Missing legacy provider keys in OpenTofu Registry
Closed this issue · 4 comments
Hello, I've been going through the organizations who have submitted provider keys in OpenTofu and saw the Jfrog only uploaded their latest key and not any keys for older versions. As people migrate their infrastructure over to OpenTofu they run into issues only having knowledge of the latest provider key for older releases.
Could you submit your legacy public keys at: https://github.com/opentofu/registry/issues/new/choose
Error while installing jfrog/artifactory v2.10.0: authentication signature
Error while installing jfrog/artifactory v2.10.1: authentication signature
Error while installing jfrog/artifactory v2.11.0: authentication signature
...
Error while installing jfrog/artifactory v10.1.5: authentication signature
Error while installing jfrog/artifactory v10.2.0: authentication signature
Error while installing jfrog/artifactory v10.3.0: authentication signature
Error while installing jfrog/artifactory v10.3.1: authentication signature
Error while installing jfrog/artifactory v10.3.2: authentication signature
Thanks!
@cam72cam Unfortunately this is not possible (AFAIK) with OpenTofu registry. It only allows one public key for the organization.
Terraform registry allows uploads of multiple public keys. This was how the older version of the Artifactory provider are still valid on Terraform registry. They were signed with the older key. The new key (which is used by all other JFrog providers, and recent Artifactory provider) is the one uploaded to OpenTofu.
Until OpenTofu registry supports multiple keys, there is nothing we can do at this point.
We've fixed this in the repo actions. Multiple keys are supported as of a few weeks ago!
I've run my validation tool, everything checks out 👍