jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-03-06 06:37:58 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
fd498fbfff150bde5ca2b951d98aaa23cbd2ab10
opentf/website/source/docs/providers/tls/r/cert_request.html.md
Martin Atkins 804d714ff6 Restore tls_cert_request to being a managed resource 
In c244e5a6 this resource was converted to a data source, but that was
a mistake since data sources are expected to produce stable results on
each run, and yet certificate requests contain a random nonce as part of
the signature.

Additionally, using the data source as a managed resource through the
provided compatibility shim was not actually working, since "Read" was
trying to parse the private key out of a SHA1 hash of the key, which is
what we place in state due to the StateFunc on that attribute.

By restoring this we restore Terraform's ability to produce all of the
parts of a basic PKI/CA, which is useful for creating dev environments
and bootstrapping PKI for production environments.
2016-09-24 12:22:07 -07:00

2.6 KiB
Raw Blame History

layout, page_title, sidebar_current, description
layout page_title sidebar_current description
tls TLS: tls_cert_request docs-tls-data-source-cert-request Creates a PEM-encoded certificate request.

tls_cert_request

Generates a Certificate Signing Request (CSR) in PEM format, which is the typical format used to request a certificate from a certificate authority.

This resource is intended to be used in conjunction with a Terraform provider for a particular certificate authority in order to provision a new certificate. This is a logical resource, so it contributes only to the current Terraform state and does not create any external managed resources.

~> Compatibility Note From Terraform 0.7.0 to 0.7.4 this resource was converted to a data source, and the resource form of it was deprecated. This turned out to be a design error since a cert request includes a random number in the form of the signature nonce, and so the data source form of this resource caused non-convergent configuration. The data source form is no longer supported as of Terraform 0.7.5 and any users should return to using the resource form.

Example Usage

resource "tls_cert_request" "example" {
    key_algorithm = "ECDSA"
    private_key_pem = "${file(\"private_key.pem\")}"

    subject {
        common_name = "example.com"
        organization = "ACME Examples, Inc"
    }
}

Argument Reference

The following arguments are supported:

  • key_algorithm - (Required) The name of the algorithm for the key provided in private_key_pem.

  • private_key_pem - (Required) PEM-encoded private key data. This can be read from a separate file using the file interpolation function. Only an irreversable secure hash of the private key will be stored in the Terraform state.

  • subject - (Required) The subject for which a certificate is being requested. This is a nested configuration block whose structure is described below.

  • dns_names - (Optional) List of DNS names for which a certificate is being requested.

  • ip_addresses - (Optional) List of IP addresses for which a certificate is being requested.

The nested subject block accepts the following arguments, all optional, with their meaning corresponding to the similarly-named attributes defined in RFC5290:

  • common_name (string)

  • organization (string)

  • organizational_unit (string)

  • street_address (list of strings)

  • locality (string)

  • province (string)

  • country (string)

  • postal_code (string)

  • serial_number (string)

Attributes Reference

The following attributes are exported:

  • cert_request_pem - The certificate request data in PEM format.
Reference in New Issue View Git Blame Copy Permalink