terraform-provider-tls icon indicating copy to clipboard operation
terraform-provider-tls copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Add Importer for tls_private_key

Open Miouge1 opened this issue 4 years ago • 6 comments

Add Importer for tls_private_key.

I have tested it with the following Terraform file:

resource "tls_private_key" "rsa" {
  algorithm = "RSA"
}

resource "tls_private_key" "ecdsa" {
  algorithm = "ECDSA"
}

resource "tls_self_signed_cert" "rsa" {
  key_algorithm   = tls_private_key.rsa.algorithm
  private_key_pem = tls_private_key.rsa.private_key_pem
  validity_period_hours = 12
  allowed_uses = []
  subject {
      common_name  = "example.com"
  }
}

resource "tls_self_signed_cert" "ecdsa" {
  key_algorithm   = tls_private_key.ecdsa.algorithm
  private_key_pem = tls_private_key.ecdsa.private_key_pem
  validity_period_hours = 12
  allowed_uses = []
  subject {
      common_name  = "example.com"
  }
}

$ terraform plan
[...]
Plan: 4 to add, 0 to change, 0 to destroy.
[...]
$ terraform import tls_private_key.rsa rsa.key
tls_private_key.rsa: Importing from ID "rsa.key"...
tls_private_key.rsa: Import prepared!
  Prepared tls_private_key for import
tls_private_key.rsa: Refreshing state... [id=4c4dc28e87f9674022a0443506e6621f1ce0d3a2]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
$ import tls_private_key.ecdsa secp224r1.pem
tls_private_key.ecdsa: Importing from ID "secp224r1.pem"...
tls_private_key.ecdsa: Import prepared!
  Prepared tls_private_key for import
tls_private_key.ecdsa: Refreshing state... [id=2875f8a9af6e56b5d5c8dde67241afc1112aa355]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
$ terraform plan
[...]
Plan: 2 to add, 0 to change, 0 to destroy.
[...]
$ terraform apply
[...]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Resolves !44

Miouge1 avatar Sep 29 '21 13:09 Miouge1

CLA assistant check
All committers have signed the CLA.

hashicorp-cla avatar Sep 29 '21 13:09 hashicorp-cla

Can anyone review this please? This is a very important feature solves #44 which many users are struggling with.

fcrespofastly avatar Jun 14 '22 16:06 fcrespofastly

Thank you for this PR @Miouge1!

This fixes #44, and looks like a solid approach.

We really need this and were thinking of doing a similar PR ourselves, but if this is already in place what's the chance this gets reviewed and pulled in?

dkulchinsky avatar Jun 14 '22 16:06 dkulchinsky

I ran into needing to do this on a set of private keys today. Unfortunately the codebase has moved since this PR was written and it no longer functions as is. I was able to get it working and will try to open a new PR with the updated changes.

dekimsey avatar Jul 06 '22 20:07 dekimsey

We found a workaround by directly adding our private key in the state :

  • We first created the tls_private_key ressource in the terraform state by doing terraform apply. A private key is generated but we don't care about that one. We just need that the tls_private_key ressource exists in the terraform state
  • We pulled the state locally with terraform state pull > tmp.tfstate
  • We modified the fields of the tls_private_key ressource directly in the json and increased the serial of the state
  • We pushed the modified state containing our private key in it with terraform state push tmp.tfstate

A bit hacky but it worked in our case. Nevertheless with the import, it would have been so much easier ! So would be nice to have this feature soon.

aletournel avatar Oct 25 '22 17:10 aletournel

Any update on this? Seems to be quite a long time open for a helpful feature. @Miouge1 could you bring it up to date with mainline?

jwaldrip avatar Mar 06 '23 22:03 jwaldrip