}

2019/02/07 10:38:57 [ERROR] root: eval: *terraform.EvalConfigProvider, err: can not create client, bad configuration: did not find a proper configuration for private key

<...>

Error: Error refreshing state: 1 error(s) occurred:

2019-02-07T10:50:15.326+0100 [DEBUG] plugin.terraform-provider-oci_v3.14.1_x4: 2019/02/07 10:50:15 [ERR] plugin: plugin server: accept unix /tmp/plugin258371403: use of closed network connection

• provider.oci: can not create client, bad configuration: did not find a proper configuration for private key

  • No matter how I configure the path to the private key (as default value in the .tf file, as TFVAR..., in terraform.tfvars), it's always the same error. The private key is there, readable only by the current user and has no passphrase.
  • I have tried with different keys, with passphrase, without passphrase, always the same.
  • The same error with oci provider version 3.14.0 which was downloaded automatically yesterday. Today I forced the upgrade to 3.14.1 by specifying version =">= 3.14.1" in the provider configuration
  • All the keys I have tried work perfectly with oci cli

When not specifying the private_key_path in any file, only as an environment variable, there is an additional line in the debug output: 2019-02-07T10:50:15.325+0100 [DEBUG] plugin.terraform-provider-oci_v3.14.1_x4: DEBUG 2019/02/07 10:50:15 configuration.go:136: Can not read PrivateKey location from environment variable: TF_VAR_private_key_path

my environment variables in this case are:

hguetlin@hg-w540:~/dev/oci$ env | grep TF_

TF_VAR_compartment_ocid=ocid1.compartment.oc1..a-xxxxx-da

TF_VAR_region=eu-frankfurt-1

TF_VAR_private_key_path=/home/hguetlin/.oci/oci_api_key.pem

TF_VAR_tenancy_ocid=ocid1.tenancy.oc1..a-xxxxx-aq

TF_VAR_user_ocid=ocid1.user.oc1..a-xxxxx-uq

TF_VAR_fingerprint=d1:-xxxxx-:d6

TF_VAR_ssh_public_key=ssh-rsa-xxxxxx

Terraform Plan I execute this: TF_LOG=DEBUG OCI_GO_SDK_DEBUG=1 terraform plan > terra.log 2>&1

There is only one .tf file in my folder. The log file is also in below zip file. The oci cli can connect to oci with the same key specified here without problems.

oci-terraform-plan.ziphttps://github.com/terraform-providers/terraform-provider-oci/files/2840129/oci-terraform-plan.zip

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/terraform-providers/terraform-provider-oci/issues/709, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AZR8JxU3WsMTeekTiI9r5IvoNCruq_Mvks5vK_s0gaJpZM4am9ZX.

[hguetlin]

Thanks, Ralf, for the suggestion!

I now copied to keys to a subdirectories of the current dir named ".oci". The path to it is still fully qualified, as before, but now it works!

Strange enough this was not needed on my colleagues laptop running Oracle Linux. He has the same setup as I had before, two separate directory trees under the user directory holding the terraform config and the keys, and it works on his laptop.

Regards, Hannes

[rramge]

Hi Hannes,

• Strange enough this was not needed on my colleagues laptop running Oracle Linux

No, it’s always needed. Terraform expects all data to be within or below its working directory for security reasons. I am pretty sure that something has been different with your colleague’s setup, maybe he uses a soft link or a wrapper script.

Anyway, problem solved.

Cheers,

Ralf

From: hguetlin notifications@github.com Sent: Donnerstag, 7. Februar 2019 16:33 To: terraform-providers/terraform-provider-oci terraform-provider-oci@noreply.github.com Cc: Ralf Ramge ralf.ramge@ict.technology; Comment comment@noreply.github.com Subject: Re: [terraform-providers/terraform-provider-oci] provider.oci: can not create client, bad configuration: did not find a proper configuration for private key (#709)

Thanks, Ralf, for the suggestion!

I now copied to keys to a subdirectories of the current dir named ".oci". The path to it is still fully qualified, as before, but now it works!

