Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Ability to pass in a scope for certificate authentication #154

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

feat: Ability to pass in a scope for certificate authentication #154

wants to merge 2 commits into from

Conversation

hawksight
Copy link

@hawksight hawksight commented Oct 29, 2024
edited
Loading

Attempts to fix #153. Requires #152 first as this includes the fix for #151.

Tested locally with my setup:

2024-10-29T12:18:50.973Z [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/venafi/venafi\"]" changed the config value, but that value is unused
2024-10-29T12:18:50.973Z [INFO]  provider.terraform-provider-venafi: Configuring venafi provider: tf_req_id=3791080c-596f-42a6-7290-0a45676e057f tf_rpc=Configure @caller=/Users/peter.fiddes/projects/venafi/terraform-provider-venafi/venafi/provider.go:221 @module=venafi tf_provider_addr=registry.terraform.io/Venafi/venafi timestamp=2024-10-29T12:18:50.973Z
2024-10-29T12:18:50.973Z [INFO]  provider.terraform-provider-venafi: User-Agent: hashicorp-terraform-by-venafi/nknown: @caller=/Users/peter.fiddes/projects/venafi/terraform-provider-venafi/venafi/provider.go:222 @module=venafi tf_provider_addr=registry.terraform.io/Venafi/venafi tf_req_id=3791080c-596f-42a6-7290-0a45676e057f tf_rpc=Configure timestamp=2024-10-29T12:18:50.973Z
2024-10-29T12:18:50.973Z [INFO]  provider.terraform-provider-venafi: Using `Venafi Trust Protection Platform` with url https://demo-1.tpp.peter-fiddes-gcp.jetstacker.net to issue certificate: tf_provider_addr=registry.terraform.io/Venafi/venafi tf_req_id=3791080c-596f-42a6-7290-0a45676e057f tf_rpc=Configure @caller=/Users/peter.fiddes/projects/venafi/terraform-provider-venafi/venafi/provider.go:285 @module=venafi timestamp=2024-10-29T12:18:50.973Z
2024-10-29T12:18:50.973Z [INFO]  provider.terraform-provider-venafi: Setting up TLS Configuration: tf_provider_addr=registry.terraform.io/Venafi/venafi tf_req_id=3791080c-596f-42a6-7290-0a45676e057f tf_rpc=Configure @caller=/Users/peter.fiddes/projects/venafi/terraform-provider-venafi/venafi/provider.go:398 @module=venafi timestamp=2024-10-29T12:18:50.973Z
2024-10-29T12:18:51.058Z [INFO]  provider.terraform-provider-venafi: vCert: Got 200 OK status for GET https://demo-1.tpp.peter-fiddes-gcp.jetstacker.net/vedsdk/: timestamp=2024-10-29T12:18:51.058Z
2024-10-29T12:18:51.058Z [INFO]  provider.terraform-provider-venafi: PFX certificate provided for authentication, getting access token: @module=venafi tf_provider_addr=registry.terraform.io/Venafi/venafi tf_req_id=3791080c-596f-42a6-7290-0a45676e057f tf_rpc=Configure @caller=/Users/peter.fiddes/projects/venafi/terraform-provider-venafi/venafi/provider.go:456 timestamp=2024-10-29T12:18:51.058Z
2024-10-29T12:18:51.192Z [INFO]  provider.terraform-provider-venafi: vCert: Got 200 OK status for POST https://demo-1.tpp.peter-fiddes-gcp.jetstacker.net/vedauth/authorize/certificate: timestamp=2024-10-29T12:18:51.192Z
2024-10-29T12:18:51.264Z [INFO]  provider.terraform-provider-venafi: vCert: Got 200 OK status for GET https://demo-1.tpp.peter-fiddes-gcp.jetstacker.net/vedsdk/Identity/Self: timestamp=2024-10-29T12:18:51.264Z
2024-10-29T12:18:51.264Z [INFO]  provider.terraform-provider-venafi: Successfully authenticated: tf_req_id=3791080c-596f-42a6-7290-0a45676e057f tf_rpc=Configure @caller=/Users/peter.fiddes/projects/venafi/terraform-provider-venafi/venafi/provider.go:467 @module=venafi tf_provider_addr=registry.terraform.io/Venafi/venafi timestamp=2024-10-29T12:18:51.264Z
2024-10-29T12:18:51.266Z [DEBUG] ReferenceTransformer: "venafi_policy.team[\"team-1\"]" references: []
2024-10-29T12:18:51.266Z [DEBUG] ReferenceTransformer: "venafi_policy.team[\"team-2\"]" references: []
2024-10-29T12:18:51.266Z [DEBUG] ReferenceTransformer: "venafi_policy.team[\"team-3\"]" references: []
venafi_policy.team["team-3"]: Refreshing state... [id=\VED\Policy\Terraform\team-3]
venafi_policy.team["team-2"]: Refreshing state... [id=\VED\Policy\Terraform\team-awesome]
venafi_policy.team["team-1"]: Refreshing state... [id=\VED\Policy\Terraform\team-1]
2024-10-29T12:18:51.275Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-10-29T12:18:51.276Z [INFO]  provider: plugin process exited: plugin=/Users/peter.fiddes/projects/venafi/terraform-provider-venafi/terraform-provider-venafi id=71371
2024-10-29T12:18:51.276Z [DEBUG] provider: plugin exited
2024-10-29T12:18:51.276Z [DEBUG] no planned changes, skipping apply graph check
2024-10-29T12:18:51.276Z [INFO]  backend/local: plan operation completed
2024-10-29T12:18:51.276Z [INFO]  backend/local: writing plan output to: plan

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

I have tested the following other scenarios:

  1. Define VENAFI_TOKEN, VENAFI_CLIENT_ID & VENAFI_SCOPE explicitly in provider. All works with token.
  2. Define VENAFI_TOKEN and leave clientID and scope to the code default values. All still works with token.

@hawksight hawksight mentioned this pull request Oct 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rvelaVenafi rvelaVenafi Awaiting requested review from rvelaVenafi rvelaVenafi will be requested when the pull request is marked ready for review rvelaVenafi is a code owner

@marcos-albornoz marcos-albornoz Awaiting requested review from marcos-albornoz marcos-albornoz will be requested when the pull request is marked ready for review marcos-albornoz is a code owner

@luispresuelVenafi luispresuelVenafi Awaiting requested review from luispresuelVenafi luispresuelVenafi will be requested when the pull request is marked ready for review luispresuelVenafi is a code owner

@EduardoVV EduardoVV Awaiting requested review from EduardoVV EduardoVV will be requested when the pull request is marked ready for review EduardoVV is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot provide a scope for token exchange
1 participant
@hawksight