-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can this provider use an ED25519 key as a deploy key to talk to a repo? #385
Comments
Any updates on this? We are able to deploy argocd with a key which fails to parse in the argocd terraform setup. This is blocking our effort to move our argocd bootstrap to terraform |
Let me take a look at it... |
I can reproduce the issue with the following procedure: kind create cluster --name argocd
kubectl create namespace argocd
kubectl apply -f https://github.com/argoproj/argo-cd/raw/refs/tags/v2.12.4/manifests/install.yaml -n argocd
ssh-keygen -t ed25519 -C "Argo CD Testing" Using this terraform snippet: terraform {
required_providers {
argocd = {
source = "oboukili/argocd"
version = "6.1.1"
}
}
}
variable "ssh_key" {
type = string
description = "PEM encoded ssh key to use"
}
variable "argocd_password" {
type = string
description = "Argo CD Admin password"
}
provider "argocd" {
port_forward_with_namespace = "argocd"
username = "admin"
password = var.argocd_password
kubernetes {
config_context = "kind-argocd"
}
}
resource "argocd_repository" "test_repo" {
repo = "[email protected]:the-technat/the-technat.git"
username = "git"
ssh_private_key = var.ssh_key
insecure = true
} And then running: export TF_VAR_argocd_password="$(kubectl -n argocd get secrets argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)"
export TF_VAR_ssh_key="<ed25519 private key>"
terraform init
terraform apply -auto-approve The following points have been observed:
=> This must be an issue in the validate function of the ssh_key param. I can see that the used |
Really strange, when I set the private key without "", it seems to work. @Vermyndax can you validate in which format you set the variable for the private key and try to change something on the format? Maybe try setting the variable for your private key without quotation marks like so: |
Terraform Version, ArgoCD Provider Version and ArgoCD Version
Terraform configuration
var.helm_charts_private_key does not have a default value. It is supplied during GitHub Actions from a GitHub Secret.
Question
I'm trying to use an ed25519 deploy key for ssh access to the repository. The key exists in the "deploy keys" portion of the repository already. I'm trying to configure our ArgoCD cluster via the provider to talk to the repo. I've supplied the ed25519 private key into GitHub Secrets and verified that the value is being passed into the var.helm_charts_private_key variable.
Does the provider accept deploy keys as ed25519?
It seems when hitting the ParseSshKey method, openssh doesn't like it:
Error: ssh_private_key: invalid ssh private key: ssh: no key found
...during terraform plan step.
The text was updated successfully, but these errors were encountered: