search

hashicorp / terraform-provider-tls

Utility provider that works with Transport Layer Security keys and certificates. It provides resources that allow private keys, certificates and certficate requests to be created as part of a Terraform deployment.
https://registry.terraform.io/providers/hashicorp/tls/latest
Mozilla Public License 2.0
181 stars 103 forks source link

Gitlab fingerprint on TLSv4.0.2 different with TLSv3.4.0 #288

Open OlesYudin opened 1 year ago

OlesYudin commented 1 year ago

Terraform CLI and Provider Versions

Previously I use TLS 3.4.0 version of Terraform provider, but now switch to 4.0.2 version and I confused because I get different value but expect the same result. I need to get fingerprint of Gitlab. If I execute some CLI command I will get this "golden" result:

openssl s_client -servername gitlab.com -showcerts -connect gitlab.com:443
openssl x509 -in certificate.crt -fingerprint -noout

OUTPUT: SHA1 Fingerprint=B3:DD:76:06:D2:B5:A8:B4:A1:37:71:DB:EC:C9:EE:1C:EC:AF:A3:8A # b3dd..a38a it is right result

When I use tls v.3.4.0

terraform {
  required_version = ">= 1.2.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.4.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "= 3.4.0"
    }
  }
}
data "tls_certificate" "gitlab" {
  url = "https://gitlab.com"
}
output "tls" {
  value = data.tls_certificate.gitlab.certificates[*].sha1_fingerprint
}
OUTPUT: b3dd7606d2b5a8b4a13771dbecc9ee1cecafa38a - it is right result

When I use tls v.4.0.2

terraform {
  required_version = ">= 1.2.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.4.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "= 4.0.2"
    }
  }
}
data "tls_certificate" "gitlab" {
  url = "https://gitlab.com"
}
output "tls" {
  value = data.tls_certificate.gitlab.certificates[*].sha1_fingerprint
}
OUTPUT:2284b06c017cfa97e2846c6e0821233f0d6a9aeb - not right result

Terraform Configuration

terraform {
  required_version = ">= 1.2.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.4.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "= 3.4.0"
      #version = "= 4.0.2" # Bug here
    }
  }
}
data "tls_certificate" "gitlab" {
  url = "https://gitlab.com"
}
output "tls" {
  value = data.tls_certificate.gitlab.certificates[*].sha1_fingerprint
}

Expected Behavior

I want to get this output: b3dd7606d2b5a8b4a13771dbecc9ee1cecafa38a for gitlab.com

Actual Behavior

I get this output: b3dd7606d2b5a8b4a13771dbecc9ee1cecafa38a for gitlab.com

Steps to Reproduce

  1. terraform init
  2. terraform plan # will output list of 2 values. First one I need. But get different values depends on version

How much impact is this issue causing?

Medium

Logs

No response

Additional Information

No response

Code of Conduct

abacchi commented 1 year ago

I was running into a similar issue- but found this closed item/comment which helped: https://github.com/hashicorp/terraform-provider-tls/issues/249#issuecomment-1195015907