Closed pchanvallon closed 9 months ago
Thanks @pchanvallon
Rebuilt Terraform ACME provider with replace github.com/go-acme/lego/v4 v4.14.2 => github.com/pchanvallon/lego/v4 v4.0.0-20231018073353-c97089b94e14
Did not work and got 401 at first
Then included AZURE_AUTH_METHOD="oidc"
and it worked!
* _(Terraform Cloud exports "ARM_USE_OIDC" = "true"
instead but that is okay)_
resource "acme_certificate" "certificate" {
account_key_pem = acme_registration.registration.account_key_pem
common_name = var.certificate_common_name
subject_alternative_names = []
disable_complete_propagation = true
dns_challenge {
provider = "azuredns"
config = {
AZURE_RESOURCE_GROUP = var.certificate_dns_challenge_azure_resource_group_name
AZURE_AUTH_METHOD="oidc"
}
}
}
Also, I added these here to the provider since Terraform Cloud exports them as ARM
rather than AZURE
. I guess the provider maintainers will know more.
"ARM_OIDC_REQUEST_TOKEN": "AZURE_OIDC_REQUEST_TOKEN",
"ARM_OIDC_REQUEST_URL": "AZURE_OIDC_REQUEST_URL",
"ARM_OIDC_TOKEN": "AZURE_OIDC_TOKEN",
"ARM_OIDC_TOKEN_FILE_PATH": "AZURE_OIDC_TOKEN_FILE_PATH",
Hello @stmcx, Thank you for your feedback. Yes we will have to request this change in acme TF provider after the lib update to finalize the integration.
@ldez @pchanvallon @stmcx do you know when this will be released please ?
Hello,
Here is the implementation for the OIDC authentication support (fixes #2027).
I was able to test the integration with GitHub actions workflows, but not with Terraform cloud. @stmcx, can you try that this is also working in your use case ?
Thanks.