The following API will be used to sign my CSR: /pki/issuer/:issuer_ref/sign-intermediate
/pki/issuer/my_issuer/sign-intermediate
Actual Behavior
Instead, the following default API is called:
/pki/root/sign-intermediate
which will then try to use the "default" issuer.
Relevant Error/Panic Output Snippet
vault_pki_secret_backend_root_sign_intermediate.test: Creating...
╷
│ Error: error creating root sign-intermediate on PKI secret backend "ca": Error making API request.
│
│ Namespace: my_name_space
│ URL: PUT https://my_vault/v1/ca/root/sign-intermediate
│ Code: 400. Errors:
│
│ * signing certificate has a max path length of zero, and cannot issue further CA certificates
│
│ with vault_pki_secret_backend_root_sign_intermediate.test,
│ on main.tf line 22, in resource "vault_pki_secret_backend_root_sign_intermediate" "test":
│ 22: resource "vault_pki_secret_backend_root_sign_intermediate" "test" {
Terraform Core Version
1.7.3
Terraform Vault Provider Version
3.25.0
Vault Server Version
1.13.0
Affected Resource(s)
Expected Behavior
I'm expecting that by providing the following resource configuration:
The following API will be used to sign my CSR: /pki/issuer/:issuer_ref/sign-intermediate
Actual Behavior
Instead, the following default API is called:
which will then try to use the "default" issuer.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
run terraform apply with the previous resources, given you've a pki mount available
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
No