search

akamai / terraform-provider-akamai

Terraform Akamai provider
https://www.terraform.io/docs/providers/akamai/
Mozilla Public License 2.0
109 stars 95 forks source link

DXE-3993 data.akamai_cps_csr returns could not get enrollment: fetching enrollment: request failed: unexpected EOF #562

Open landrew57 opened 1 week ago

landrew57 commented 1 week ago

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform and Akamai Terraform Provider Versions

$ terraform -v
Terraform v1.8.5
on darwin_arm64
+ provider registry.terraform.io/akamai/akamai v6.2.0

Affected Resource(s)

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

provider "akamai" {
  edgerc         = "~/.edgerc"
  config_section = "test"
}

data "akamai_cps_csr" "example" {
  enrollment_id = 82838
}

terraform {
  required_providers {
    akamai = {
      source  = "akamai/akamai"
      version = "6.2.0"
    }
  }
  required_version = ">= 1.0"
}

Debug Output

https://gist.github.com/landrew57/d83e17ddf1da4c70523ba714107e153e

Panic Output

Expected Behavior

A CSR should be returned

Actual Behavior

$ terraform plan
data.akamai_cps_csr.example: Reading...

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: could not get enrollment: fetching enrollment: request failed: unexpected EOF
│
│   with data.akamai_cps_csr.example,
│   on main.tf line 6, in data "akamai_cps_csr" "example":
│    6: data "akamai_cps_csr" "example" {
│
╵

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

Important Factoids

N/A

References

N/A

lsadlon commented 1 week ago

Hi @landrew57,

Thanks for reporting this issue. Could you verify if you get correct response trying to get enrollment (https://techdocs.akamai.com/cps/reference/get-enrollment) with some other tool, like postman?

BR, Lukasz

landrew57 commented 1 week ago

Hi @lsadlon, thanks for the prompt response!

I don't know what the correct response looks like, but by using httpie and doing

$ http :/cps/v2/enrollments/82838 'accept: application/vnd.akamai.cps.enrollment.v11+json' --auth-type edgegrid -a test:

With some values removed but all the keys present I get

{
    "adminContact": {
        "addressLineOne": null,
        "addressLineTwo": null,
        "city": null,
        "country": null,
        "email": "joe.bloggs@example.uk",
        "firstName": "joe",
        "lastName": "bloggs",
        "organizationName": null,
        "phone": "0123456890",
        "postalCode": null,
        "region": null,
        "title": null
    },
    "assignedSlots": [
        <slot>
    ],
    "autoRenewalStartTime": null,
    "certificateChainType": "default",
    "certificateType": "third-party",
    "changeManagement": true,
    "csr": {
        "c": "",
        "cn": "",
        "l": "",
        "o": "",
        "ou": null,
        "preferredTrustChain": null,
        "sans": [],
        "st": ""
    },
    "enableMultiStackedCertificates": true,
    "id": 82838,
    "location": "/cps/v2/enrollments/82838",
    "maxAllowedSanNames": 100,
    "maxAllowedWildcardSanNames": 100,
    "networkConfiguration": {
        "clientMutualAuthentication": {
            "authenticationOptions": {
                "ocsp": {
                    "enabled": false
                },
                "sendCaListToClient": true
            },
            "setId": null
        },
        "disallowedTlsVersions": [],
        "dnsNameSettings": {
            "cloneDnsNames": true,
            "dnsNames": []
        },
        "geography": "core",
        "mustHaveCiphers": "",
        "ocspStapling": "on",
        "preferredCiphers": "",
        "quicEnabled": false,
        "secureNetwork": "standard-tls",
        "sniOnly": true
    },
    "org": {
        "addressLineOne": "",
        "addressLineTwo": null,
        "city": "",
        "country": "",
        "name": "",
        "phone": "",
        "postalCode": "",
        "region": ""
    },
    "orgId": null,
    "pendingChanges": [
        {
            "changeType": "renewal",
            "location": "/cps/v2/enrollments/82838/changes/5111866"
        }
    ],
    "productionSlots": [
        42769
    ],
    "ra": "third-party",
    "signatureAlgorithm": null,
    "stagingSlots": [
        42769
    ],
    "techContact": {
        "addressLineOne": null,
        "addressLineTwo": null,
        "city": null,
        "country": null,
        "email": "",
        "firstName": "",
        "lastName": "",
        "organizationName": null,
        "phone": "",
        "postalCode": null,
        "region": null,
        "title": null
    },
    "thirdParty": {
        "excludeSans": false
    },
    "validationType": "third-party"
}
lsadlon commented 1 week ago

Hi @landrew57,

Thanks for additional info. We will investigate it and go back to you.

BR, Lukasz

landrew57 commented 1 week ago

We have an open support case in which I have linked to this issue: F-CS-8578308.

landrew57 commented 1 week ago

In that case Akamai pointed out that the enrollment id being used had mTLS enabled. When we tested with an enrollment that does not have mTLS enabled we did not see the issue.