Closed atsui-bay1 closed 3 weeks ago
Hi @atsui-bay1, great catch, thanks!
The API doesn't return the full certificates so we can't detect changes, but it does give us a hint as to whether a certificate is in place.
In your situation, as of 1.8.0, the provider detects if some certificate is in place and, if your configuration doesn't provide anything, the text "unknown certificate" is written into state, so your plan
would show something like:
- client_tls_certificates: ["unknown certificate"]
Hopefully that helps remedy your issue, please let us know how you get on!
Hi @JohnSharpe Thanks for the fix, it does solve our problem!
Terraform Version
Terraform v1.3.6
Affected Resource(s)
Please list the resources as a list, for example:
If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
Debug Output
Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
Panic Output
If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the
crash.log
.Expected Behavior
We enable mutualTLS and upload client certificates via a separate process, as we do not want the keys/certs to be added to the Terraform statefile. When we change an option through Terraform, these uploaded client certs are being removed from the database. This would be fine, except the
terraform plan
does NOT show that the client_ssl_certificate on the resource will be removed.Actual Behavior
The client certificates were removed silently from the database. The terraform plan should indicate that the certs will be removed as part of the apply.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
terraform apply
Important Factoids
Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?
References
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example: