Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x509: certificate signed by unknown authority AzureRM Provider behind company proxy #1778

Closed
ghost opened this issue Aug 15, 2018 · 7 comments
Closed

x509: certificate signed by unknown authority AzureRM Provider behind company proxy #1778

ghost opened this issue Aug 15, 2018 · 7 comments
Labels
authentication bug
Milestone
v1.18.0

Comments

@ghost
Copy link

ghost commented Aug 15, 2018

This issue was originally opened by @Quisl as hashicorp/terraform#18683. It was migrated here as a result of the provider split. The original body of the issue is below.

Terraform Version

Terraform v0.11.7
+ provider.azurerm v1.7.0

Terraform Configuration Files

provider "azurerm" {
    subscription_id = "CENSORED"
    client_id       = "CENSORED"
    client_secret   = "CENSORED"
    tenant_id       = "CENSORED"
}

resource "azurerm_resource_group" "storage-rg"
{
  name     = "storage-prd-rg"
  location = "West Europe"

  tags
  {
    description = "contains azure resources concerning storage"
  }
}

Debug Output

https://gist.github.com/Quisl/c4275d4559e53bc5d982aff1fc733169

Expected Behavior

I expected Terraform to create a resource group in my Azure Environment.

Actual Behavior

Terraform stops executing because of a unknown certificate. Error:

Steps to Reproduce

  1. terraform init
  2. terraform plan

Additional Context

I am using Debian 9 (stretch) and I sit behind a proxy server which requires me to use the companies CA Certificate for outgoing traffic. However I have added the certificate to my operating system using the

update-ca-certificates

command (curl works).
@ghost ghost mentioned this issue Aug 15, 2018
Closed
@tombuildsstuff tombuildsstuff added this to the 1.14.0 milestone Aug 30, 2018
@tombuildsstuff
Copy link
Contributor

hey @Quisl

Thanks for opening this issue :)

I've taken a look into this issue and believe there's two parts to fixing this:

Unfortunately I don't have access to a Proxy to verify this patch works as expected behind a proxy with custom authentication - however I can see these requests going through the proxy as expected using Charles Proxy on macOS. Would you be able to pull and build the branch proxy-support and confirm if this fixes your issue? If so there's build instructions in the README

Thanks!

@tombuildsstuff tombuildsstuff modified the milestones: 1.14.0, 1.15.0, 1.16.0 Sep 6, 2018
@tombuildsstuff tombuildsstuff modified the milestones: 1.16.0, 1.17.0 Sep 21, 2018
@tombuildsstuff tombuildsstuff modified the milestones: 1.17.0, 1.18.0 Oct 11, 2018
@Quisl
Copy link

Quisl commented Oct 17, 2018

Hi @tombuildsstuff

I had to test it on a different machine as the other one was just a testing VM.

However, it appears to work now!

Thank you 👍

@tombuildsstuff
Copy link
Contributor

hey @Quisl

Thanks for confirming that - we'll send a PR to update that shortly.

Thanks!

@tombuildsstuff tombuildsstuff mentioned this issue Oct 22, 2018
Merged
@tombuildsstuff tombuildsstuff modified the milestones: 1.19.0, 1.18.0 Oct 22, 2018
@tombuildsstuff
Copy link
Contributor

PR: #2133

@tombuildsstuff
Copy link
Contributor

hi @Quisl

Just to let you know that this has been released as a part of v1.18 of the AzureRM Provider (the full changelog is available here). You can upgrade to this by specifying the version in the provider block (as shown below) and then running terraform init -upgrade

provider "azurerm" {
  version = "=1.18.0"
}

Thanks!

@akaFalsh
Copy link

akaFalsh commented Nov 23, 2018
edited
Loading

Terraform v0.11.10

  • provider.azurerm v1.19.0

Still having issue.
Log:

* provider.azurerm: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/<CENSORED>/providers?api-version=2017-05-10: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Post https://login.microsoftonline.com/<CENSORED>/oauth2/token?api-version=1.0: dial tcp: lookup login.microsoftonline.com on [fec0:0:0:ffff::1]:53: dial udp [fec0:0:0:ffff::1]:53: connect: invalid argument'

@ghost
Copy link
Author

ghost commented Mar 5, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
authentication bug
Projects
None yet
Milestone
v1.18.0
Development

No branches or pull requests
4 participants
@paultyng @tombuildsstuff @akaFalsh @Quisl