terraform-provider-fortios icon indicating copy to clipboard operation
terraform-provider-fortios copied to clipboard

Published 20 hours ago verified publisher icon fortinetdev

fortios_vpncertificate_local: certificate attribute needs to be updated

Open jalmeroth opened this issue 2 years ago • 3 comments

Hi there 👋,

I am trying to import a certificate like this:

resource "fortios_vpncertificate_local" "letsencrypt" {
  name        = "letsencrypt"
  private_key = acme_certificate.certificate.private_key_pem
  certificate = "${acme_certificate.certificate.certificate_pem}${acme_certificate.certificate.issuer_pem}"
  range       = "global"
}

The import succeeds and the certificate is available. Unfortunately, terraform wants to update the certificate attribute on every subsequent run. A terraform state show fortios_vpncertificate_local.letsencrypt confirms the certificate value is empty after creation/update.

Versions

Terraform

Terraform v1.1.9 on darwin_amd64

  • provider registry.terraform.io/fortinetdev/fortios v1.14.1
  • provider registry.terraform.io/hashicorp/tls v3.3.0
  • provider registry.terraform.io/vancluever/acme v2.8.0

FortiOS

FortiOS v7.0.5 build0304 (GA)

jalmeroth avatar Apr 29 '22 08:04 jalmeroth

Hi @jalmeroth,

Thank you for raising this issue. Team are working on this issue. We will fix it in the next release, and will get back to you once it's resolved. But Terraform import will not get the content of private_key and certificate, since the REST API for this resource could not get the contents of these two arguments.

Thanks, Xing

lix-fortinet avatar May 04 '22 21:05 lix-fortinet

TWIMC: Meanwhile we are using the following as a workaround now:

resource "fortios_json_generic_api" "vpn_certificate_prod" {
  path   = "/api/v2/monitor/vpn-certificate/local/import"
  method = "POST"
  json = jsonencode({
    certname         = "letsencrypt-prod-${random_id.acme_certificate.hex}"
    file_content     = base64encode("${acme_certificate.prod.certificate_pem}${acme_certificate.prod.issuer_pem}")
    key_file_content = base64encode(acme_certificate.prod.private_key_pem)
    scope            = "global"
    type             = "regular"
  })
}

jalmeroth avatar May 25 '22 14:05 jalmeroth

Hi @jalmeroth,

This issue has been fixed in the latest release of FortiOS Terraform provider v1.15.0. Please switch to the latest version of FortiOS Terraform provider and try it again.

Please let me know if you have any questions.

Thanks, Xing

lix-fortinet avatar Aug 09 '22 16:08 lix-fortinet

Hi @jalmeroth,

We will close this issue since it has been fixed. Feel free to open a new issue if you have any other questions.

Thanks, Xing

lix-fortinet avatar Oct 10 '22 20:10 lix-fortinet