Remove terraform-provider-tls dependency #10023
Labels
provider
Pertains to the provider itself, rather than any interaction with AWS.
technical-debt
Addresses areas of the codebase that need refactoring or redesign.
tests
PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Milestone
Comments
bflad
added
technical-debt
github-actions
bot
added
the
needs-triage
bflad
added a commit
that referenced
this issue
Sep 6, 2019
…_self_signed_certificate test configuration resources Reference: #10023
bflad
added a commit
that referenced
this issue
Sep 6, 2019
…o internal functions Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSAcmCertificateDataSource_KeyTypes (18.45s) ```
|
Proof of concept: #10024 |
bflad
added
tests
1 task
bflad
added a commit
that referenced
this issue
Sep 27, 2019
…S key/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccDataSourceAWSLBListener_https (217.29s) ```
bflad
added a commit
that referenced
this issue
Sep 28, 2019
…LS key/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSAcmCertificate_imported_IpAddress (14.99s) --- PASS: TestAccAWSAcmCertificate_imported_DomainName (23.89s) ```
bflad
added a commit
that referenced
this issue
Sep 28, 2019
…on for TLS key/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn (1281.11s) --- PASS: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn_ConflictsWithCloudFrontDefaultCertificate (1284.54s) ```
bflad
added a commit
that referenced
this issue
Sep 28, 2019
…mplementation for TLS key/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAwsEc2ClientVpnNetworkAssociation_basic (549.92s) --- PASS: TestAccAwsEc2ClientVpnNetworkAssociation_disappears (581.03s) ```
bflad
added a commit
that referenced
this issue
Sep 28, 2019
…on for TLS key/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAwsEc2ClientVpnEndpoint_disappears (18.01s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_basic (17.22s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_splitTunnel (29.09s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_withDNSServers (29.77s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_withLogGroup (36.80s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_tags (39.35s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_msAD (1761.91s) ```
bflad
added a commit
that referenced
this issue
Sep 29, 2019
…ficate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSELB_Listener_SSLCertificateID_IAMServerCertificate (38.75s) ```
bflad
added a commit
that referenced
this issue
Sep 29, 2019
…implementation for TLS key/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSLoadBalancerBackendServerPolicy_basic (70.37s) ```
bflad
added a commit
that referenced
this issue
Sep 29, 2019
…s on creation, use internal implementation for test TLS key/certificate Reference: #10023 Fixes the following issue discovered during acceptance testing due to IAM eventual consistency: ``` --- FAIL: TestAccAwsLbListenerCertificate_multiple (326.35s) testing.go:569: Step 1 error: errors during apply: Error: Error creating LB Listener Certificate: CertificateNotFound: Certificate 'arn:aws:iam::187416307283:server-certificate/tf-acc-test-3065966466410433081-additional-3' not found ``` This also refactors the testing configurations so they can share a common base configuration. Output from acceptance testing: ``` --- PASS: TestAccAwsLbListenerCertificate_basic (186.16s) --- PASS: TestAccAwsLbListenerCertificate_multiple (271.64s) ```
bflad
added a commit
that referenced
this issue
Sep 29, 2019
… key/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSLBListenerRule_oidc (198.18s) --- PASS: TestAccAWSLBListenerRule_Action_Order (202.37s) --- PASS: TestAccAWSLBListenerRule_Action_Order_Recreates (243.71s) --- PASS: TestAccAWSLBListenerRule_cognito (243.72s) ```
bflad
added a commit
that referenced
this issue
Sep 29, 2019
…ey/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSLBListener_https (193.49s) --- PASS: TestAccAWSLBListener_DefaultAction_Order_Recreates (202.01s) --- PASS: TestAccAWSLBListener_cognito (202.92s) --- PASS: TestAccAWSLBListener_oidc (214.41s) --- PASS: TestAccAWSLBListener_DefaultAction_Order (223.52s) --- PASS: TestAccAWSLBListener_Protocol_Tls (340.53s) ```
bflad
added a commit
that referenced
this issue
Sep 29, 2019
…tificate Reference: #10023 Switches `aws_api_gateway_base_path_mapping` testing to the simplest `aws_api_gateway_domain_name` configuration with `regional_certificate_arn`. Requires new environment variables for `certificate_name` testing as CloudFront now strictly requires a publicly trusted key/certificate: ``` --- FAIL: TestAccAWSAPIGatewayDomainName_CertificateName (5.58s) testing.go:569: Step 0 error: errors during apply: Error: Error creating API Gateway Domain Name: BadRequestException: The certificate that is attached to your distribution was not issued by a trusted Certificate Authority. For more details, see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-requirements (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: e052f947-e261-11e9-a70c-b3beead7f798) ``` Output from acceptance testing: ``` --- PASS: TestAccAWSAPIGatewayBasePathMapping_basic (103.50s) --- PASS: TestAccAWSAPIGatewayBasePathMapping_BasePath_Empty (61.24s) --- SKIP: TestAccAWSAPIGatewayDomainName_CertificateArn (0.00s) --- SKIP: TestAccAWSAPIGatewayDomainName_CertificateName (0.00s) --- SKIP: TestAccAWSAPIGatewayDomainName_RegionalCertificateName (0.00s) --- PASS: TestAccAWSAPIGatewayDomainName_RegionalCertificateArn (20.45s) --- PASS: TestAccAWSAPIGatewayDomainName_SecurityPolicy (104.68s) ```
bflad
added a commit
that referenced
this issue
Sep 30, 2019
…tion for TLS key/certificate Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSLBSSLNegotiationPolicy_disappears (33.49s) --- PASS: TestAccAWSLBSSLNegotiationPolicy_basic (40.18s) ```
bflad
added a commit
that referenced
this issue
Sep 30, 2019
…tificate Reference: #10023 Switches `aws_api_gateway_base_path_mapping` testing to the simplest `aws_api_gateway_domain_name` configuration with `regional_certificate_arn`. Requires new environment variables for `certificate_name` testing as CloudFront now strictly requires a publicly trusted key/certificate: ``` --- FAIL: TestAccAWSAPIGatewayDomainName_CertificateName (5.58s) testing.go:569: Step 0 error: errors during apply: Error: Error creating API Gateway Domain Name: BadRequestException: The certificate that is attached to your distribution was not issued by a trusted Certificate Authority. For more details, see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-requirements (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: e052f947-e261-11e9-a70c-b3beead7f798) ``` Output from acceptance testing: ``` --- PASS: TestAccAWSAPIGatewayBasePathMapping_basic (103.50s) --- PASS: TestAccAWSAPIGatewayBasePathMapping_BasePath_Empty (61.24s) --- SKIP: TestAccAWSAPIGatewayDomainName_CertificateArn (0.00s) --- SKIP: TestAccAWSAPIGatewayDomainName_CertificateName (0.00s) --- SKIP: TestAccAWSAPIGatewayDomainName_RegionalCertificateName (0.00s) --- PASS: TestAccAWSAPIGatewayDomainName_RegionalCertificateArn (20.45s) --- PASS: TestAccAWSAPIGatewayDomainName_SecurityPolicy (104.68s) ```
bflad
added a commit
that referenced
this issue
Sep 30, 2019
Reference: #10023 Output from acceptance testing: ``` --- PASS: TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix (3.55s) --- PASS: TestAccAWSIAMServerCertificate_disappears (9.30s) --- PASS: TestAccAWSIAMServerCertificate_name_prefix (10.17s) --- PASS: TestAccAWSIAMServerCertificate_basic (11.28s) --- PASS: TestAccAWSDataSourceIAMServerCertificate_basic (12.65s) --- PASS: TestAccAWSDataSourceIAMServerCertificate_path (12.71s) --- PASS: TestAccAWSIAMServerCertificate_file (17.00s) ```
bflad
added a commit
that referenced
this issue
Oct 9, 2019
Reference: #10023 Updated via: ```console $ go mod tidy $ go mod vendor ``` Output from acceptance testing: ``` --- PASS: TestAccAWSAcmCertificate_imported_IpAddress (14.46s) --- PASS: TestAccAWSAcmCertificate_imported_DomainName (23.05s) ```
|
This has been released in version 2.32.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Community Note
Description
We have a few reasons to migrate away from importing the Terraform TLS Provider code directly:
+incompatiblemeans its not possible for this dependency to be cached. While we do currently vendor dependencies, we would like to move away from that model now that public Go proxies are becoming more prevalent and defaulting to being enabledHard requirements:
tls_private_keyresource replacement:private_key_pemtls_self_signed_certresource replacement:cert_pemSoft requirements:
Only for
aws/resource_aws_api_gateway_base_path_mapping_test.goandaws/resource_aws_api_gateway_domain_name_test.go(for functionality which is already deprecated in API Gateway):tls_cert_requestresource replacementtls_locally_signed_certresource replacementReferences
The text was updated successfully, but these errors were encountered: