vmware/terraform-provider-vra

Error while installing vmware/vra v0.8.1: error checking signature: │ openpgp: key expired

lirany1 opened this issue · 6 comments

vRA Version

8.11.2

Terraform Version

1.6.0

vRA Terraform Provider Version

0.8.1

Expected Behavior

should deploy vm

Actual Behavior

terraform {
  required_version = ">= 1.6.0"
  required_providers {
    vra = {
      source  = "vmware/vra"
      version = "0.8.1"
    }
  }
}

provider vra {
  url           = "https://api.mgmt.cloud.vmware.com"
  refresh_token = "<valid token>"
  insecure      = false
}

resource "vra_deployment" "this" {
  name          = var.name
  description   = var.description

  catalog_item_id      = var.catalog_item_id
  project_id           = var.project_id

  inputs = {
   numLargeClu1  = var.numLargeClu1
   snapshotClu1  = var.snapshotClu1
   lease         = "1day"
   numSmallClu1  = var.numSmallClu1
   clu1_flavor1  = var.clu1_flavor1
   clu1_flavor2  = var.clu1_flavor2
   lb            = jsonencode({"lb": "lb-vra-pl-01"})
   imageClu1     = var.imageClu1
  }
  timeouts {
    create = "2h"
    delete = "2h"
  }
}
11:52:49  + terraform '-chdir=/automation-system-tests/workspace/testup/automation-system-tests/terraform_vra_single_cluster' init
11:52:49  
11:52:49  Initializing the backend...
11:52:49  
11:52:49  Initializing provider plugins...
11:52:49  - Finding vmware/vra versions matching "0.8.1"...
11:52:51  - Installing vmware/vra v0.8.1...
11:52:52  ╷
11:52:52  │ Error: Failed to install provider
11:52:52  │ 
11:52:52  │ Error while installing vmware/vra v0.8.1: error checking signature:
11:52:52  │ openpgp: key expired
11:52:52  ╵
11:52:52  

I was running into the same problem with vmware/vra and vmware/nsxt. I'm running in a github action on a local runner and the hashicorp/setup-terraform step was using update to latest. If I pinned this at v1.5.7, I could get a successful terraform init to run.

This seems to be something introduced in a later terraform version...likely v1.6.0.

It seems a change was introduced in terraform v1.6.0, see hashicorp/terraform#33984. I'm not sure at this point if we need to re-key our provider binaries or if terraform will publish a (temporary) fix. I'll keep an eye on that issue. In the meantime, as @kglueck stated, pin the terraform version to v1.5.7.

I just cut a new release v0.8.2 signed with an un-expired key. We'll verify it once the release is refreshed at the Terraform Registry.

Thanks but now getting this error:

terraform init

Initializing the backend...

Initializing provider plugins...
- Finding vmware/vra versions matching "0.8.2"...
╷
│ Error: Failed to query available provider packages
│ 
│ Could not retrieve the list of available versions for provider vmware/vra: no available releases match the given constraints 0.8.2
╵

The new version is not yet published at the Terraform Registry. Additionally, there seems to be a problem with the way the registry uses the signing key. I'd recommend sticking with terraform v1.5.7 or switching to v1.6.1. when released.

Terraform has released v1.6.1 which addresses the issue with the expired signing keys. Closing this issue.