Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Origin CA certificate validity not applied (provider version >= v2.22.0) #1160

Closed
2 tasks done
onematchfox opened this issue Aug 23, 2021 · 1 comment · Fixed by #1214
Closed
2 tasks done

Origin CA certificate validity not applied (provider version >= v2.22.0) #1160

onematchfox opened this issue Aug 23, 2021 · 1 comment · Fixed by #1214
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@onematchfox
Copy link
Contributor

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v0.14.11
Cloudflare Provider >= v2.22.0

Affected resource(s)

cloudflare_origin_ca_certificate

Terraform configuration files

resource "tls_private_key" "example" {
  algorithm = "RSA"
}

resource "tls_cert_request" "example" {
  key_algorithm   = tls_private_key.example.algorithm
  private_key_pem = tls_private_key.example.private_key_pem

  subject {
    common_name  = ""
    organization = "Terraform Test"
  }
}

resource "cloudflare_origin_ca_certificate" "example" {
  csr                = tls_cert_request.example.cert_request_pem
  hostnames          = [ "example.com" ]
  request_type       = "origin-rsa"
  requested_validity = 30
}

Debug output

Should be reproducible by running Terraform acceptance tests?

Panic output

No response

Expected output

Expect a certificate to be created that is valid for 30 days

Actual output

Certificate that is created is valid for 5475 days

Steps to reproduce

The easiest way would be to run the Terraform acceptance tests within this repository. I was going to extend the tests to showcase this but it looks like they are already failing:

=== RUN   TestAccCloudflareOriginCACertificate_Basic
    testing.go:705: Step 0 error: Check failed: Check 6/6 error: cloudflare_origin_ca_certificate.hfjigatemd: Attribute 'requested_validity' expected "7", got "5475"
--- FAIL: TestAccCloudflareOriginCACertificate_Basic (7.76s)
FAIL
exit status 1
FAIL    github.com/cloudflare/terraform-provider-cloudflare/cloudflare  7.767s

Additional factoids

No response

References

Issue was introduced with change in #1078
@onematchfox onematchfox added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 23, 2021
@jacobbednarz
Copy link
Member

This is an issue in terraform-plugin-sdk (see hashicorp/terraform-plugin-sdk#806). I'll see what I can do about mitigating in the meantime.

@jacobbednarz jacobbednarz added triage/accepted Indicates an issue or PR is ready to be actively worked on. upstream-terraform and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Sep 22, 2021
jacobbednarz added a commit that referenced this issue Sep 22, 2021
@jacobbednarz
resource/cloudflare_origin_ca_certificate: ignore requested_validity …
65c92a3 
…changes

In #1078 we shipped a change that would ignore the `requested_validity`
attribute as it is an ever decreasing value that shouldn't trigger a
change. However, digging into this has surfaced a bug in
`terraform-plugin-sdk`[1] that is preventing the schema from providing
the value to the CRUD method due to the presence of `DiffSuppressFunc`.
Instead of using a `DiffSuppressFunc`, mark the attribute as Optional
and Computed to allow it to be ignored when it decreases.

```
=== RUN   TestAccCloudflareOriginCACertificate_Basic
    resource_cloudflare_origin_ca_certificate_test.go:34: Step 1/2 error: Check failed: Check 6/6 error: cloudflare_origin_ca_certificate.mjrtkutxmm: Attribute 'requested_validity' expected "7", got "5475"
```

Closes #1160

[1]: hashicorp/terraform-plugin-sdk#806
@jacobbednarz jacobbednarz mentioned this issue Sep 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
2 participants
@jacobbednarz @onematchfox