Broken 12/14/21: Error installing provider "external": openpgp: signature made by unknown entity #92
Comments
zbornstein
changed the title
zbornstein
changed the title
|
@zbornstein I've used this as a temporary workaround (0.11.8) : |
|
Hi everyone 👋 Thank you for raising this issue and apologies for the unexpected behavior with the new v2.1.1 release. 😖 I'm going to begin looking into this right now and will report back my findings. If the new release is causing issues in your environment, it should be possible to pin to the last version as mentioned above. For Terraform CLI 0.13 and later: terraform {
# ... potentially other configuration ...
required_providers {
# ... potentially other providers ...
external = {
source = "hashicorp/external"
version = "2.1.0"
}
}
}For Terraform CLI 0.12: provider "external" {
version = "2.1.0"
} |
This version worked for me for now, where v2.1.0 did not. |
|
Hi again 👋 Since version 2.0.0 of this provider, only Terraform CLI version 0.12 and later is officially supported for new releases. Older versions of Terraform CLI should pin to the last 1.x release as @theredcat pointed out: provider "external" {
version = "1.2.0"
}While we don't officially support Terraform CLI versions 0.11 and earlier anymore, I was able to replicate the issue using Terraform CLI 0.11.14 and pinning to the new release: provider "external" {
version = "2.1.1"
}
data "external" "test" {
program = ["echo", "{\"key\": \"value\"}"]
}
output "test" {
value = "${data.external.test.results}"
}$ terraform0.11.14 init
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
Error installing provider "external": openpgp: signature made by unknown entity.
Terraform analyses the configuration and state and automatically downloads
plugins for the providers used. However, when attempting to download this
plugin an unexpected error occured.
This may be caused if for some reason Terraform is unable to reach the
plugin repository. The repository may be unreachable if access is blocked
by a firewall.
If automatic installation is not possible or desirable in your environment,
you may alternatively manually install plugins by downloading a suitable
distribution package and placing the plugin's executable file in the
following directory:
terraform.d/plugins/darwin_amd64The failure is related to a release GPG rotation that occurred last year. Specifically, there are instructions for Terraform, which recommend upgrading to Terraform CLI version 0.11.15, if you are using the 0.11 minor version. When doing so, it will report a more expected error if attempting to use the new version: $ terraform0.11.15 init
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
No available provider "external" plugins are compatible with this Terraform version.
From time to time, new Terraform major releases can change the requirements for
plugins such that older plugins become incompatible.
Terraform checked all of the plugin versions matching the given constraint:
2.1.1
Unfortunately, none of the suitable versions are compatible with this version
of Terraform. If you have recently upgraded Terraform, it may be necessary to
move to a newer major release of this provider. Alternatively, if you are
attempting to upgrade the provider to a new major version you may need to
also upgrade Terraform to support the new version.
Consult the documentation for this provider for more information on
compatibility between provider versions and Terraform versions.For completeness, I was also able to verify the signatures were expected: $ gpg --verify terraform-provider-external_2.1.1_SHA256SUMS.sig terraform-provider-external_2.1.1_SHA256SUMS
gpg: Signature made Tue Dec 14 12:34:11 2021 EST
gpg: using RSA key B36CBA91A2C0730C435FC280B0B441097685B676
gpg: Good signature from "HashiCorp Security (hashicorp.com/security) <security@hashicorp.com>" [full]It's not immediately clear why Terraform CLI 0.11 may select an incompatible provider version and attempt to use it if not using version pinning, as our Terraform specific HTTP headers should be preventing that situation same as the previous 2.1.0 release of the provider: $ curl -I --silent https://releases.hashicorp.com/terraform-provider-external/1.2.0/terraform-provider-external_1.2.0_linux_amd64.zip | grep 'x-terraform'
x-terraform-protocol-version: 4
x-terraform-protocol-versions: 4.0, 5.0
$ curl -I --silent https://releases.hashicorp.com/terraform-provider-external/2.1.0/terraform-provider-external_2.1.0_linux_amd64.zip | grep 'x-terraform'
x-terraform-protocol-version: 5
x-terraform-protocol-versions: 5.0
$ curl -I --silent https://releases.hashicorp.com/terraform-provider-external/2.1.1/terraform-provider-external_2.1.1_linux_amd64.zip | grep 'x-terraform'
x-terraform-protocol-version: 5
x-terraform-protocol-versions: 5.0So our best recommendations at this point would be upgrading to Terraform CLI 0.11.15 and pinning to version 1.2.0 of the provider until environments can be upgraded to newer versions of Terraform CLI. Since this issue relates to a Terraform CLI we no longer officially support, I'm going to close this issue out. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Hi there -- I have been a daily user of terraform and today we hit an odd issue without any change to our template files or infrastructure.
Terraform Version
Terraform v0.11.14
AWS Provider v2.70
and
Terraform v0.12.31
AWS Provider v2.70
Debug Output
https://gist.github.com/zbornstein/c8c98081b2ab7234ec5bfdfda0dc9234
Expected Behavior
Normal Execution
Actual Behavior
Execution Failure
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform initOther github issues in terraform point to connectivity issues to download, but I have ruled that out -- and those errors highlight provider "aws" not provider "external". Would the recently published release have any impact to me today?
The text was updated successfully, but these errors were encountered: