search

hashicorp / terraform-provider-azure-classic

Terraform Azure Classic (Service Management) provider
https://www.terraform.io/docs/providers/azure/
Mozilla Public License 2.0
3 stars 11 forks source link

Get https://management.core.windows.net/<UUID>/services/networking/media: x509: certificate signed by unknown authority #26

Closed hashibot closed 6 years ago

hashibot commented 7 years ago

This issue was originally opened by @netvisao as hashicorp/terraform#11687. It was migrated here as part of the provider split. The original body of the issue is below.

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Affected Resource(s)

Please list the resources as a list, for example:

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

provider.tf
provider "azure" {
  publish_settings = "${file("~/.azure/credentials.publishsettings")}"
}

virtual_network.tf
resource "azure_virtual_network" "default" {
    name = "test-network"
    address_space = ["10.1.2.0/24"]
    location = "West US"

    subnet {
        name = "subnet1"
        address_prefix = "10.1.2.0/25"
    }
}

Debug Output

Get https://management.core.windows.net//services/networking/media: x509: certificate signed by unknown authority

Panic Output

azure_virtual_network.default: Creating... address_space.#: "" => "1" address_space.0: "" => "10.1.2.0/24" location: "" => "West US" name: "" => "test-network"

provider "azure" { subnet.#: "" => "1" subnet.1787288781.address_prefix: "" => "10.1.2.0/25" subnet.1787288781.name: "" => "subnet1" subnet.1787288781.security_group: "" => "" Error applying plan:

1 error(s) occurred:

Expected Behavior

There should be a way to allow insecure TLS traffic. Those who are behind enterprise TLS Terminating/MITM firewall cannot connect to the azure endpoint w/o skipping the CA validity. A suggested fix is to introduce provider.azure.insecure flag similar to the openstack.provider.insecure.

Actual Behavior

There is not a way to bypass CA validation, hence, using terraform w/ the azure provider is not possible for those who are using TLS Terminating/MITM firewall.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

Important Factoids

Running in an environment which is behind a MITM proxy.

vancluever commented 6 years ago

Hello!

Thank you for opening this issue and participating in the discussion. Today (December 19, 2017) we’ve announced the deprecation and archival of the Azure Classic Provider. Matching Microsoft’s commitment to gradually remove access to Azure Classic (or Service Management) which is outlined in this blog post, we are closing all open PR's and Issues here. This repository will remain available here on GitHub, but in an archived state, and no longer receiving support or new releases.

The Azure (Resource Manager) Provider remains fully supported and is our recommended approach for managing Azure with Terraform. More information about this process is available in the blog post linked above.

Thanks! The Terraform Team