Closed ehaselwanter closed 1 year ago
btw. it is possible to update the cert with a renewal to the api and get working RSA certs
curl -H "Authorization: Bearer $TF_VAR_dnsimple_token" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-X POST \
-d '{"auto_renew":true,"signature_algorithm":"RSA"}' \
https://api.dnsimple.com/v2/$TF_VAR_dnsimple_account/domains/the.domain/certificates/letsencrypt/123424/renewals
but quite as expected: this breaks subsequent terraform runs:
dnsimple_lets_encrypt_certificate.esx-3-dc1-cert: Refreshing state... [id=1422944]
dnsimple_lets_encrypt_certificate.esx-2-dc1-cert: Refreshing state... [id=1291760]
data.dnsimple_certificate.esx-3-dc1: Reading...
╷
│ Warning: Argument is deprecated
│
│ with dnsimple_lets_encrypt_certificate.esx-1-dc1-cert,
│ on main.tf line 33, in resource "dnsimple_lets_encrypt_certificate" "esx-1-dc1-cert":
│ 33: contact_id = var.dnsimple_contact_id
│
│ contact_id is deprecated and has no effect. The attribute will be removed
│ in the next major version.
│
│ (and 7 more similar warnings elsewhere)
╵
╷
│ Error: Plugin did not respond
│
│ with data.dnsimple_certificate.esx-3-dc1,
│ on outputs.tf line 1, in data "dnsimple_certificate" "esx-3-dc1":
│ 1: data "dnsimple_certificate" "esx-3-dc1" {
│
│ The plugin encountered an error, and failed to respond to the
│ plugin.(*GRPCProvider).ReadDataSource call. The plugin logs may contain
│ more details.
╵
Stack trace from the terraform-provider-dnsimple_v0.15.0 plugin:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xaca605]
goroutine 431 [running]:
github.com/terraform-providers/terraform-provider-dnsimple/dnsimple.dataSourceDNSimpleCertificateRead({0xd73a88, 0xc0007beba0}, 0x7f11ff489a68?, {0xb15f80?, 0xc000196d20})
github.com/terraform-providers/terraform-provider-dnsimple/dnsimple/datasource_dnsimple_certificate.go:71 +0x345
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc000318c40, {0xd73ac0, 0xc00080eed0}, 0xd?, {0xb15f80, 0xc000196d20})
github.com/hashicorp/terraform-plugin-sdk/v2@v2.17.0/helper/schema/resource.go:724 +0x12e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).ReadDataApply(0xc000318c40, {0xd73ac0, 0xc00080eed0}, 0xc000653500, {0xb15f80, 0xc000196d20})
github.com/hashicorp/terraform-plugin-sdk/v2@v2.17.0/helper/schema/resource.go:943 +0x145
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadDataSource(0xc0004e52d8, {0xd73a18?, 0xc0002b7140?}, 0xc0001a1e20)
github.com/hashicorp/terraform-plugin-sdk/v2@v2.17.0/helper/schema/grpc_provider.go:1179 +0x38f
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadDataSource(0xc0004403c0, {0xd73ac0?, 0xc00080e750?}, 0xc0001a4690)
github.com/hashicorp/terraform-plugin-go@v0.9.1/tfprotov5/tf5server/server.go:657 +0x41d
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadDataSource_Handler({0xc1c320?, 0xc0004403c0}, {0xd73ac0, 0xc00080e750}, 0xc0007be780, 0x0)
github.com/hashicorp/terraform-plugin-go@v0.9.1/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:421 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00032a8c0, {0xd77398, 0xc0002ba1a0}, 0xc00035cc60, 0xc0004ed830, 0x1212b70, 0x0)
google.golang.org/grpc@v1.46.0/server.go:1283 +0xcfe
google.golang.org/grpc.(*Server).handleStream(0xc00032a8c0, {0xd77398, 0xc0002ba1a0}, 0xc00035cc60, 0x0)
google.golang.org/grpc@v1.46.0/server.go:1620 +0xa2f
google.golang.org/grpc.(*Server).serveStreams.func1.2()
google.golang.org/grpc@v1.46.0/server.go:922 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
google.golang.org/grpc@v1.46.0/server.go:920 +0x28a
Error: The terraform-provider-dnsimple_v0.15.0 plugin crashed!
This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.
Operation failed: failed running terraform plan (exit 1)
@ehaselwanter thank you for reporting the issue. We've taken note and will work on extending the provider in the coming weeks.
The provider has been extended to support selecting which signature algorithm to use when issuing a let's encrypt certificate.
Now you can do:
resource "dnsimple_lets_encrypt_certificate" "esx-1-dc1-cert" {
domain_id = "xzy"
auto_renew = true
name = dnsimple_zone_record.esx-1-dc1.name
signature_algorithm = "RSA"
}
You can take a look at the resource documentation for an up to date information.
Closed by https://github.com/dnsimple/terraform-provider-dnsimple/pull/81
Hi there,
I need to able to order RSA type private keys for dnsimple_lets_encrypt_certificate. The API https://developer.dnsimple.com/v2/certificates/#issueRenewalLetsencryptCertificate states that is possible.
How can I either set the default to RSA or configure the Ressource to use RSA?
Terraform Version
Affected Resource(s)
Please list the resources as a list, for example:
If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
Expected Behavior
creates a RSA private key
Actual Behavior
creates a ECDSA private key.
Important Factoids
the default changed and breaker the deployment
References
By default, a certificate uses ECDSA signature algorithm, but RSA can be used as well if your specific scenario required it.