As the title states, we are using terraform (with terragrunt) to automate our infrastructure pipelines and remove all manual interventions. Everything gets checked in, and pushed through with service accounts.
One area we are looking to automate is our use of Cloud WAF on some of our products.
For the sites which use Cloud WAF we are having issues where the certificate needs to be renewed. When using the UI, you create a cert, then updated the certificate used on each route of the Cloud WAF Instance.
When trying to implement this with the terraform provider, you get stuck in a bad state. The tf state file contains the GUID to the certificate that was previously created. When we renew our certificate (it's handled in another module) we then call to update the existing certificate in place. This causes an error because it is in use by the routes in the WAF instance.
The only resulting solution is to drop the routes manually, update the cert, and then re-add the routes.
Is it possible to allow updates to expired certificates?
As the title states, we are using terraform (with terragrunt) to automate our infrastructure pipelines and remove all manual interventions. Everything gets checked in, and pushed through with service accounts.
One area we are looking to automate is our use of Cloud WAF on some of our products.
For the sites which use Cloud WAF we are having issues where the certificate needs to be renewed. When using the UI, you create a cert, then updated the certificate used on each route of the Cloud WAF Instance.
When trying to implement this with the terraform provider, you get stuck in a bad state. The tf state file contains the GUID to the certificate that was previously created. When we renew our certificate (it's handled in another module) we then call to update the existing certificate in place. This causes an error because it is in use by the routes in the WAF instance.
The only resulting solution is to drop the routes manually, update the cert, and then re-add the routes.
Is it possible to allow updates to expired certificates?