小贝子编程

Terraform自定义提供商GPG问题



祝你一切顺利。

我正在写一个使用Go的API,可以类似于terraform提供程序协议

所以我已经有两个端点在我的本地机器上通过HTTPS工作:

  • https://myapi:9000/v1/provider/:namespace/:type/versions
  • https://myapi:9000/v1/provider/:namespace/:type/:version/download/:os/:arch

比如这些完整的端点:

  • https://myapi:9000/v1/provider/myprovider/custom/versions
  • https://myapi:9000/v1/provider/myprovider/custom/0.1.0/download/linux/amd64

所以我有下一个。tf。json文件:

{
"module": {
"linux": {
"source": "myapi:9000/v1/module/mymodule/custom",
"version": "0.1.2"
}
}
}

使用这两个文件

  1. provider.tf.json
provider "mycustomprovider" {
username = "abc"
password = "def"
host = "yjk"
}
  • versions.tf.json
    • terraform {
required_providers {
mycustomprovider = {
source: "myapi:9000/v1/myprovider/custom",
version: "0.1.0"
}
}
required_version = ">=1.0.2"
}

    然后我简单地运行:terraform init来获取我的资产。

    所以,当我得到我的自定义模块,这工作得很好。输出(模块下载):

    Initializing modules...
Downloading myapi:9000/mymodule/custom/gnu 0.1.2 for linux...
- linux in .terraform/modules/linux
Initializing the backend...

    但是当我得到我的提供者时,我有这个错误:

    Initializing provider plugins...
- Finding myapi:9000:9000/myprovider/custom versions matching "0.1.0"...
- Installing myapi:9000:9000/myprovider/custom v0.1.0...
╷
│ Error: Failed to install provider
│ 
│ Error while installing myapi:9000/myprovider/custom v0.1.0: error checking signature:
│ openpgp: invalid data: tag byte does not have MSB set

    所以,我的提供者versions端点正在工作。这就是为什么terraform能够识别我的提供程序的版本。

    问题应该在我的download端点上。

    在讨论这个端点之前,我想添加一些上下文,我正在使用localstack运行一个S3客户机,并通过ngrok公开它。这两件事工作,我可以上传或下载文件没有问题。

    Terraform定制提供程序应该有三个文件(据我所知):

    1. zip格式的提供程序(如他们的示例)
    2. 一个provider_SHA256SUMS文件,其中包含每个提供商zip文件的shaasums(在这种情况下,我只有一个)
    3. 一个provider_SHA256SUMS.sig,用来识别provider_SHA256SUMS文件的完整性。

    为了得到这些文件,我运行这些命令:

    provider_SHA256SUMS

    $ sha256sum 0.1.0.zip > 0.1.0_SHA256SUMS

    provider_SHA256SUMS

    $ gpg --gen-key # generating a new key
$ gpg --armor --output 0.1.0_SHA256SUMS.sig --detach-sig 0.1.0_SHA256SUMS

    端点的响应是这样的。(gpg信息只是样本数据,这里没有真正的警告)

    {
"protocols": [
"5.0"
],
"os": "linux",
"arch": "amd64",
"filename": "0.1.0.zip",
"download_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0.zip",
"shasums_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0_SHA256SUMS",
"shasums_signature_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0_SHA256SUMS.sig",
"shasum": "1dd61b508aad0d65b32c71159775e409fd618adc5ba945cc2eebb42f29e085d3",
"signing_keys": {
"gpg_public_keys": [
{
"key_id": "9F21EA3C1C9F793C",
"ascii_armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----nnmQGNBGEuvh8BDADyT3JLsSqnSLk0I2MrFPJgCvCYpPFsFJgfDx2EwL7TGGDeslaNndoOq05X+9vKyM6qQ1jQmpfS5dzsQIsHtUlsU0nphS21ZvYm10aZUt3dXxlMwu2IsnSO+q8O4WSMXclIsBUyhzP6TMQ7nISXHundVx7b/S/bEYucOIMeYmqg1PKId55U4Gn7y/8W6mmzX6NvF97fRyN37fBqvx8q2SxT5iB3C2Sbfd7i/sMvjC0tQOBv1EKh3RNncElP5NlJbv58Ysz+UTU21EPkkvPH4pLuUcB9/0uwzi5y/268EWTy3+UlWnoh12dsnESZFgijzUsdvOmCOZkdd5X1Radzr+6VKVXHHIprKgO5AlvjFoLQK0NzzMiXjhyUFnk9plo7kET4dy9ztySJYutx5eNMJInF5mYKNdH3H36ThXAIPptAu8WJjCtYok78C5nilpv7cTiM9F5g7SlxnKU+xFmbzhSnYxth9DEhrO9ufliT1Df76iuqpc8B79sUtUHnWvf7QIgkL6HtL5MAEQEAAbQYbXlhcGkgPG15YXBpQGN1c3RvbS5jb20+iQHUBBMBnCgA+FiEEbk3GwdLc9Ypn5Wg9nyHqPByfeTwFAmEuvh8CGwMFCQPCZwAFCwkIBwIGnFQoJCAsCBBYCAwECHgECF4AACgkQnyHqPByfeTzfQgwAyqcGJFbU2zN45F/2ECBsnE6vYbfk9qRXpvU6PWodE0t5sqcxY2Oz0r29OGaW5mDyZRE+zRGir4yQki3RqI6vYnh66uTWMybUV6qipv3qXHIqbSn3H/ss4Tuf9C2//Pz/LpMKiMiJilpXyCy8F8l504nEsm+PU3CtNioNZCkoeH6kJWkjXDGQWQK58R4SFRfHcJMa03+gyPgv5Ba593/zGqhnl2GmmwbAJHcnSH1EBAulcd48nQCMOYuvIqa40CDOhcz+rIlqivvP6KVX+qmRVmaVnY1u391a40wfaRomuk46JCKFQVeElAZ4tac8UaOv2x0GOBzIw7/1CwulN2VvojiEJnVj0Q6sZ/K7+dU4H7NLQ1aIN+Vv3t7VIISu3wzraCT5c1aduH4YLio83W9rS4EcRjnHmej5JG4B16HOMMrM1caq+cVPyymCzblEShplCdmQ7qcYOqvRYW8ewVPNqWJSTiRnC/Kpq1N8OOKdG0Th8ja4jfRkfexloCdUOlSOKktK8uU+uQGNBGEuvh8BDADOMUX3nxatbgt4sArBKNlnZWrZZCRFHxzeGaZsY9EsNY6D722iGoU40iYs6ky08bOQT/g8OnFSooA6DKNhxVCM/r99rsiYrNIzT9s/ywKmUb6JipgAiGpd5W9lBAB/u6pQ039ni2nQI+5cYZ+8i6v2b6oOGdnym8p2K14O+keAh7Z6aOnpb8YIq3B7khtcO+oHvp820sBnOa0hlMs39qQHkG70ybAe0HdcZAhXVVSmrN6EdDZ8SZmRSAVbiv84a9t5b8swNhxZnT3csxqdAWbz3GOCIUmmaJUYOdGYLwAc2BnsRyxzNq66H962uK9hygrDrjJSpNnxUn/VdXcRxYZcLqUHGPMds/gqwr/30JmXlkPqbG/3v4D+wy5OFsr+uquK4helqhJdQ9nfOWrMyUxShZhZ476YURn1VbaF4a5x5zi2OBSxYK9VjSfAedisMtvsRIxOMgU0eXTnNkRaTBoQTX2ZiVjy0fwVeHgNIuPsszQRokRZ2zFttC+tU5x/ffayBU3qZhUAEQEAnAYkBvAQYAQoAJhYhBG5NxsHS3PWKZ+VoPZ8h6jwcn3k8BQJhLr4fAhsMBQkDwmcAnAAoJEJ8h6jwcn3k8QU4MAJetwC4o/F9m0tJKO6DYqX5bsnGlp1u3oyG0ATvSvT9EnBTxbQlpcIOrJ16Be/92SmfVaGbbqWywqjkNgK7s08Zbbk7WONZyAg8NR5/b5Cgi9ncJrR73dbDnijvhjDkAAn414+M57DG65tPt1vlXDqa8LSQobDdszn1i/ugvqxqj1yn6NmFvVPxor67n9r67Iq4PzWF3WK7tosPUaTbFczbS2xS4sINPCEddb2Ima5cixL0nh2pni/jonYo4RCWmUvpMx48CevgXFCzWOGdaOSI75MklcaH4IBe2EFaCbN3IUMlAnHI2TOuR0KXsX0R3jzmDzVJkXaXWMqPjcFlxvXuMTE4ooI6DiBN7+2xAqfYOURmy1nwjfWwCVR3OaPY2cGvxWPnIz2mtKjhRIaYwfzDVdR5vlSU/YwkJUv11P6Y8YPX7jwnRYVFtTkd7qghjvWMBMpABTxYWxvd74EgUUnYOfoei97nKOnb3loj+XdoZeGCmyL7nCZWzoNTMkeFkob1UkxIe+Q==n=wZDIn-----END PGP PUBLIC KEY BLOCK-----"
}
]
}
}

    响应中的shasumprop应该是与提供者zip文件对应的shasum,它也可以在provider_SHA256SUMS文件中找到。

    要获得key_idascii_armor道具,我运行以下命令:

    $ gpg --list-secret-keys --keyid-format=long ## key_id
$ gpg --armor --export <MY_KEYID> > public.gpg ## export to public key to base64
$ cat public.gpg | sed -E ':a;N;$!ba;s/r{0,1}n/\n/g' ## one-lined ascii_armor
    <<p>

    短问题/strong>我用gpg键做错了什么来得到这个错误?是我缺少步伐,还是我做错了什么?

    openpgp: invalid data: tag byte does not have MSB set

    ——更新

    这就是我如何在Go中构建响应:

    我没有把完整的代码,因为我认为问题是与KeyIDASCIIArmor属性。

    可以看到:ShasumKeyIDASCIIArmor是硬编码的

    response := ProviderDownloadResponse{
Protocols:           protocols,
Os:                  os,
Arch:                arch,
Filename:            filename,
DownloadURL:         downloadURL,
ShasumsURL:          SHASUMsURL,
ShasumsSignatureURL: SHASUMSSignatureURL,
Shasum:              "1dd61b508aad0d65b32c71159775e409fd618adc5ba945cc2eebb42f29e085d3",
SigningKeys: SigningKeys{
GpgPublicKeys: []GPGPublicKey{
{
KeyID:      "9F21EA3C1C9F793C",
ASCIIArmor: "-----BEGIN PGP PUBLIC KEY BLOCK-----nnmQGNBGEuvh8BDADyT3JLsSqnSLk0I2MrFPJgCvCYpPFsFJgfDx2EwL7TGGDeslaNndoOq05X+9vKyM6qQ1jQmpfS5dzsQIsHtUlsU0nphS21ZvYm10aZUt3dXxlMwu2IsnSO+q8O4WSMXclIsBUyhzP6TMQ7nISXHundVx7b/S/bEYucOIMeYmqg1PKId55U4Gn7y/8W6mmzX6NvF97fRyN37fBqvx8q2SxT5iB3C2Sbfd7i/sMvjC0tQOBv1EKh3RNncElP5NlJbv58Ysz+UTU21EPkkvPH4pLuUcB9/0uwzi5y/268EWTy3+UlWnoh12dsnESZFgijzUsdvOmCOZkdd5X1Radzr+6VKVXHHIprKgO5AlvjFoLQK0NzzMiXjhyUFnk9plo7kET4dy9ztySJYutx5eNMJInF5mYKNdH3H36ThXAIPptAu8WJjCtYok78C5nilpv7cTiM9F5g7SlxnKU+xFmbzhSnYxth9DEhrO9ufliT1Df76iuqpc8B79sUtUHnWvf7QIgkL6HtL5MAEQEAAbQYbXlhcGkgPG15YXBpQGN1c3RvbS5jb20+iQHUBBMBnCgA+FiEEbk3GwdLc9Ypn5Wg9nyHqPByfeTwFAmEuvh8CGwMFCQPCZwAFCwkIBwIGnFQoJCAsCBBYCAwECHgECF4AACgkQnyHqPByfeTzfQgwAyqcGJFbU2zN45F/2ECBsnE6vYbfk9qRXpvU6PWodE0t5sqcxY2Oz0r29OGaW5mDyZRE+zRGir4yQki3RqI6vYnh66uTWMybUV6qipv3qXHIqbSn3H/ss4Tuf9C2//Pz/LpMKiMiJilpXyCy8F8l504nEsm+PU3CtNioNZCkoeH6kJWkjXDGQWQK58R4SFRfHcJMa03+gyPgv5Ba593/zGqhnl2GmmwbAJHcnSH1EBAulcd48nQCMOYuvIqa40CDOhcz+rIlqivvP6KVX+qmRVmaVnY1u391a40wfaRomuk46JCKFQVeElAZ4tac8UaOv2x0GOBzIw7/1CwulN2VvojiEJnVj0Q6sZ/K7+dU4H7NLQ1aIN+Vv3t7VIISu3wzraCT5c1aduH4YLio83W9rS4EcRjnHmej5JG4B16HOMMrM1caq+cVPyymCzblEShplCdmQ7qcYOqvRYW8ewVPNqWJSTiRnC/Kpq1N8OOKdG0Th8ja4jfRkfexloCdUOlSOKktK8uU+uQGNBGEuvh8BDADOMUX3nxatbgt4sArBKNlnZWrZZCRFHxzeGaZsY9EsNY6D722iGoU40iYs6ky08bOQT/g8OnFSooA6DKNhxVCM/r99rsiYrNIzT9s/ywKmUb6JipgAiGpd5W9lBAB/u6pQ039ni2nQI+5cYZ+8i6v2b6oOGdnym8p2K14O+keAh7Z6aOnpb8YIq3B7khtcO+oHvp820sBnOa0hlMs39qQHkG70ybAe0HdcZAhXVVSmrN6EdDZ8SZmRSAVbiv84a9t5b8swNhxZnT3csxqdAWbz3GOCIUmmaJUYOdGYLwAc2BnsRyxzNq66H962uK9hygrDrjJSpNnxUn/VdXcRxYZcLqUHGPMds/gqwr/30JmXlkPqbG/3v4D+wy5OFsr+uquK4helqhJdQ9nfOWrMyUxShZhZ476YURn1VbaF4a5x5zi2OBSxYK9VjSfAedisMtvsRIxOMgU0eXTnNkRaTBoQTX2ZiVjy0fwVeHgNIuPsszQRokRZ2zFttC+tU5x/ffayBU3qZhUAEQEAnAYkBvAQYAQoAJhYhBG5NxsHS3PWKZ+VoPZ8h6jwcn3k8BQJhLr4fAhsMBQkDwmcAnAAoJEJ8h6jwcn3k8QU4MAJetwC4o/F9m0tJKO6DYqX5bsnGlp1u3oyG0ATvSvT9EnBTxbQlpcIOrJ16Be/92SmfVaGbbqWywqjkNgK7s08Zbbk7WONZyAg8NR5/b5Cgi9ncJrR73dbDnijvhjDkAAn414+M57DG65tPt1vlXDqa8LSQobDdszn1i/ugvqxqj1yn6NmFvVPxor67n9r67Iq4PzWF3WK7tosPUaTbFczbS2xS4sINPCEddb2Ima5cixL0nh2pni/jonYo4RCWmUvpMx48CevgXFCzWOGdaOSI75MklcaH4IBe2EFaCbN3IUMlAnHI2TOuR0KXsX0R3jzmDzVJkXaXWMqPjcFlxvXuMTE4ooI6DiBN7+2xAqfYOURmy1nwjfWwCVR3OaPY2cGvxWPnIz2mtKjhRIaYwfzDVdR5vlSU/YwkJUv11P6Y8YPX7jwnRYVFtTkd7qghjvWMBMpABTxYWxvd74EgUUnYOfoei97nKOnb3loj+XdoZeGCmyL7nCZWzoNTMkeFkob1UkxIe+Q==n=wZDIn-----END PGP PUBLIC KEY BLOCK-----",
},
},
},
}

    terraform使用的x/crypto/openpgp不支持读取装甲消息,参见问题,这就是错误的来源。

    shasums_signature_url归档文档提及:

    二进制,分离GPG签名

    另外,请参见手动准备发布文档

    这是一个有效的GPG二进制(非ASCII铠装)签名

    所以你应该尝试签名没有--armor标志。

    相关内容

    最新更新


    热门标签:

    javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium