Git submodule error: Permission denied (publickey)

Terraform HCP Terraform
1

We are setting up Terraform Cloud with a git repo (repo-a) that has two git submodules in it (repo-b and repo-c). I know the key works, because the submodule statements below are correct and have clearly been read from the .gitmodules file inside of repo-a. So we can read one repo at least. But there seems to be a problem with reading the submodules.

We did the following:

  • We created a fresh RSA SSH key
  • Attached the key to BitBucket in our account where repo-a, repo-b and repo-c are stored
  • Attached the key to our Terraform Cloud account under OrganizationSettings/Security/SSH Keys
  • Created a workspace and attached it to repo-a for the directory with the TF stack in it
  • Set the SSH Key in the Workspace under WorkspaceSettings/SSH Key so that it pointed to the same key installed above
  • Set the “Include submodules on clone” option to true under WorkspaceSettings/VersionControl
  • Ran Action/StartNewRun and we get this message:
Error: failed to retrieve configuration
Retrieving the configuration version failed with the error: Internal error: SIC-001.

Failed to ingress slug: Failed to clone: Failed updating submodules: exit status 1
Output: Submodule 'repo-b' (git@bitbucket.org:my-company/repo-b.git) registered for path 'repo-b'
Submodule 'repo-c' (git@bitbucket.org:my-company/repo-c.git) registered for path 'repo-c'
Cloning into '/local/slug-ingress3554444444/clone/repo-b'...
Warning: Permanently added 'bitbucket.org' (RSA) to the list of known hosts.
git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of 'git@bitbucket.org:my-company/repo-b.git' into submodule path '/local/slug-ingress3554497898/clone/repo-b' failed
Failed to clone 'repo-b'. Retry scheduled
Cloning into '/local/slug-ingress3554444444/clone/repo-c'...
Warning: Permanently added 'bitbucket.org' (RSA) to the list of known hosts.
git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.

The .gitmodules file is:

[submodule "repo-c"]
	path = repo-c
	url = git@bitbucket.org:my-company/repo-c.git
[submodule "repo-b"]
	path = repo-b
	url = git@bitbucket.org:my-company/repo-b.git

It seems that there is a problem using the SSH key with the submodules.
Any recommendations?

3

I thought I found the fix, but didn’t. Problem still unresolved.

4

Ok, I think I found it this time. The problem was that the workspace name is repo-a, but the prefix was repo_a. Sigh.

5

Nope. Its back. This issue is a mess. Somehow during my testing at the command-line, the “Include submodules on clone” option was set to False under WorkspaceSettings/VersionControl. Now, when I turn it back on. The “Permission denied” error is back.