Closed Dan-Bai closed 8 months ago
luispresuelVenafi
commented
1 year ago Hello @Dan-Bai
Which version of TPP are you using? Did you happen to use same version of TPP when you changed versions of the Terraform provider? And by do you mean by retrieving? You mean to create a new venafi_certificate ? Or to import a new one.
Could you also share a template of your Terraform file?
Dan-Bai
commented
1 year ago Not sure of the TPP version, and suggestions on how to check this? I know the version stayed the same when I changed provider version.
The error it gave me was unable to retrieve: Unexpected status code on TPP Certificate Retrieval. Status: 401 Unauthorized. This ocurred during a terraform state refresh where I already created the certificate with the 0.16.1 version of venafi provider.
provider "venafi" {
url = ""
zone = ""
access_token = var.access_token
trust_bundle = file("../path")
}
terraform {
requried_providers {
venafi = {
source = "Venafi/venafi"
version = "0.16.1"
}
}
}
resource "venafi_certificate" "cert" {
common_name = var.common_name
algorithm = "RSA"
rsa_bits = var.rsa_bits
key_password = "randompass"
valid_days = 30
expiration_window = 300
san_dns = ["something.com"]
}Sure, to check TPP version, just after login, click on your account on the top right corner, there should be and about option. Click and it should display general info about your TPP instance:
So, what you did is to: -> upgrade to 16.1 -> issue a new certificate -> got error 401?
Is, by any chance, the access_token already expired?
Dan-Bai
commented
1 year ago The TPP version is 22.4.1.2245
Correction, this is what happend: -> on version 15.5 -> created the certificate -> upgrade to 1.61 -> ran terraform state refresh -> got error 401
Token is not expired as I can revert back to 15.5 and create new certificates still.
luispresuelVenafi
commented
1 year ago Hi there @Dan-Bai
Sorry for late response
Tested this and got no issue when updating from 0.15.5 to 0.16.1:
terraform {
required_providers {
venafi = {
source = "venafi/venafi"
version = "0.15.5"
}
}
required_version = ">= 0.15"
}
variable "tpp_url" {
type = string
}
variable "trust_bundle_path" {
type = string
}
variable "access_token" {
type = string
}
variable "zone" {
type = string
}
provider "venafi" {
url = var.tpp_url
zone = var.zone
access_token = var.access_token
trust_bundle = file(var.trust_bundle_path)
}
resource "venafi_certificate" "tls_server" {
common_name = "test.venafi.example"
san_dns = [
"test.venafi.example",
]
algorithm = "RSA"
rsa_bits = "2048"
key_password = "FooBarPass123"
valid_days = 30
expiration_window = 300
}
output "my_private_key" {
value = venafi_certificate.tls_server.private_key_pem
sensitive = true
}
output "my_certificate" {
value = venafi_certificate.tls_server.certificate
}
output "my_trust_chain" {
value = venafi_certificate.tls_server.chain
}
output "my_p12_keystore" {
value = venafi_certificate.tls_server.pkcs12
}Initializing Terraform provider:
Successfully initialized:
Finished certificate request:
Updating Terraform file to version 0.16.1:
Successfully upgraded to version 0.16.1:
Executing Terraform refresh:
Could do this process again from fresh start (creating cert with version 0.15.5, upgrading to 0.16.6) while getting the logs so you can paste them here and see better what is happening?
This is how you can enable them: https://medium.com/pareture/terraform-logging-d96bbcbf9db9
luispresuelVenafi
commented
1 year ago Hi there @Dan-Bai ,
just doing follow-up. Still facing issue?
luispresuelVenafi
commented
8 months ago Since it's been months and got not response and above we can see there's no issue, I'll be closing this issue
I am using TPP and the current set up works fine on 0.15.5 however the venafi_certificate returned 401 while retrieving an existing managed certificate after I upgraded venafi provider version from 0.15.5 to 0.16.1.
Would anyone be able to give guidance on this?