You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(Redactions mine; the certificate_body, private_key and name values are identical)
Diffing the certificate_chain attribute values will show that the only difference is a newline character ("\n") in the new configuration that Terraform plans to apply. This newline is not present in our input, as shown below:
Our best guess, without much exploration of the codebase, is that terraform is reading in files without applying a chomp-like method to them. However, this doesn't extend to our inline example -- we're really not sure what's going on there.
This is an extremely high priority for us, as we are managing a production ELB with such a certificate, and it is live for users right now. We would love to set up Atlas, etc., but can't do so until terraform plan does not indicate that is going to make this cosmetic change. Unfortunately for us, the change has side effects that are out of scope of this bug report.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
ghost
locked and limited conversation to collaborators
May 1, 2020
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
providers/aws:
aws_iam_server_certificate
should intelligently handle newlines in certificate chainsAfter
apply
-ing an SSL certificate on an AWS ELB, runningterraform plan
yields an unnecessary planned change:(Redactions mine; the
certificate_body
,private_key
andname
values are identical)Diffing the
certificate_chain
attribute values will show that the only difference is a newline character ("\n") in the new configuration that Terraform plans to apply. This newline is not present in our input, as shown below:certificates.tf:
Even when inlining the certificate, this happens:
Our best guess, without much exploration of the codebase, is that terraform is reading in files without applying a
chomp
-like method to them. However, this doesn't extend to our inline example -- we're really not sure what's going on there.This is an extremely high priority for us, as we are managing a production ELB with such a certificate, and it is live for users right now. We would love to set up Atlas, etc., but can't do so until
terraform plan
does not indicate that is going to make this cosmetic change. Unfortunately for us, the change has side effects that are out of scope of this bug report.One possible resolution would be to use the
normalizeCert
function inbuiltin/providers/aws/resource_aws_iam_server_certificate.go
(https://github.com/hashicorp/terraform/blob/master/builtin/providers/aws/resource_aws_iam_server_certificate.go#L133) on the certificate chain, as well as the certificate body, effectively handle trailing newlines. Mygo
-foo isn't particularly strong, but I'd be happy to propose a PR to this effect.The text was updated successfully, but these errors were encountered: