Skip to content

Panic in vault_pki_secret_backend_root_sign_intermediate for ca_chain #1357

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#1358
Closed
Panic in vault_pki_secret_backend_root_sign_intermediate for ca_chain#1357
#1358
Assignees
benashz
Labels
regression
Milestone
 
3.3.1
@lukasz-bielinski

Description

@lukasz-bielinski
lukasz-bielinski
opened on Feb 24, 2022

Terraform Version

Terraform v1.1.6
on linux_amd64

  • provider registry.terraform.io/hashicorp/vault v3.3.0

Affected Resource(s)

vault_pki_secret_backend_root_sign_intermediate

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

Code which I am using is from https://learn.hashicorp.com/tutorials/vault/pki-engine-external-ca

affected part below

resource "vault_mount" "test_org_v1_ica2_v1" {
 path                      = "test-org/v1/ica2/v1"
 type                      = "pki"
 description               = "PKI engine hosting intermediate CA2 v1 for test org"
 default_lease_ttl_seconds = local.default_1hr_in_sec
 max_lease_ttl_seconds     = local.default_1y_in_sec
}

resource "vault_pki_secret_backend_intermediate_cert_request" "test_org_v1_ica2_v1" {
 depends_on   = [vault_mount.test_org_v1_ica2_v1]
 backend      = vault_mount.test_org_v1_ica2_v1.path
 type         = "internal"
 common_name  = "Intermediate CA2 v1 "
 key_type     = "rsa"
 key_bits     = "2048"
 ou           = "test org"
 organization = "test"
 country      = "US"
 locality     = "Bethesda"
 province     = "MD"
}

resource "vault_pki_secret_backend_root_sign_intermediate" "test_org_v1_sign_ica2_v1_by_ica1_v1" {
 depends_on = [
  vault_mount.test_org_v1_ica1_v1,
  vault_pki_secret_backend_intermediate_cert_request.test_org_v1_ica2_v1,
 ]
 backend              = vault_mount.test_org_v1_ica1_v1.path
 csr                  = vault_pki_secret_backend_intermediate_cert_request.test_org_v1_ica2_v1.csr
 common_name          = "Intermediate CA2 v1.1"
 exclude_cn_from_sans = true
 ou                   = "test org"
 organization         = "test"
 country              = "US"
 locality             = "Bethesda"
 province             = "MD"
 max_path_length      = "1"
 ttl                  = local.default_1y_in_sec
}

resource "vault_pki_secret_backend_intermediate_set_signed" "test_org_v1_ica2_v1_signed_cert" {
 depends_on  = [vault_pki_secret_backend_root_sign_intermediate.test_org_v1_sign_ica2_v1_by_ica1_v1]
 backend     = vault_mount.test_org_v1_ica2_v1.path
 certificate = format("%s\n%s", vault_pki_secret_backend_root_sign_intermediate.test_org_v1_sign_ica2_v1_by_ica1_v1.certificate, file("../${path.module}/cacerts/test_org_v1_ica1_v1.crt"))
}

Debug Output

https://gist.github.com/lukasz-bielinski/6b51fd30f913778518026f514f42cbb4

Panic Output

https://gist.github.com/lukasz-bielinski/f27241de6bafd4243fa2d8287988fe6d

Expected Behavior

resource vault_pki_secret_backend_root_sign_intermediate should be created

Actual Behavior

panic error in terraform-provider-vault_v3.3.0_x4 plugin:

Steps to Reproduce

execute steps from https://learn.hashicorp.com/tutorials/vault/pki-engine-external-ca

Important Factoids

none

References

https://learn.hashicorp.com/tutorials/vault/pki-engine-external-ca

Metadata

Assignees

Labels

regression

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions