安装提供程序“aws”时出错:openpgp:未知实体签名
我正在使用 terraform 版本 0.11.13,今天下午我在terraform init步骤中收到以下错误这是否意味着我必须升级 terraform 版本,aws 提供程序是否弃用了此版本?
完整日志:
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
[1mInitializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
Error installing provider "aws": openpgp: signature made by unknown entity.
Terraform analyses the configuration and state and automatically downloads
plugins for the providers used. However, when attempting to download this
plugin an unexpected error occured.
This may be caused if for some reason Terraform is unable to reach the
plugin repository. The repository may be unreachable if access is blocked
by a firewall.
If automatic installation is not possible or desirable in your environment,
you may alternatively manually install plugins by downloading a suitable
distribution package and placing the plugin's executable file in the
following directory:
terraform.d/plugins/linux_amd64
回答
HashiCorp 已将其发布签名密钥轮换为HCSEC-2021-12的一部分
例如,对于 terraform 0.11.x,您可以将aws版本设置为v2.70.0
provider "aws" {
region = "us-east-1"
version = "v2.70.0"
}
其他版本可以查看:https : //registry.terraform.io/providers/hashicorp/aws/latest/docs
回答
用于发布签名和验证的 GPG 密钥已轮换。Terraform 的新版本使用此更新的密钥来验证官方提供者,并且官方提供者版本将使用此密钥进行签名。
更多关于
- This happened on Terraform's side @femeloper because of a security issue: https://discuss.hashicorp.com/t/hcsec-2021-12-codecov-security-event-and-hashicorp-gpg-key-exposure/23512
回答
Hashicorp 已使用新的 GPG 密钥重新签名,作为内部安全票的一部分
要解决此问题,请转至新版本的 Terraform - 这已在0.11.15中修复,您应该升级到此版本。这应该不会影响其他任何事情,因为只有很小的变化。
- For MacOs users: `brew upgrade terraform@0.11`