PROBLEM SUMMARY
If you request a certificate with an expiration window greater than its duration will trigger an error that won't let to execute terraform plan or terraform plan -destroy. This is due to previous expected behavior to delegate to the user the correct input for the expiration_window and a certificate_duration that complies: expiration_window <= certificate_duration
STEPS TO REPRODUCE
Create a certificate request using the provider by not setting the valid_days (not setting the valid_days will traduce into setting zone default's valid_days), using a zone the default's valid_days are less than expiration_window (for this example let's assume 7 days and an expiration_window of 720hrs).
Run terraform apply. This will issue the certificate successfully.
Run either terraform plan or terraform plan -destroy that will result in:
Error: certificate validity duration 168h0m30s is less than configured expiration window 720h0m0s
EXPECTED RESULTS
The request shouldn't have occurred in the first place.
ACTUAL RESULTS
Certificate is enrolled leaving a bad state in the Terraform configuration file (a certificate that cannot be handled).
ENVIRONMENT DETAILS
VaaS
Venafi Terraform Provider version 0.15.2 (this applicable from first version)
COMMENTS/WORKAROUNDS
As mentioned above, this is due to previous expected behavior to delegate to the user the correct input for the expiration_window and a certificate_duration that complies: expiration_window <= certificate_duration. The workaround would be to abide the constraint of:
PROBLEM SUMMARY If you request a certificate with an expiration window greater than its duration will trigger an error that won't let to execute
terraform plan
orterraform plan -destroy
. This is due to previous expected behavior to delegate to the user the correct input for theexpiration_window
and acertificate_duration
that complies:expiration_window <= certificate_duration
STEPS TO REPRODUCE
expiration_window
(for this example let's assume 7 days and an expiration_window of 720hrs).terraform apply
. This will issue the certificate successfully.terraform plan
orterraform plan -destroy
that will result in:Error: certificate validity duration 168h0m30s is less than configured expiration window 720h0m0s
EXPECTED RESULTS The request shouldn't have occurred in the first place.
ACTUAL RESULTS Certificate is enrolled leaving a bad state in the Terraform configuration file (a certificate that cannot be handled).
ENVIRONMENT DETAILS VaaS Venafi Terraform Provider version 0.15.2 (this applicable from first version)
COMMENTS/WORKAROUNDS As mentioned above, this is due to previous expected behavior to delegate to the user the correct input for the
expiration_window
and acertificate_duration
that complies:expiration_window
<=certificate_duration
. The workaround would be to abide the constraint of:expiration_window <= certificate_duration
during certificate enroll.