Add ed25519 SSH Key support #14
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
jkroepke
requested review from
rswrz,
lixhunter and
Phil-Thoennissen
as code owners
rswrz
requested changes
Sep 19, 2024
There was a problem hiding this comment.
Thanks for this improvement. Please refer to our Terraform Module Style Guide.
Also, please run terraform-docs . to update the README.md file.
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
Signed-off-by: Roman Schwarz <rs@cloudeteer.de>
Signed-off-by: Roman Schwarz <rs@cloudeteer.de>
rswrz
approved these changes
Sep 19, 2024
There was a problem hiding this comment.
The azurerm provider at v3 does not support ssh-ed25519 SSH keys.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.111"
}
}
variables {
authentication_type = "SSH"
}$ terraform init -test-directory=tests/remote
Initializing the backend...
Initializing modules...
- test.tests.remote.main.setup_tests in tests/remote
Initializing provider plugins...
- Finding hashicorp/random versions matching ">= 3.0.0, ~> 3.0"...
- Finding hashicorp/tls versions matching ">= 4.0.0, ~> 4.0"...
- Finding azure/azapi versions matching ">= 1.14.0, ~> 1.14"...
- Finding hashicorp/azurerm versions matching ">= 3.111.0, ~> 3.111"...
- Installing hashicorp/random v3.6.3...
- Installed hashicorp/random v3.6.3 (signed by HashiCorp)
- Installing hashicorp/tls v4.0.6...
- Installed hashicorp/tls v4.0.6 (signed by HashiCorp)
- Installing azure/azapi v1.15.0...
- Installed azure/azapi v1.15.0 (signed by a HashiCorp partner, key ID 6F0B91BDE98478CF)
- Installing hashicorp/azurerm v3.116.0...
- Installed hashicorp/azurerm v3.116.0 (signed by HashiCorp)
$ terraform test -test-directory=tests/remote
tests/remote/main.tftest.hcl... in progress
run "setup_tests"... pass
run "deploy_module_linux_ssh"... fail
╷
│ Error: - the provided ssh-ed25519 SSH key is not supported. Only RSA SSH keys are supported by Azure
│
│ with azurerm_linux_virtual_machine.this[0],
│ on r-vm.tf line 7, in resource "azurerm_linux_virtual_machine" "this":
│ 7: resource "azurerm_linux_virtual_machine" "this" {
│
╵
tests/remote/main.tftest.hcl... tearing downThe time has come (pretty fast ;)) that we need to raise the minimum version to v4.1.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.1"
}
}
variables {
authentication_type = "SSH"
}$ terraform init -test-directory=tests/remote
Initializing the backend...
Initializing modules...
- test.tests.remote.main.setup_tests in tests/remote
Initializing provider plugins...
- Finding hashicorp/random versions matching ">= 3.0.0, ~> 3.0"...
- Finding hashicorp/tls versions matching ">= 4.0.0, ~> 4.0"...
- Finding azure/azapi versions matching ">= 1.14.0, ~> 1.14"...
- Finding hashicorp/azurerm versions matching ">= 3.111.0, ~> 4.1"...
- Installing hashicorp/random v3.6.3...
- Installed hashicorp/random v3.6.3 (signed by HashiCorp)
- Installing hashicorp/tls v4.0.6...
- Installed hashicorp/tls v4.0.6 (signed by HashiCorp)
- Installing azure/azapi v1.15.0...
- Installed azure/azapi v1.15.0 (signed by a HashiCorp partner, key ID 6F0B91BDE98478CF)
- Installing hashicorp/azurerm v4.2.0...
- Installed hashicorp/azurerm v4.2.0 (signed by HashiCorp)
$ terraform test -test-directory=tests/remote
tests/remote/main.tftest.hcl... in progress
run "setup_tests"... pass
run "deploy_module_linux_ssh"... pass
tests/remote/main.tftest.hcl... tearing down
tests/remote/main.tftest.hcl... pass
Success! 2 passed, 0 failed.We could keep the default key algorithm at RSA and stick with v3, but I think it is absolutely fine to go with v4 from here.
rswrz
requested changes
Sep 19, 2024
Signed-off-by: Roman Schwarz <rs@cloudeteer.de>
Signed-off-by: Roman Schwarz <rs@cloudeteer.de>
Signed-off-by: Roman Schwarz <rs@cloudeteer.de>
rswrz
previously approved these changes
Sep 19, 2024
Signed-off-by: Roman Schwarz <rs@cloudeteer.de>
|
The remote test is slow and somehow broken. I improved it in #20 and merged this changed here. Hopefully, now the test runs successfully. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
RSA keys are problematic in newer linux distros and should be avoided if possible.
Azure supports the usage of ED25519 keys which should be always prefer over RSA keys.
Ref: https://azure.microsoft.com/en-us/updates/v2/ssh-key-support-for-linux-vms