Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_dms_certificate doesn't import Oracle wallet correctly #13605

Closed
lawrieke opened this issue Jun 4, 2020 · 3 comments · Fixed by #17958
Closed

aws_dms_certificate doesn't import Oracle wallet correctly #13605

lawrieke opened this issue Jun 4, 2020 · 3 comments · Fixed by #17958
Labels
bug Addresses a defect in current functionality.
Milestone
v3.33.0

Comments

@lawrieke
Copy link

lawrieke commented Jun 4, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

v0.12.20
v0.12.16

Affected Resource(s)

aws_dms_certificate

Terraform Configuration Files

resource "aws_dms_certificate" "source" {
  certificate_id     = "source-oracle-wallet-ca"
  certificate_wallet = filebase64("${path.root}/rds-ca-2019-root.sso")
}

Debug Output

Output shows as successful, the DMS certificate is visible in the AWS console

Expected Behavior

The imported certificate should be valid

Actual Behavior

The imported certificate isn't valid.

Importing the certificate in the AWS console works and the below cli import is successful;

aws dms import-certificate --certificate-identifier source-oracle-wallet-ca-fromcli --certificate-wallet fileb://rds-ca-2019-root.sso

The TF state contains the correct base64 encoded certificate, but when TF imports it into AWS DMS, a second base64 encoding is applied corrupting the certificate.

Important Factoids

If I try;

certificate_wallet = file("${path.root}/rds-ca-2019-root.sso")

It fails with 'provided string is not valid UTF-8'

There were changes to the certificate_wallet input back in version v2.46.0, but this issue occurs in versions before or after 2.46
#11496

References

  • #0000
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Jun 4, 2020
sonikro added a commit to sonikro/terraform-provider-aws that referenced this issue Mar 5, 2021
@sonikro
hashicorp#13605 added base64decode string before sending to aws-sdk-g…
ed3e6cb 
…o, so certificate_wallet is not encoded twice
@sonikro sonikro mentioned this issue Mar 5, 2021
Merged
@sonikro
Copy link
Contributor

sonikro commented Mar 5, 2021

I'm having the same issue. We can't use the file function because the certificate contains invalid UTF-8 characters, however we can't also use fillebase64, because the aws-sdk-go will encode the content again, so that's why the certificate is corrupted.

I've opened a PR to try to fix this issue

@anGie44 anGie44 added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Mar 12, 2021
@anGie44 anGie44 modified the milestones: v2.70.1, v3.33.0 Mar 17, 2021
anGie44 added a commit that referenced this issue Mar 17, 2021
@anGie44
Merge pull request #17958 from sonikro/b-fix-oracle-wallet-upload
16061dd 
#13605 added base64decode string before sending to aws-sdk-go, so cer…
@ghost
Copy link

ghost commented Mar 18, 2021

This has been released in version 3.33.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Apr 16, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Apr 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality.
Projects
None yet
Milestone
v3.33.0
3 participants
@sonikro @anGie44 @lawrieke