Support providing a client certificate when connection to Rundeck
diogokiss opened this issue · 1 comments
diogokiss commented
Currently, the Terraform Rundeck provider connects to Rundeck via a url parameter. This parameter supports HTTP and HTTPS. However, if the Rundeck server is behind a reverse proxy that requires client certificate authentication, it doesn't work.
It would be nice if the provider could support that. The code to configure the provider would be something like:
provider "rundeck" {
auth_token = "${var.rundeck_auth_token}"
url = "https://rundeck.fake.url.com"
client_cert = "/path/to/my/client.crt"
client_key = "/path/to/my/client.key"
ca = "/path/to/my/ca.crt"
}
Terraform Version
$ terraform version
Terraform v0.11.14
Your version of Terraform is out of date! The latest version
is 0.12.6. You can update by downloading from www.terraform.io/downloads.html
Affected Resource(s)
- provider (rundeck)
Terraform Configuration Files
provider "rundeck" {
auth_token = "secret"
url = "https://rundeck.eu-west-1.stag.ts.sv"
}
locals {
environment = "staging"
project_name = "my-project"
region = "eu-west-1"
}
resource "rundeck_project" "project" {
name = "my-project"
description = "Rundeck for the ${local.environment} environment"
resource_model_source {
type = "local"
config = {
format = "resourcexml"
# This path is interpreted on the Rundeck server.
file = "/var/lib/rundeck/projects/${local.project_name}/etc/resources.xml"
}
}
resource_model_source {
type = "aws-ec2"
config = {
mappingParams = "sshport.default=22;sshport.selector=tags/rundeck_ssh_port;tags.default=;attributes.selector=tags/*;username.default=rundeck;username.selector=tags/rundeck_user;nodename.selector=instanceId;hostname.selector=privateIpAddress;description.selector=tags/Name;subnet.selector=subnetId"
endpoint = "ec2.${local.region}.amazonaws.com"
runningOnly = true
httpProxyPort = 80
filter = "tag:Environment=${local.environment}"
refreshInterval = 30
useDefaultMapping = true
synchronousLoad = false
}
}
}Expected Behavior
What should have happened?
It should be able to connect to an HTTPS endpoint that requires client certificate authentication by providing a client certificate, its associated private key, and the CA certificate.
Actual Behavior
What actually happened?
It throws a TLS error when trying to connect to an HTTPS endpoint that requires client certificate authentication.
Steps to Reproduce
- Run
terraform initagainst the aforementioned code. - Run
terraform planagainst the aforementioned code.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ rundeck_project.project
id: <computed>
default_node_executor_plugin: "jsch-ssh"
default_node_file_copier_plugin: "jsch-scp"
description: "Rundeck for the env environment"
name: "my-project"
resource_model_source.#: "2"
resource_model_source.0.config.%: "2"
resource_model_source.0.config.file: "/var/lib/rundeck/projects/my-project/etc/resources.xml"
resource_model_source.0.config.format: "resourcexml"
resource_model_source.0.type: "local"
resource_model_source.1.config.%: "8"
resource_model_source.1.config.endpoint: "ec2.eu-west-1.amazonaws.com"
resource_model_source.1.config.filter: "tag:Environment=env"
resource_model_source.1.config.httpProxyPort: "80"
resource_model_source.1.config.mappingParams: "sshport.default=22;sshport.selector=tags/rundeck_ssh_port;tags.default=;attributes.selector=tags/*;username.default=rundeck;username.selector=tags/rundeck_user;nodename.selector=instanceId;hostname.selector=privateIpAddress;description.selector=tags/Name;subnet.selector=subnetId"
resource_model_source.1.config.refreshInterval: "30"
resource_model_source.1.config.runningOnly: "1"
resource_model_source.1.config.synchronousLoad: "0"
resource_model_source.1.config.useDefaultMapping: "1"
resource_model_source.1.type: "aws-ec2"
ssh_authentication_type: "privateKey"
ui_url: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
- Run
terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ rundeck_project.project
id: <computed>
default_node_executor_plugin: "jsch-ssh"
default_node_file_copier_plugin: "jsch-scp"
description: "Rundeck for the staging environment"
name: "my-project"
resource_model_source.#: "2"
resource_model_source.0.config.%: "2"
resource_model_source.0.config.file: "/var/lib/rundeck/projects/my-project/etc/resources.xml"
resource_model_source.0.config.format: "resourcexml"
resource_model_source.0.type: "local"
resource_model_source.1.config.%: "8"
resource_model_source.1.config.endpoint: "ec2.eu-west-1.amazonaws.com"
resource_model_source.1.config.filter: "tag:Environment=staging"
resource_model_source.1.config.httpProxyPort: "80"
resource_model_source.1.config.mappingParams: "sshport.default=22;sshport.selector=tags/rundeck_ssh_port;tags.default=;attributes.selector=tags/*;username.default=rundeck;username.selector=tags/rundeck_user;nodename.selector=instanceId;hostname.selector=privateIpAddress;description.selector=tags/Name;subnet.selector=subnetId"
resource_model_source.1.config.refreshInterval: "30"
resource_model_source.1.config.runningOnly: "1"
resource_model_source.1.config.synchronousLoad: "0"
resource_model_source.1.config.useDefaultMapping: "1"
resource_model_source.1.type: "aws-ec2"
ssh_authentication_type: "privateKey"
ui_url: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
rundeck_project.project: Creating...
default_node_executor_plugin: "" => "jsch-ssh"
default_node_file_copier_plugin: "" => "jsch-scp"
description: "" => "Rundeck for the staging environment"
name: "" => "my-project"
resource_model_source.#: "" => "2"
resource_model_source.0.config.%: "" => "2"
resource_model_source.0.config.file: "" => "/var/lib/rundeck/projects/my-project/etc/resources.xml"
resource_model_source.0.config.format: "" => "resourcexml"
resource_model_source.0.type: "" => "local"
resource_model_source.1.config.%: "" => "8"
resource_model_source.1.config.endpoint: "" => "ec2.eu-west-1.amazonaws.com"
resource_model_source.1.config.filter: "" => "tag:Environment=staging"
resource_model_source.1.config.httpProxyPort: "" => "80"
resource_model_source.1.config.mappingParams: "" => "sshport.default=22;sshport.selector=tags/rundeck_ssh_port;tags.default=;attributes.selector=tags/*;username.default=rundeck;username.selector=tags/rundeck_user;nodename.selector=instanceId;hostname.selector=privateIpAddress;description.selector=tags/Name;subnet.selector=subnetId"
resource_model_source.1.config.refreshInterval: "" => "30"
resource_model_source.1.config.runningOnly: "" => "1"
resource_model_source.1.config.synchronousLoad: "" => "0"
resource_model_source.1.config.useDefaultMapping: "" => "1"
resource_model_source.1.type: "" => "aws-ec2"
ssh_authentication_type: "" => "privateKey"
ui_url: "" => "<computed>"
Error: Error applying plan:
1 error occurred:
* rundeck_project.project: 1 error occurred:
* rundeck_project.project: rundeck.BaseClient#ProjectCreate: Failure sending request: StatusCode=0 -- Original Error: Post https://rundeck.eu-west-1.stag.ts.sv/api/14/projects: remote error: tls: handshake failure
References
None
fdevans commented
Please try to recreate this issue on the current Terraform and provider version. If it's still an need we are happy to review community PRs.