Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update certificate ready_for_renewal during refresh? #278

Merged
merged 9 commits into from Oct 14, 2022
Merged

Update certificate ready_for_renewal during refresh? #278

merged 9 commits into from Oct 14, 2022

Conversation

bendbennett
Copy link
Contributor

@bendbennett bendbennett commented Sep 23, 2022
edited

Closes: #268

Requires Adding RefreshState test step to be merged, tagged and released so that tests verifying terraform refresh behaviour in isolation can run. Build will fail until the RefreshState test step is available.

@bendbennett
Adding call to modifyStateIfCertificateReadyForRenewal from Read func…
6eebaf9 
… in locally_signed_cert and self_signed_cert resources (#268)
@bendbennett bendbennett marked this pull request as ready for review September 29, 2022 06:24
@bendbennett bendbennett requested a review from a team as a code owner September 29, 2022 06:24
@github-actions github-actions bot added size/M and removed size/S labels Sep 29, 2022
@bendbennett
Adding tests to verify that a refresh-only terraform apply mutates th…
9115ea8 
…e state for ready_for_renewal and maintains the requires replace behaviour for terraform apply (#268)
@bendbennett
Adding plan modifier to set ready_for_renewal true in state if validi…
60601c7 
…ty_period_hours is zero or early_renewal_hours is greater than or equal to validity_period_hours at time of locally or self-signed cert creation (#268)
@github-actions github-actions bot added size/XL and removed size/M labels Oct 5, 2022
bflad
bflad reviewed Oct 5, 2022
View reviewed changes
internal/provider/resource_locally_signed_cert.go Outdated
Comment on lines 274 to 277
res.Diagnostics.AddWarning(
"Certificate is ready for renewal at time of creation",
fmt.Sprintf("Early renewal hours (%d) is greater than or equal to validity period hours (%d)", newState.EarlyRenewalHours.Value, newState.ValidityPeriodHours.Value),
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was there a specific ask for this warning diagnostic? Practitioners may be intentionally setting their configurations so certificates are recreated every run. Otherwise, we will need an opt-out mechanism, since there is nothing like that available in core.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was mentioned by @apparentlymart in slack.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created a followup issue for this, since we should consider whether it should happen now, in the future, or differently by enforcing >= 1 instead of 0: #282 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for creating the follow-up issue. I've removed the warning diagnostics for now.

@bendbennett
Modifying refresh tests to use the option to check expect non-empty p…
5cf8851 
…lan added in hashicorp/terraform-plugin-sdk#1070 (#268)
@bendbennett
Removing warning diagnostics generated when locally signed or self si…
931121f 
…gned certificates are ready for renewal or have a validity period of zero at the time they are created (#268)

Reference: #282
@bflad bflad added the bug label Oct 11, 2022
bflad
bflad approved these changes Oct 11, 2022
View reviewed changes
Copy link
Member

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me once sdk is updated. 👍

@bendbennett bendbennett added this to the v4.0.4 milestone Oct 14, 2022
@bendbennett bendbennett merged commit 180df62 into main Oct 14, 2022
@bendbennett bendbennett deleted the bendbennett/issues-268 branch October 14, 2022 06:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bflad bflad bflad approved these changes

Assignees
No one assigned
Labels
bug dependencies size/XL
Projects
None yet
Milestone
v4.0.4
Development

Successfully merging this pull request may close these issues.

Update certificate ready_for_renewal during refresh?
2 participants
@bendbennett @bflad