data-source/tls_certificate: Consider Disabling HTTP Redirects (Or Provide Configuration Choice) #250
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Terraform CLI and Provider Versions
Terraform v1.2.5
TLS Provider 4.0.1
Use Cases or Problem Statement
Version 4.0.0 and later of the TLS provider currently implement a HTTP client for handling HTTPS schemed URLs. The default behavior of that HTTP client is to follow up to 10 HTTP redirects. TLS certificates may differ between the originally requested URL and the redirected URL.
Proposal
For the purposes of this particular data source, it feels more appropriate to return the TLS certificates of the originally requested URL, since that is what is explicitly configured. Outside of this data source, any HTTP requests to the original URL would be initially presented with the original URL certificates first, given the HTTP redirects happen as a response to the initial request. This also preserves the 3.x and prior behavior when it used direct TLS connections to the given URL and had no knowledge of HTTP client semantics.
There could also be consideration for having a separate "follow HTTP redirects" configurable attribute to handle the other use case, if there is a valid use for that.
How much impact is this issue causing?
Medium
Additional Information
References:
Code of Conduct
The text was updated successfully, but these errors were encountered: