Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document how to connect to a publicly accessible HCP Consul instance better. #313

Open
techdragon opened this issue Jul 28, 2022 · 1 comment
Open

Document how to connect to a publicly accessible HCP Consul instance better. #313

techdragon opened this issue Jul 28, 2022 · 1 comment
Assignees
@remilapeyre
Labels
waiting-response

Comments

@techdragon
Copy link

techdragon commented Jul 28, 2022
edited

Terraform Version

Terraform v1.2.6
on darwin_amd64
+ provider registry.terraform.io/hashicorp/consul v2.15.1
+ provider registry.terraform.io/hashicorp/hcp v0.37.0

Affected Resource(s)

Multiple

Terraform Configuration Files

NA

Debug Output

NA

Panic Output

NA

Expected Behavior

Terraform should be able to manage the configured Consul when setup following the documentation and provided config values.

Actual Behavior

Lots of errors

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform HCP hosted Consul
  2. set the new HCP Consul instance as publicly accessible
  3. use the copied admin token and copied public address to connect the provider as documented.
  4. try to create things

Important Factoids

The outcomes of various possible configurations of address and schema including the only two combinations that work for publicly accessible HCP Consul instances seems to be as follows.

  • With port at the end of the address (which is how the value is copied from the HCP web UI):
    • schema must be set to "http" in order for it to work.
    • Setting schema to "https" will produce http: server gave HTTP response to HTTPS client errors for each resource it attempts to investigate.
    • Omitting a value for schema (which marking it as optional implies you can do) will produce various errors such as Unexpected response code: 404 () trying to create a new consul_key resource, and Unexpected response code: 405 (method GET not allowed) trying to create a new consul_acl_policy resource, trying to modify a resource will "succeed" but the write doesn't actually happen if you go and check the web console. (This probably warrants a separate bug report for the false positive Modification complete response.)
  • With no port at the end of the address:
    • schema must be set to "https" in order for it to work.
    • Setting schema to "http" or omitting a value for schema (which marking it as optional implies you can do) will produce various errors such as Unexpected response code: 404 () trying to create a new consul_key resource, and Unexpected response code: 405 (method GET not allowed) trying to create a new consul_acl_policy resource, trying to modify a resource will "succeed" but the write doesn't actually happen if you go and check the web console. (This probably warrants a separate bug report for the false positive Modification complete response.)

In summary, if you're using the public address endpoint of a HCP Consul instance, then schema is required, and the specifics of removing the port from the end of the address to get HTTPS support should be documented.

References

NA
@remilapeyre remilapeyre self-assigned this Aug 17, 2022
@remilapeyre
Copy link
Collaborator

Hello @techdragon, I have been unable to reproduce this issue. Can you please give an example that does not work?

Are you sure you had no environment variable set when you were doing the tests?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@remilapeyre remilapeyre

Labels
waiting-response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@techdragon @remilapeyre