Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for custom CA certificates #14

Closed
beyhan opened this issue Nov 17, 2016 · 5 comments
Closed

Add support for custom CA certificates #14

beyhan opened this issue Nov 17, 2016 · 5 comments

Comments

@beyhan
Copy link

beyhan commented Nov 17, 2016

Hi @ljfranklin

We are using the terraform-resource and we are very happy with it. We would like to use the terraform-resource for infrastructures which are set up with custom certificates. Terraform supports custom CA certificates via the argument cacert_file. Currently, it's not possible to use this feature of terraform with the terraform-resource. It's possible to pass the argument cacert_file to terraform thru the terraform-resource but there is no way to provide the custom certificate file. There is a workaround for this by specifying the insecure argument but it's more secure by using the cacert_file option. It will be grate to have this supported by the terraform-resource.
@ljfranklin
Copy link
Owner

ljfranklin commented Nov 17, 2016
edited
Loading

Hey @beyhan! To make it clear, this is the cacert_file option in the OpenStack Terraform Provider. I was hoping that maybe that field could be given either a filepath or the contents of the file, but no such luck. Ideally Terraform would allow you to pass the contents of your cert, then no changes would be required for the resource. I might take a crack at submitting a PR to Terraform in the next few days and see if they'll accept that change.

As a workaround, you could probably generate a cert file in a task and pass the relative path to the terraform resource:

- task: write-certfile
   # echo "$CA_CERT" > ca_cert.pem
- put: terraform
  params:
    vars:
      ca_cert_path: write-certfile/ca_cert.pem

Not 100% sure if this will work, but worth a try.

@beyhan
Copy link
Author

beyhan commented Nov 18, 2016

@ljfranklin Thanks for the prompt response. Yes, it's the cacert_file option which you are referencing. I also was thinking about the suggested workaround. I will give it a try and write back.

@ljfranklin
Copy link
Owner

@beyhan started a PR hashicorp/terraform#10271 to see if the Terraform maintainers would accept such a change.

@beyhan
Copy link
Author

beyhan commented Dec 21, 2016
edited
Loading

@ljfranklin suggested workaround works. Task write-certfile has to define the written file as output which makes it available for the next step. Great that you started the PR on terraform side!

@ljfranklin
Copy link
Owner

Finally got the Terraform PR merged. The next Terraform release should allow you to specify the OpenStack CA either as a filepath or as the contents of the cert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@beyhan @ljfranklin