Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider Warning Diagnostic for Certificates that Expire Immediately #282

Open
1 task done
bflad opened this issue Oct 10, 2022 · 0 comments
Open
1 task done

Consider Warning Diagnostic for Certificates that Expire Immediately #282

bflad opened this issue Oct 10, 2022 · 0 comments
Labels
enhancement

Comments

@bflad
Copy link
Contributor

bflad commented Oct 10, 2022

Terraform CLI and Provider Versions

v1.x / 4.x

Use Cases or Problem Statement

Practitioners currently have the ability to create certificates via the tls_self_signed_certificate and tls_locally_signed_certificate resources which have a validity period of no time in the future. Recent changes to the validity_period_hours attribute have enabling configuration validation that the value is an integer that is 0 and greater, however the 0 value likely has limited usage in real world configurations. It is unclear if the provider should warn practitioners about the situation so they can avoid it, or if there are enough valid use cases that a 0 value should continue to work without feedback. Practitioners would not be able to avoid the warning diagnostic output since there are no options in CLI flags or the configuration language to disable it.

Proposal

Consider updating the attribute validation of the validity_period_hours attribute on the tls_self_signed_certificate and tls_locally_signed_certificate resources to return a warning diagnostic if its value is known and 0.

How much impact is this issue causing?

Low

Additional Information

This change may be best suited for a future major version release or just consider updating the attribute validation to be 1 or greater for that configuration.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@bflad bflad mentioned this issue Oct 10, 2022
Merged
bendbennett added a commit that referenced this issue Oct 11, 2022
@bendbennett
Removing warning diagnostics generated when locally signed or self si…
931121f 
…gned certificates are ready for renewal or have a validity period of zero at the time they are created (#268)

Reference: #282
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bflad