Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Custom Timeouts #80

Open
jaikanthjay46 opened this issue Mar 22, 2022 · 4 comments · May be fixed by #107
Open

Support Custom Timeouts #80

jaikanthjay46 opened this issue Mar 22, 2022 · 4 comments · May be fixed by #107
Labels
enhancement New feature or request

Comments

@jaikanthjay46
Copy link

BUSINESS PROBLEM

  • Provisioning time is erratic and exceeds 3 mins sometimes. Would be handy to have a control over timeout instead of 3 mins for all of them.

PROPOSED SOLUTION

special timeouts block in terraform can be used to override the timeout.

https://www.terraform.io/language/resources/syntax#operation-timeouts

CURRENT ALTERNATIVES
Try Again Later

VENAFI EXPERIENCE
@jaikanthjay46 jaikanthjay46 added the enhancement New feature or request label Mar 22, 2022
@jaikanthjay46
Copy link
Author

Also, can I contribute to this issue ?

@tr1ck3r
Copy link
Member

tr1ck3r commented Mar 23, 2022

@jaikanthjay46 yes, we very much welcome contributions from our developer community 😃 The design standard for our open source integrations is that the CA must be able to reliability issue requested certificates in 60 seconds or less or we consider it not viable for the modern automation use case we're targeting. We decided to allow up 3 times longer to account for bursts of requests that could temporarily degrade the CA's throughput. Please just make sure your enhancement doesn't change the default behavior.

@jkacou
Copy link

jkacou commented Sep 1, 2022
edited
Loading

@tr1ck3r yes I agree with you untill we come to the approval steps from Venafi administrators / security in a company
Since we are not able to deal with the timeout and never we will have an human approval in 60s (neither in 3min) all requests where we need an human approval systematically fails and it is a big mess.. :(
I would prefer to have a long running job (with a certain custom timeout) waiting for an human approval for this case.. since make it asynchronous is a non sense to me because we will lose the terraform main advantage, the config state tracking...
Considering it can cause some performance issues to the platform, is a specific state (as a pending for approval) is possible as a return to terraform and that way it could know how to deal with it? (and not recreate a new certificate because it have nothing in its state to remember the previous timeout, and here is the infinite loop of recreations and timeouts)
Delete the approval step is not really an option..

@afhamilton
Copy link

I came to raise this issue and was somewhat happy that we aren't the only ones who have problems due to the lack of a timeout block. I'm also surprised that this was raised over a year ago and still hasn't been addressed.

We have an external CA that Venafi reaches out to (via the internet) when managing public certs as well as an approval step so consequently all our plans that require external certificates are failing. We had to remove all Venafi resources from our code and will now have to manually download the certs and upload to our appliances.

@jaikanthjay46 jaikanthjay46 linked a pull request May 21, 2023 that will close this issue
Open
@luispresuelVenafi luispresuelVenafi mentioned this issue Feb 26, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(timeout): use timeout from plugin SDK jaikanthjay46/terraform-provider-venafi
4 participants
@tr1ck3r @jaikanthjay46 @jkacou @afhamilton