search

iwarapter / terraform-provider-pingfederate

Ping Federate Terraform Provider
https://registry.terraform.io/providers/iwarapter/pingfederate/latest/docs
MIT License
17 stars 7 forks source link

Requires responder_url (default OCSP responder url) for certificate revocation settings, OCSP settings, when it should not be mandatory #231

Closed ParadigmZero closed 1 year ago

ParadigmZero commented 1 year ago

Terraform version: 1.2.5 Provider version: 0.0.24 , latest version, when this was posted PingFederate version: 11.1.1-edge

Problem: In PingFederate 11, Certificate Revocation Checking ( in the Security tab), when OCSP is enabled ( ENABLE OCSCP) does not require a default OCSP response URL to be entered, yet it is wrongfully required by the provider.

Relevant Terraform code: Resource: pingfederate_certificates_revocation_settings Block: ocsp_setting {} Field: responder_url

Simple reproducer:

resource "pingfederate_certificates_revocation_settings" "settings" {
      ocsp_settings {
          action_on_responder_unavailable = "CONTINUE"
          action_on_status_unknown        = "FAIL"
          action_on_unsuccessful_response = "FAIL"
          current_update_grace_period     = 5
          next_update_grace_period        = 5
          requester_add_nonce             = false
          responder_timeout               = 5
          response_cache_period           = 48
        }
}

error message:

│ Error: Missing required argument
│ 
│   on pf_certificate_settings.tf line 4, in resource "pingfederate_certificates_revocation_settings" "settings":
│    4:       ocsp_settings {
│ 
│ The argument "responder_url" is required, but no definition was found.

Doing a plan when this same configuration has been entered manually in the console gives the message:

  # pingfederate_certificates_revocation_settings.settings will be updated in-place
  ~ resource "pingfederate_certificates_revocation_settings" "settings" {
        id = "certificates_revocation_settings"

      - ocsp_settings {
          - action_on_responder_unavailable = "CONTINUE" -> null
          - action_on_status_unknown        = "FAIL" -> null
          - action_on_unsuccessful_response = "FAIL" -> null
          - current_update_grace_period     = 5 -> null
          - next_update_grace_period        = 5 -> null
          - requester_add_nonce             = false -> null
          - responder_timeout               = 5 -> null
          - response_cache_period           = 48 -> null
        }
    }

This kind of configuration cannot be added in with the provider, which is the issue.

iwarapter commented 1 year ago

fixed with https://github.com/iwarapter/terraform-provider-pingfederate/releases/tag/v0.1.0