Unable to query published provider info and local terraform init got error

[liuke0712]

Hi Team,

I am using this open source project to experiment the publish of both public and private providers.

I started a local minio storage and uploaded azurerm provider files manually under the path terraform-registry-test/providers/hashicorp/azurerm (terraform-registry-test is the bucket name)

It is running at localhost:9000.

Afterward, I start the server with

`66859644@C02D94YHML85 boring-registry % boring-registry server \

--storage-s3-bucket=terraform-registry-test \

--storage-s3-pathstyle=true \

--storage-s3-endpoint=http://localhost:9000 \

--debug

caller=root.go:62 timestamp=2022-10-17T15:29:18.986407Z level=debug hostname=C02D94YHML85 msg="debug mode enabled"

caller=server.go:162 timestamp=2022-10-17T15:29:18.997946Z level=info hostname=C02D94YHML85 listen=:7801 msg="starting telemetry server"

caller=server.go:140 timestamp=2022-10-17T15:29:18.997985Z level=info hostname=C02D94YHML85 listen=:5601 msg="starting server"`

Does it mean the server has already started? and how I can query the provider info using the server API?

I created a main.tf with provider info:

`terraform {

required_providers {

azurerm = {

  source = "localhost:5601/hashicorp/azurerm"

  version = "3.24.0"

}

}

}`

but the terraform init gave error:

`266859644@C02D94YHML85 test % terraform init

Initializing the backend...

Initializing provider plugins...

• Finding localhost:5601/hashicorp/azurerm versions matching "3.24.0"...

╷

│ Error: Failed to query available provider packages

│

│ Could not retrieve the list of available versions for provider localhost:5601/hashicorp/azurerm: could not connect to localhost:5601: Failed to request discovery document: Get

│ "https://localhost:5601/.well-known/terraform.json": http: server gave HTTP response to HTTPS client`

Could you kindly guide what I may miss?

Thanks

[oliviermichaelis]

Hi @liuke0712! :)

Does it mean the server has already started?

Yes. This is also indicated by the http: server gave HTTP response to HTTPS client you posted

and how I can query the provider info using the server API?

You can check that yourself by using command line tools like curl to query boring-registry:

curl http://localhost:5601/v1/providers/hashicorp/azurerm/versions

Disclaimer: I didn't test the above command

Regarding the following error

Could not retrieve the list of available versions for provider localhost:5601/hashicorp/azurerm:
could not connect to localhost:5601:
Failed to request discovery document:
Get "https://localhost:5601/.well-known/terraform.json":
http: server gave HTTP response to HTTPS client

Your Terraform CLI tries to to connect to localhost:5601 with HTTPS (see https://localhost:5601/.well-known/terraform.json from above), but the server gave HTTP response to HTTPS client. As far as I know, Terraform requires HTTPS. RIght now I see two options:

1. pass a valid TLS certificate to the boring-registry command with --tls-cert-file=self-signed.crt --tls-key-file=self-signed.key for example
2. service the boring-registry API behind a reverse-proxy which has a valid certificate

Someone else had a similar problem to yours here: #73. I hope that helps!

Just out of curiosity, why do you want to serve the azurerm provider from hashicorp with the boring-registry, instead of using the hashicorp registry directly? :)

[liuke0712]

Hi Oliver,

Much appreciated for your guide.

I generated a self-signed cert and key by

openssl req -x509 -nodes -sha256 -newkey rsa:2048 \

-keyout localhost.key -out localhost.crt \

-days 3650 \

-subj "/CN=localhost"

after adding

basicConstraints = critical,CA:true

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid:always,issuer

subjectAltName = DNS:localhost

to /etc/ssl/openssl.cnf

but seems the certification is not compliant/accepted by terraform

266859644@C02D94YHML85 test % terraform init

 

Initializing the backend...

 

Initializing provider plugins...

- Finding localhost:5601/hashicorp/azurerm versions matching "3.24.0"...

╷

│ Error: Failed to query available provider packages

│

│ Could not retrieve the list of available versions for provider

│ localhost:5601/hashicorp/azurerm: could not connect to localhost:5601:

│ Failed to request discovery document: Get

│ "https://localhost:5601/.well-known/terraform.json": x509: “localhost”

│ the certificate is not standards compliant

Wondering if is there any requirement for the generation of the TLS cert?

Related to your question, because our current tfe server cannot access the internet based on security considerations, we are using bundle for now, but intend to switch to a private provider solution. however, the private provider does not support provider invokes from a different organization. That is why we're looking for alternatives.

Thanks!

[oliviermichaelis]

Wondering if is there any requirement for the generation of the TLS cert?

You need to check how the Terraform CLI works internally, I do now know that. With the script I posted in #73 , I was able to run it locally. I really can't help you here, sorry :/ Have you tried the bash script?

Related to your question, because our current tfe server cannot access the internet based on security considerations, we are using bundle for now, but intend to switch to a private provider solution. however, the private provider does not support provider invokes from a different organization. That is why we're looking for alternatives.

Interesting, thanks :)

[oliviermichaelis]

You could maybe use some other tools to check why your certificate is not complying with the standards

[oliviermichaelis]

Closing this issue due to inactivity and as it's more of a general question. Feel free to re-open it anytime!