Strange enough this was not needed on my colleagues laptop running Oracle Linux. He has the same setup as I had before, two separate directory trees under the user directory holding the terraform config and the keys, and it works on his laptop.

Regards, Hannes

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/terraform-providers/terraform-provider-oci/issues/709#issuecomment-461471880, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AZR8Jz3Aju4MYy0wuDWivYwY3HRfIIz0ks5vLEc8gaJpZM4am9ZX.

[rcohenma]

Looks like a solution to the problem has been found and this is not a an OCI Terraform Provider issue Closing

[MichaelKirgan]

Hi Hannes, * Strange enough this was not needed on my colleagues laptop running Oracle Linux No, it’s always needed. Terraform expects all data to be within or below its working directory for security reasons. I am pretty sure that something has been different with your colleague’s setup, maybe he uses a soft link or a wrapper script. Anyway, problem solved. Cheers, Ralf

I recently ran into this and it isn't always the case that it has to be within or below Terraform's working directory. For instance, if I run a local state file (on Linux Mint), I can and do start off having my api keys stored in my home directory under a directory called .oci (/home/myusername/.oci). My Terraform working directory is /home/myusername/Terraform/oci/project1

My Terraform working directory nor any of its sub-directories stores the key and it works fine. However, the moment I transitioned this project from a local state file to using an enhanced backend for a remote state file, then it suddenly broke and gave me the same error as reported in this thread. After that, I do have do what you suggest - create sub-directory within my Terraform working directory to store the keys - to make it work.

I am not fond of this requirement, as I do use git repositories, as most of you probably do. I like to keep sensitive information outside of any directory Git is tracking. Yes, I can use .gitignore to keep it from ending up in the repository, but things like this just shout the possibility of human error that could cause your keys to end up in a repository. I'd rather rule that possibility out by being allowed to store the key outside of Terraform's working directories - like I can when not using enhanced remote repositories.

[sivasobh]

HI Team,

I am new to terraform, I am getting similar issue

2021-12-16T13:04:46.320Z [WARN] ValidateProviderConfig from "provider[\"registry.terraform.io/hashicorp/oci\"]" changed the config value, but that value is unused 2021-12-16T13:04:46.322Z [DEBUG] provider.terraform-provider-oci_v4.57.0: DEBUG 2021/12/16 13:04:46.322672 provider.go:40 8: Configuration provided by: {[Configuration provided by file: /home/opc/.oci/config Configuration provided by file: /ho me/opc/.oraclebmc/config Configuration provided by environment variables prefixed with: TF_VAR]} 2021-12-16T13:04:46.323Z [ERROR] vertex "provider[\"registry.terraform.io/hashicorp/oci\"]" error: can not create client, bad configuration: did not find a proper configuration for private key 2021-12-16T13:04:46.323Z [INFO] backend/local: plan operation completed ╷ │ Error: can not create client, bad configuration: did not find a proper configuration for private key │ │ with provider["registry.terraform.io/hashicorp/oci"], │ on vcn.tf line 1, in provider "oci": │ 1: provider "oci" { │ ╵ 2021-12-16T13:04:46.326Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable des c = transport is closing" 2021-12-16T13:04:46.330Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashico rp/oci/4.57.0/linux_amd64/terraform-provider-oci_v4.57.0 pid=476981 2021-12-16T13:04:46.330Z [DEBUG] provider: plugin exited

My config dir is /home/opc/.oci/config Working dir is /home/opc/terraform/vcn

I have tried copying the key and config to working dir as well but not working

config has [opc@terraformserver vcn]$ cat /home/opc/.oci/config [DEFAULT] TF_VAR_user="ocid1.user.oc1..*" TF_VAR_fingerprint="***" TF_VAR_key_file="/home/opc/.oci/oci_api_key.pem" TF_VAR_tenancy="ocid1.tenancy.oc1.." TF_VAR_region="ap-mumbai-1"

Any suggestions ?

[hguetlin]

Hi Sivasobh I am not sure if the variable names in the config file require the prefix TFVAR This prefix is probably only mandatory for environment variables. Maybe you can try without the prefix, using exactly the variable name referenced in your .tf or .tfvar files.