vscode-dev-containers
vscode-dev-containers copied to clipboard
microsoft
Error x509: certificate signed by unknown authority - Azure key Vault with Terraform
- VSCode Version: 1.72.2
- Local OS Version: 10.0.19044 N/A compilação 19044
- Local chip architecture: <x86, arm64, Apple Silicon> x64-based
- Reproduces in: <Codespaces | Remote - Containers | Both> Remote - Containers
- Name of Dev Container Definition with Issue: Dev Container: Azure Terraform (COMMINITY)
Steps to Reproduce:
-
Create folder for Dev Container
-
Created simple main.tf and opened in VS code
-
Configuring main.tf file for execution
provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = true
}
}
subscription_id = "000000-000000-000000-000000-000000000"
tenant_id = "000000-000000-000000-000000-000000000"
client_id = "000000-000000-000000-000000-000000000"
client_secret = "000000-000000-000000-000000-000000000"
}
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "random_string" "random" {
length = 4
special = false
numeric = false
}
resource "azurerm_key_vault" "example" {
name = lower(join("", ["keyvault", random_string.random.result]))
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"Get",
]
secret_permissions = [
"Get",
]
storage_permissions = [
"Get",
]
}
}
- Creating dev container
- Select features to install
| Modules | Version |
|---|---|
| Azure CLI | latest |
| Git | latest |
| Python | latest |
| Terraform | latest |
- Select Reopen in Container
-
Dev Container Created successfully
-
Terraform init
-
Terraform Plan
-
Terraform Apply
Error x509: certificate signed by unknown authority
- Error: waiting for Vault: (Name "xxxx" / Resource Group "xxxx") to become available: connecting to "https://xxxxxx.vault.azure.net/": Get "https://xxxxxx.vault.azure.net/": x509: certificate signed by unknown authority
Azure
- Resource group was successfully created
- Azure Key Vault was even created, but did not assign any policies
Other tests done
- Tested successfully on my local machine
- Successfully tested on ubuntu 20.04.3 LTS server
- Tested on another dev container ubuntu same Error
- Tested on hashicorp/terraform container image same error
- Tested successfully in Azure pipeline
- Tested successfully in Git Hub Actions
Considerations
Everything leads me to think that something is missing inside the container but I could not identify it.
Link from some forums, but no solution found :
-
https://social.msdn.microsoft.com/Forums/azure/en-US/c144f70d-d589-4b0c-b97d-a94b2c92b229/error-creating-key-vault-x509-certificate-signed-by-unknown-authority?forum=AzureKeyVault
-
https://stackoverflow.com/questions/71838183/terraform-x509-certificate-signed-by-unknown-authority
-
https://support.hashicorp.com/hc/en-us/articles/360046090994-Terraform-runs-failing-with-x509-certificate-signed-by-unknown-authority-error
-
https://ubuntu.com/server/docs/security-trust-store
