You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When a certificate chain is used, changes are always detected on a proxmox_virtual_environment_certificate resource when running terraform plan, and then gets updated on each terraform apply, even when the certificate chain was previously successfully installed on the node.
This happens probably because the Proxmox API endpoint (/nodes/{node}/certificates/info) only returns the first certificate found in /etc/pve/nodes/{node}/pveproxy-ssl.pem, not the whole file/chain content.
A workaround would be to use the SSH client to get the actual chain content.
To Reproduce
Steps to reproduce the behavior:
Create a proxmox_virtual_environment_certificate resource with a certificate chain
Run terraform apply again, the certificate gets re-installed on the node
proxmox_virtual_environment_certificate.pve: Refreshing state... [id=pve_certificate]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# proxmox_virtual_environment_certificate.pve will be updated in-place~ resource "proxmox_virtual_environment_certificate""pve" {
+ certificate_chain = <<-EOT -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- EOT id = "pve_certificate" # (13 unchanged attributes hidden) }Plan: 0 to add, 1 to change, 0 to destroy.proxmox_virtual_environment_certificate.pve: Modifying... [id=pve_certificate]proxmox_virtual_environment_certificate.pve: Modifications complete after 1s [id=pve_certificate]Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Expected behavior
Running terraform plan should not detect any changes, and terraform apply should not reinstall the certificate.
Additional context
Tested with Terraform 1.5 and provider 0.48.2 on a single node setup running Proxmox 8.1.4
The text was updated successfully, but these errors were encountered:
This causes it to not show as changed on subsequent plans/applies, however, if the chain changed and the certificate didn't (for some reason, which could even include adding a missing intermediate CA), it wouldn't trigger an update.
Describe the bug
When a certificate chain is used, changes are always detected on a proxmox_virtual_environment_certificate resource when running terraform plan, and then gets updated on each terraform apply, even when the certificate chain was previously successfully installed on the node.
This happens probably because the Proxmox API endpoint (/nodes/{node}/certificates/info) only returns the first certificate found in /etc/pve/nodes/{node}/pveproxy-ssl.pem, not the whole file/chain content.
A workaround would be to use the SSH client to get the actual chain content.
To Reproduce
Steps to reproduce the behavior:
Run terraform apply to initially install the certificate
Confirm that the pveproxy-ssl.pem file installed on the node contains the whole chain
Expected behavior
Running terraform plan should not detect any changes, and terraform apply should not reinstall the certificate.
Additional context
Tested with Terraform 1.5 and provider 0.48.2 on a single node setup running Proxmox 8.1.4
The text was updated successfully, but these errors were encountered: