mulesoft-anypoint / terraform-provider-anypoint

The Anypoint Platform Terraform Provider
https://registry.terraform.io/providers/mulesoft-anypoint/anypoint/latest
MIT License
12 stars 6 forks source link

Unable to add client certificate to a Load Balancer #9

Closed ccortinhas-pmi closed 1 year ago

ccortinhas-pmi commented 1 year ago

Using provider v1.5.2 we are deploying multiple DLBs with certificates. However we noticed that it is not possible to set a Client Certificate, for example of a trusted CA to verify client certificates.

A close case to ours is explained here.

Notice the second screen in particular and the client certificate: image

We had success in setting the SSL/TLS certificate via terraform, but we also need to apply a client certificate, and it seems that anypoint provider v1.5.2 didn't support that yet.

Can you implement this feature please? It's one of the few mandatory manual steps that's stopping us from fully automating our Mulesoft infrastructure.

soufi commented 1 year ago

Hi @ccortinhas-pmi, I'm trying to work on your case, but I can't the same page as yours, as I have the following:

Screenshot 2023-08-23 at 19 03 52

do you havae some specific options ?

soufi commented 1 year ago

@ccortinhas-pmi,

using your browser's developer tools, you can get the requets that are made behind the scene by the platform to create and update the DLB in your case.

From that I can see what's missing.

Are you able to send the requests ?

ccortinhas-pmi commented 1 year ago

Hi @soufi ,

It seems that "Client Certificate" was rebranded to "Trusted CA File" on the UI, so you are getting the correct field.

Nonetheless I created a new certificate just to replicate the payload of the PATCH request and is as follows (I removed the sensitive information):

[
   {
      "op":"replace",
      "path":"/defaultSslEndpoint",
      "value":1
   },
   {
      "op":"add",
      "path":"/sslEndpoints/0",
      "value":{
         "publicKeyLabel":"domain.pem",
         "publicKey":"",
         "privateKeyLabel":"domain.key",
         "privateKey":"",
         "mappings":[
            {
               "inputUri":"/{app}/",
               "appName":"{app}",
               "appUri":"/",
               "upstreamProtocol":"http"
            }
         ],
         "privateKeyDigest":"",
         "publicKeyDigest":"",
         "publicKeyCN":"domain",
         "publicKeySANs":[

         ],
         "clientCertCN":"domain",
         "clientCertDigest":"",
         "revocationList":"",
         "revocationListLabel":null,
         "clientCert":"",
         "clientCertLabel":"label.pem"
      }
   },
   {
      "op":"replace",
      "path":"/sslEndpoints/1/mappings",
      "value":[
        (...)
      ]
   },
   {
      "op":"replace",
      "path":"/doubleStaticIps",
      "value":false
   }
]

I hope this helps.

soufi commented 1 year ago

hey @ccortinhas-pmi,

I'm happy to announce that the version v1.5.4 is published with plenty of enhancement for DLB.

Thank you for using this tool.