When using PFX certificate is requiring explict filename extention

[COREProgrammers]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

╰─$ terraform -v
Terraform v0.12.28

• provider.azurerm v2.24.0

Your version of Terraform is out of date! The latest version
is 0.13.0. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

provider authentication to Azure

Terraform Configuration Files

provider "azurerm" {
  # whilst the `version` attribute is optional, we recommend pinning to a given version of the Provider
  version                     = "~> 2.24.0"
  environment                 = "public"
  subscription_id             = var.azure_subscription_id
  tenant_id                   = var.azure_tenant_id
  client_id                   = var.azure_client_id
  client_certificate_path     = var.azure_client_certificate_path
  client_certificate_password = var.azure_client_certificate_password

  features {
    virtual_machine {
      delete_os_disk_on_deletion = var.azure_delete_os_disk_on_termination
    }
  }
}

Debug Output

When using certificate based authentication with a security principal and a valid certificate it complains about the file extention on the certificate:

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


Error: Error building AzureRM Client: 1 error occurred:
	* The Client Certificate Path is not a *.pfx file: "****"



  on provider-azure.tf line 1, in provider "azurerm":
   1: provider "azurerm" {



Error: Error building AzureRM Client: 1 error occurred:
	* The Client Certificate Path is not a *.pfx file: "****"



  on provider-azure.tf line 21, in provider "azurerm":
  21: provider "azurerm" {

The issue is that Jenkins plugin Azure credentials and the correspoinding Ceritificate code from Credentials plugins do not name the files as pfx files.

Since it is really a valid certificate the authentication work instead of having the plugin complain about the certificate not being a pfx file.

Panic Output

n/a

Expected Behavior

Authentication should have been successful.

Actual Behavior

Authentication failed with the error:
Error: Error building AzureRM Client: 1 error occurred:
* The Client Certificate Path is not a .pfx file: "***"

Steps to Reproduce

1. terraform plan

Important Factoids

Azure public instance authentication using azure security principal and certificate

References

n/a

• #0000

[bnfbiz]

please close this ticket and reopen 25997 I used the wrong account when I created it.

[magodo]

@bnfbiz (@COREProgrammers) Thank you for submitting this! Let's keep this issue to track the problem as you can simply subscribe this using your prefered account.

I have submit a PR hashicorp/go-azure-helpers#64 which will not necessarily require the file extension to be .pfx. While a heads up here is that is a change in a dependency of this provider, so once that is merged, we will need another PR to upgrade the dependency.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!