azurerm_key_vault_certificate: fixed 'Unknown' issuer not working Issue #5589 #6979
Conversation
ThomasZeman
changed the title
There was a problem hiding this comment.
hey @ThomasZeman
Thanks for this PR - taking a look through this is looking good - if we can fix up the crash point then this otherwise LGTM 👍
Thanks!
|
Acceptance Tests pass:
|
|
This has been released in version 2.12.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.12.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
The 'Unknown' issuer certificate workflow does not create a "ready to use" but pending certificate which needs to get signed. Until then it will not have a SID which is the reason why the current code times out waiting for a SID to become available (Refer to https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/keyvault/key_vault_certificate_resource.go#L445).
In this workflow, the user needs to manually download a certificate signing request (CSR file) from the portal and get it signed by an external CA (upload the CSR there and so on). Because of this the azurerm resource for an unknown issuer is finished with its work as soon as the certificate exists which is the case when the go client receives http status code 200. (Refer to https://github.com/Azure/azure-sdk-for-go/blob/master/services/keyvault/2016-10-01/keyvault/client.go#L1303 )
All possible issuers are: