Closed scoffeyfv closed 2 weeks ago
I think this may need a change in github.com/f5devcentral/go-bigip/sys.go unfortunately as we are leveraging UploadCertificate(certpath string, cert *Certificate) from there, and that combines both the upload and adding the cert object, and takes the filename for the upload from cert.Name. So either that needs modifying to make the file upload unique (good practice)... or we could implement the cert upload/add within the provider locally.
Hi,
Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1552.
Summary
If using the bigip_ssl_key_cert resource to create a SSL keypair, the same name can not be used for cert and key object. Doing so results in error on apply: "Certificate/Key has unknown format or security type (/Common/testpair2)". It is valid to use the same name, and indeed if you create a keypair in the BIG-IP TMUI, both cert and key have the same name, so this should be possible via Terraform.
Steps To Reproduce
Create a resource such as:
Attempt to apply.
Expected Behavior
Apply should be successful, with SSL cert and SSK key created with name "keypair1"
Actual Behavior
Apply fails with error:
Inspecting resource_bigip_ssl_key_cert.go func resourceBigipSSLKeyCertCreate shows that the order of actions for creating key and cert is the issue, combined with the file upload using the object name.
Observation
Use of transaction for adding the key/cert will not be compatible with using the same filename for key and cert, because the immediate action of file uploads must always occur before the transaction commits, and of course if we use the same filename, the cert file will over-write the key file. So, we must use different filenames for upload but find a way to still support having the same object name for key and cert.