Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: aws_sns_platform_application cannot specify p12 certificate #40803

Open
sdahlbac opened this issue Jan 7, 2025 · 2 comments
Open

[Bug]: aws_sns_platform_application cannot specify p12 certificate #40803

sdahlbac opened this issue Jan 7, 2025 · 2 comments
Labels
bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. service/sns Issues and PRs that pertain to the sns service.

Comments

@sdahlbac
Copy link

sdahlbac commented Jan 7, 2025
edited
Loading

Terraform Core Version

OpenTofu v1.8.7

AWS Provider Version

v5.81.0

Affected Resource(s)

  • aws_sns_platform_application APNS

The platform_principal needs to be the contents of a p12 file for APNS. Since that is a binary file and terraform expects all strings to be utf-8 (see e.g. https://developer.hashicorp.com/terraform/language/functions/base64decode), we have a bit of a problem.

I guess one option would be to add a mutually exclusive platform_principal_base64 that would eat bas64 encoded data instead.

Expected Behavior

resource "aws_sns_platform_application" "apns_application" {
  name                = "APNS-01"
  platform            = "APNS"
  platform_credential = data.onepassword_item.sns_apns_cert_key.password
  platform_principal  = base64decode(data.onepassword_item.sns_apns_cert.file[0].content_base64)
}

Should apply correctly.

Actual Behavior

│ Call to function "base64decode" failed: the result of decoding the provided string is not valid UTF-8.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_sns_platform_application" "apns_application" {
  name                = "APNS-01"
  platform            = "APNS"
  platform_credential = data.onepassword_item.sns_apns_cert_key.password
  platform_principal  = base64decode(data.onepassword_item.sns_apns_cert.file[0].content_base64)
}

Steps to Reproduce

tofu apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

I might be able to implement the suggested fix
@sdahlbac sdahlbac added the bug Addresses a defect in current functionality. label Jan 7, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 7, 2025

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/sns Issues and PRs that pertain to the sns service. needs-triage Waiting for first response or review from a maintainer. labels Jan 7, 2025
@sdahlbac
Copy link
Author

sdahlbac commented Jan 7, 2025

Actually it turns out that it is possible to use pems if both the platform_credential and the platform_principal are specified as pems

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. service/sns Issues and PRs that pertain to the sns service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sdahlbac