Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Database updates silently wipes out client_ssl_certificate #478

Open
atsui-bay1 opened this issue Mar 22, 2024 · 0 comments
Open

Database updates silently wipes out client_ssl_certificate #478

atsui-bay1 opened this issue Mar 22, 2024 · 0 comments

Comments

@atsui-bay1
Copy link

Terraform Version

Terraform v1.3.6

Affected Resource(s)

Please list the resources as a list, for example:

  • rediscloud_subscription_database
  • rediscloud_active_active_subscription_database

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "rediscloud_subscription_database" "database" {
  subscription_id = rediscloud_subscription.subscription[0].id
  name            = "dummy"
  port            = 10000

  memory_limit_in_gb           = 2
  data_persistence             = "none"
  throughput_measurement_by    = "operations-per-second"
  throughput_measurement_value = 2000

  replication   = true
  resp_version  = "resp3"
  data_eviction = "volatile-lru"

  enable_default_user = false
  enable_tls          = true
}

Debug Output

Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

Panic Output

If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the crash.log.

Expected Behavior

We enable mutualTLS and upload client certificates via a separate process, as we do not want the keys/certs to be added to the Terraform statefile. When we change an option through Terraform, these uploaded client certs are being removed from the database. This would be fine, except the terraform plan does NOT show that the client_ssl_certificate on the resource will be removed.

Actual Behavior

The client certificates were removed silently from the database. The terraform plan should indicate that the certs will be removed as part of the apply.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply
  2. Enable mTLS and upload a client certificate outside of Terraform
  3. make a change to the resource in Terraform
  4. terraform apply
  5. Notice that the plan does NOT show the cert removal, but the cert will be gone after the apply completes

Important Factoids

Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

  • GH-1234
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@atsui-bay1