Open tspearconquest opened 1 year ago
Actually, upon further testing, this does cause abnormal functionality.
I left out the rsa_bits
with algorithm = "ECDSA"
and generated a certificate locally with terraform plan
followed by terraform apply
.
Then I ran terraform plan
again to confirm no changes:
❯ terraform plan -out plan
tls_private_key.ca_key: Refreshing state... [id=096300c25a9a634a5b6b3b6039ca9b2b77e7baa6]
tls_private_key.server_key: Refreshing state... [id=801a05e31a79fb9051625dfe5d4ebd65ee049508]
tls_cert_request.server_csr: Refreshing state... [id=d8e49e436e0ade51e593822b26b36fd7edd818a2]
tls_self_signed_cert.ca_cert: Refreshing state... [id=263861910634595957572633798312256012026]
tls_locally_signed_cert.server_cert: Refreshing state... [id=211343064850266243715313131738143119829]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
Then I added the line rsa_bits = 0
to my resource, as below:
resource "tls_private_key" "server_key" {
algorithm = "ECDSA"
ecdsa_curve = "P521"
rsa_bits = 0
}
Then ran terraform plan
again:
Terraform CLI and Provider Versions
Terraform Configuration
Expected Behavior
Actual Behavior
Steps to Reproduce
terraform plan
How much impact is this issue causing?
Low
Logs
No response
Additional Information
The documentation mentions that this value is only used when
algorithm = "RSA"
so there is no reason for it to be included in the state file or outputs. Whenalgorithm = "ECDSA"
oralgorithm = "ED25519"
, Terraform should hide thersa_bits
line and not save the value to the state file.I want to use tls_private_key to generate a private ECDSA key for signing my own CA with tls_self_signed_cert, but I don't want any RSA related information in the state file or output, since I'm not requesting an RSA key.
This seems to only affect the output and the values saved into the state file, but does not appear to cause any abnormal functionality in the provider or the generated certificates in the state.
Code of Conduct