PROBLEM SUMMARY
We are using venafi-pki plugin within our organisation integrated to Enterprise HashiCorp Vault. As part of the pattern we offer, we allow users to create certificates within their respective application and environment with some controls and rbac built in using a veanfi pki role starting with appid-env.
path "venafi-pki/issue/appid-env-" {
capabilities = ["read", "list", "create", "update"]
required_parameters = ["common_name", "alt_names"]
}
The issue is if the user uses a role that doesn't exist, the plugin crashed with 500 error rather than failing gracefully with 404 not found error.
If a1234-test-cert1 role doesnt exist, the plugin will crash with 500 error.
Error: error creating certificate testcert.jira by a1234-test-cert1 for PKI secret backend "venafi-pki": Error making API request. URL: PUT https://vaultserver/v1/venafi-pki/issue/a1234-test-cert1 Code: 500. Errors: * 1 error occurred: * unexpected status code on TPP Authorize. Status: 400 Bad Request with module.certificate["testcert.jira"].vault_pki_secret_backend_cert.web-certificate[0] on .terraform/modules/certificate/vault.tf line 2, in resource "vault_pki_secret_backend_cert" "web-certificate": EXPECTED RESULTS
It should fail gracefully rather than crashing the plugin
ACTUAL RESULTS
It should display 404 not found or related error
ENVIRONMENT DETAILS
We are using Terraform for requesting certificate via Vault (which is integrated to TPP)
COMMENTS/WORKAROUNDS
If you use a role name that exists, it works as expected.
PROBLEM SUMMARY We are using venafi-pki plugin within our organisation integrated to Enterprise HashiCorp Vault. As part of the pattern we offer, we allow users to create certificates within their respective application and environment with some controls and rbac built in using a veanfi pki role starting with appid-env. path "venafi-pki/issue/appid-env-" { capabilities = ["read", "list", "create", "update"] required_parameters = ["common_name", "alt_names"] }
The issue is if the user uses a role that doesn't exist, the plugin crashed with 500 error rather than failing gracefully with 404 not found error.
STEPS TO REPRODUCE
Error: error creating certificate testcert.jira by a1234-test-cert1 for PKI secret backend "venafi-pki": Error making API request. URL: PUT https://vaultserver/v1/venafi-pki/issue/a1234-test-cert1 Code: 500. Errors: * 1 error occurred: * unexpected status code on TPP Authorize. Status: 400 Bad Request with module.certificate["testcert.jira"].vault_pki_secret_backend_cert.web-certificate[0] on .terraform/modules/certificate/vault.tf line 2, in resource "vault_pki_secret_backend_cert" "web-certificate":EXPECTED RESULTS It should fail gracefully rather than crashing the pluginACTUAL RESULTS It should display 404 not found or related error
ENVIRONMENT DETAILS We are using Terraform for requesting certificate via Vault (which is integrated to TPP)
COMMENTS/WORKAROUNDS If you use a role name that exists, it works as expected.