How can I get terraforms extern to execute ssh-keygen -y -f ~/.ssh/id_rsa?

I seem to be confused about how external works. I tried:

This gives me:

failed to execute "ssh-keygen": ~/.ssh/id_rsa: No such file or directory

Which presumably happens because ~ expansion doesn't. ssh-keygen -y -f ~/.ssh/id_rsa works normally. So instead I tried invoking bash like:

I'm still getting the same issue. I realize I can just pass the output as a var to terraform from the outside, but I'm still curious what the solution is.

Answer

Why insisting in using ~ where you can use $HOME? @Tensibai Good point, it's just habit. :P I still don't understand why calling bash won't end up doing the expansion though. Maybe because there's no or invalid login when Terraform execute the command? But external is supposed to be an interaction with the remote machine, not running a command on the remote machine from what I understand from the documentation. I'm not sure to really understand what you're trying to achieve in fact. @Tensibai External runs local programs, it doesn't imply interaction with anything remote. It's an external data source relative to terraforms execution environment, not relative to the machine terraform runs on. "external is a special provider that exists to provide an interface between Terraform and external programs." I'm just getting the public key for the local private key, the public key doesn't exist on the machine I'm running terraform on. So that's just a XY problem, getting the key in a difficult manner instead of extracting it once for all in a file and using this file as usual... @Tensibai What is a XY problem? Like I mentioned in my question, I can solve the issue just fine by passing it as a variable from the outside. I wanted to understand *why* I couldn't solve it in the manner I first tried. The why is simply because the external protocol waits a json output to be used later: "The program must then produce a valid JSON object on stdout, which will be used to populate the result attribute exported to the rest of the Terraform configuration. " (quoted from the documentation). ssh-keygen doesn't output a json object I mean that running ssh-keygen -y -f ~/.ssh/id\_rsa > ~/.ssh/id\_rsa.pub outside of terraform and using this .pub file in terraform would be far easier IMHO. And your second try doesn't work because the query block content will be passed as a json file to your program, bash doesn't read arguments from json, so as the documentation show you should create a script to aprse the input json, run the command and then format the output to be json format.