Skip to content
This repository has been archived by the owner on Jul 3, 2023. It is now read-only.

Requires responder_url (default OCSP responder url) for certificate revocation settings, OCSP settings, when it should not be mandatory #231

Closed
ParadigmZero opened this issue Nov 23, 2022 · 1 comment
Closed

Requires responder_url (default OCSP responder url) for certificate revocation settings, OCSP settings, when it should not be mandatory #231

ParadigmZero opened this issue Nov 23, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@ParadigmZero
Copy link

Terraform version: 1.2.5
Provider version: 0.0.24 , latest version, when this was posted
PingFederate version: 11.1.1-edge

Problem:
In PingFederate 11, Certificate Revocation Checking ( in the Security tab), when OCSP is enabled ( ENABLE OCSCP) does not require a default OCSP response URL to be entered, yet it is wrongfully required by the provider.

Relevant Terraform code:
Resource: pingfederate_certificates_revocation_settings
Block: ocsp_setting {}
Field: responder_url

Simple reproducer:

resource "pingfederate_certificates_revocation_settings" "settings" {
      ocsp_settings {
          action_on_responder_unavailable = "CONTINUE"
          action_on_status_unknown        = "FAIL"
          action_on_unsuccessful_response = "FAIL"
          current_update_grace_period     = 5
          next_update_grace_period        = 5
          requester_add_nonce             = false
          responder_timeout               = 5
          response_cache_period           = 48
        }
}

error message:

│ Error: Missing required argument
│ 
│   on pf_certificate_settings.tf line 4, in resource "pingfederate_certificates_revocation_settings" "settings":
│    4:       ocsp_settings {
│ 
│ The argument "responder_url" is required, but no definition was found.

Doing a plan when this same configuration has been entered manually in the console gives the message:

  # pingfederate_certificates_revocation_settings.settings will be updated in-place
  ~ resource "pingfederate_certificates_revocation_settings" "settings" {
        id = "certificates_revocation_settings"

      - ocsp_settings {
          - action_on_responder_unavailable = "CONTINUE" -> null
          - action_on_status_unknown        = "FAIL" -> null
          - action_on_unsuccessful_response = "FAIL" -> null
          - current_update_grace_period     = 5 -> null
          - next_update_grace_period        = 5 -> null
          - requester_add_nonce             = false -> null
          - responder_timeout               = 5 -> null
          - response_cache_period           = 48 -> null
        }
    }

This kind of configuration cannot be added in with the provider, which is the issue.
@ParadigmZero ParadigmZero added the bug Something isn't working label Nov 23, 2022
@iwarapter
Copy link
Owner

fixed with https://github.com/iwarapter/terraform-provider-pingfederate/releases/tag/v0.1.0

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iwarapter @ParadigmZero