Closed MarioUhrik closed 1 year ago
Hi @MarioUhrik , thank you for reaching out!
We confirmed this issue is happening in TPP side (not issue on VaaS side) and is due to how it behaves with certificates objects. Since when trying to create 3 certificates with the same common_name
at the same time, we are stressing the issuance in TPP with the same certificate object since they all three try to get the same name that you would normally see in the portal. This was designed in order to follow best practices. The fact that you got wrong certificates in state shouldn't have happened, that is another bug we are going look for to get fix along with the fix for this situation.
We are currently going to be adding the option to pass the object name in those cases in an upcoming release.
PROBLEM SUMMARY When I try to create multiple certificates using the same hostname, the private keys are generated incorrectly and
terraform plan
starts failing every run until the Terraform state file is manually repaired.STEPS TO REPRODUCE
terraform apply
where the "for each" spawns 3 counts ofauth_cert
EXPECTED RESULTS I get 3 valid certificates resources and no issues.
ACTUAL RESULTS
The private key and the certificate are compared to each other during each
terraform plan/apply/destroy
run, and this mismatch is detected here: https://github.com/Venafi/terraform-provider-venafi/blob/master/venafi/resource_venafi_certificate.go#L323 throwing this error message, and failing the run:This is particularly nasty, because it locks you out of most standard Terraform commands.
ENVIRONMENT DETAILS
COMMENTS/WORKAROUNDS The only recovery is to remove the offending certificate resources from the Terraform state.
Thanks to @samuelstolicny @miroslavkohutik for finding and diagnosing the bug.