Terraform: Unable to clone modules from public github repositories ("Permission denied (publickey)")

Created on 18 Jul 2019  ยท  3Comments  ยท  Source: hashicorp/terraform

I'm getting weird "permission denied" failures when terraform init tries to download modules from github. I'm calling them weird, because the repositories are public (so why does it need my public key in the first place?) and i can git clone them manually without problems (so why does it fail when terraform fails?).

Details below.

Terraform Version

ฮป terraform -v
Terraform v0.12.4

Terraform Configuration Files

module "vpc" {
  source     = "git::[email protected]:cloudposse/terraform-aws-vpc?ref=tags/0.7.0"
  namespace  = "${var.application}"
  stage      = "${var.environment}"
  name       = "vpc"
  cidr_block = "10.0.0.0/16"
  tags       = "${local.common_tags}"
}

Debug Output

(relevant parts extracted:)

2019/07/18 10:32:52 [DEBUG] Module installer: begin vpc
2019/07/18 10:32:52 [TRACE] ModuleInstaller: vpc is not yet installed
2019/07/18 10:32:52 [TRACE] ModuleInstaller: cleaning directory .terraform\modules\vpc prior to install of vpc
Downloa2019/07/18 10:32:52 [TRACE] ModuleInstaller: vpc address "git::[email protected]:cloudposse/terraform-aws-vpc?ref=tags/0.7.0" will be handled by go-getter
2019/07/18 10:32:52 [DEBUG] will download "git::[email protected]:cloudposse/terraform-aws-vpc?ref=tags/0.7.0" to .terraform\modules\vpc
2019/07/18 10:32:52 [TRACE] go-getter detectors rewrote "git::[email protected]:cloudposse/terraform-aws-vpc?ref=tags/0.7.0" to "git::ssh://[email protected]/cloudposse/terraform-aws-vpc?ref=tags%2F0.7.0"
2019/07/18 10:32:52 [TRACE] fetching "git::ssh://[email protected]/cloudposse/terraform-aws-vpc?ref=tags%2F0.7.0" to ".terraform\\modules\\vpc"
ding git::[email protected]:cloudposse/terraform-aws-vpc?ref=tags/0.7.0 for vpc...
2019/07/18 10:32:53 [TRACE] modsdir: writing modules manifest to .terraform\modules\modules.json

Error: Failed to download module

Could not download module "vpc" (main.tf:47) source code from
"git::[email protected]:cloudposse/terraform-aws-vpc?ref=tags/0.7.0": error
downloading
'ssh://[email protected]/cloudposse/terraform-aws-vpc?ref=tags%2F0.7.0':
C:\Users\Tomas Aschan\scoop\shims\git.exe exited with 128: Cloning into
'.terraform\modules\vpc'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Expected Behavior

Terraform should have initialized my modules.

Actual Behavior

Terraform failed to initialize my modules

Steps to Reproduce

  1. terraform init

Additional Context

I figured this could be some issue with my git setup, but if I cd into the .terraform/modules folder and try to git clone [email protected]:cloudpasse/terraform-aws-vpc vpc it works without a hitch.

question
Source
picture tomasaschan

Most helpful comment

@teamterraform Sorry, but I think this is actually a but in Terraform, specifically in how it communicates with Git on how to download the modules.

After tinkering around a little and talking to a colleague for whom this was working, I've been able to get it working on my machine as well. This is what I had to do:

  1. Change the module source declaration to use https instead of ssh (i.e. source = "git::https://github.com/cloudpasse/terraform-aws-vpc.git?ref=tags/0.7.0")
  2. Comment out the global git config I had on my machine that translates https repo references on Github to SSH references.

Once I did that, terraform init manages to download the modules correctly.

Since I could git clone the repo manually, and ssh-add -l lists my key correctly, I think this indicates that something is broken in how Terraform communicates with git to download git repositories over ssh.

picture tomasaschan on 18 Jul 2019
👍2

All 3 comments

Hello! :robot:

We use GitHub issues for tracking bugs and enhancements rather than for questions. While we can sometimes help with certain simple problems here, it's better to use the community forum where there are more people ready to help. The GitHub issues here are monitored only by our few core maintainers.

Since this issue doesn't represent a specific bug or feature request, I'm going to close it. Please do feel free to ask your question in the community forum. Thanks!

teamterraform picture teamterraform on 18 Jul 2019

@teamterraform Sorry, but I think this is actually a but in Terraform, specifically in how it communicates with Git on how to download the modules.

After tinkering around a little and talking to a colleague for whom this was working, I've been able to get it working on my machine as well. This is what I had to do:

  1. Change the module source declaration to use https instead of ssh (i.e. source = "git::https://github.com/cloudpasse/terraform-aws-vpc.git?ref=tags/0.7.0")
  2. Comment out the global git config I had on my machine that translates https repo references on Github to SSH references.

Once I did that, terraform init manages to download the modules correctly.

Since I could git clone the repo manually, and ssh-add -l lists my key correctly, I think this indicates that something is broken in how Terraform communicates with git to download git repositories over ssh.

tomasaschan picture tomasaschan on 18 Jul 2019
👍2

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 18 Aug 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rkulagowski picture rkulagowski  ยท  3Comments
allomov picture allomov  ยท  3Comments
franklinwise picture franklinwise  ยท  3Comments
shanmugakarna picture shanmugakarna  ยท  3Comments
jrnt30 picture jrnt30  ยท  3Comments