Support providing a client certificate when connection to Rundeck
diogokiss opened this issue · 1 comments
Currently, the Terraform Rundeck provider connects to Rundeck via a url
parameter. This parameter supports HTTP and HTTPS. However, if the Rundeck server is behind a reverse proxy that requires client certificate authentication, it doesn't work.
It would be nice if the provider could support that. The code to configure the provider would be something like:
provider "rundeck" {
auth_token = "${var.rundeck_auth_token}"
url = "https://rundeck.fake.url.com"
client_cert = "/path/to/my/client.crt"
client_key = "/path/to/my/client.key"
ca = "/path/to/my/ca.crt"
}
Terraform Version
$ terraform version
Terraform v0.11.14
Your version of Terraform is out of date! The latest version
is 0.12.6. You can update by downloading from www.terraform.io/downloads.html
Affected Resource(s)
- provider (rundeck)
Terraform Configuration Files
provider "rundeck" {
auth_token = "secret"
url = "https://rundeck.eu-west-1.stag.ts.sv"
}
locals {
environment = "staging"
project_name = "my-project"
region = "eu-west-1"
}
resource "rundeck_project" "project" {
name = "my-project"
description = "Rundeck for the ${local.environment} environment"
resource_model_source {
type = "local"
config = {
format = "resourcexml"
# This path is interpreted on the Rundeck server.
file = "/var/lib/rundeck/projects/${local.project_name}/etc/resources.xml"
}
}
resource_model_source {
type = "aws-ec2"
config = {
mappingParams = "sshport.default=22;sshport.selector=tags/rundeck_ssh_port;tags.default=;attributes.selector=tags/*;username.default=rundeck;username.selector=tags/rundeck_user;nodename.selector=instanceId;hostname.selector=privateIpAddress;description.selector=tags/Name;subnet.selector=subnetId"
endpoint = "ec2.${local.region}.amazonaws.com"
runningOnly = true
httpProxyPort = 80
filter = "tag:Environment=${local.environment}"
refreshInterval = 30
useDefaultMapping = true
synchronousLoad = false
}
}
}
Expected Behavior
What should have happened?
It should be able to connect to an HTTPS endpoint that requires client certificate authentication by providing a client certificate, its associated private key, and the CA certificate.
Actual Behavior
What actually happened?
It throws a TLS error when trying to connect to an HTTPS endpoint that requires client certificate authentication.
Steps to Reproduce
- Run
terraform init
against the aforementioned code. - Run
terraform plan
against the aforementioned code.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ rundeck_project.project
id: <computed>
default_node_executor_plugin: "jsch-ssh"
default_node_file_copier_plugin: "jsch-scp"
description: "Rundeck for the env environment"
name: "my-project"
resource_model_source.#: "2"
resource_model_source.0.config.%: "2"
resource_model_source.0.config.file: "/var/lib/rundeck/projects/my-project/etc/resources.xml"
resource_model_source.0.config.format: "resourcexml"
resource_model_source.0.type: "local"
resource_model_source.1.config.%: "8"
resource_model_source.1.config.endpoint: "ec2.eu-west-1.amazonaws.com"
resource_model_source.1.config.filter: "tag:Environment=env"
resource_model_source.1.config.httpProxyPort: "80"
resource_model_source.1.config.mappingParams: "sshport.default=22;sshport.selector=tags/rundeck_ssh_port;tags.default=;attributes.selector=tags/*;username.default=rundeck;username.selector=tags/rundeck_user;nodename.selector=instanceId;hostname.selector=privateIpAddress;description.selector=tags/Name;subnet.selector=subnetId"
resource_model_source.1.config.refreshInterval: "30"
resource_model_source.1.config.runningOnly: "1"
resource_model_source.1.config.synchronousLoad: "0"
resource_model_source.1.config.useDefaultMapping: "1"
resource_model_source.1.type: "aws-ec2"
ssh_authentication_type: "privateKey"
ui_url: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
- Run
terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ rundeck_project.project
id: <computed>
default_node_executor_plugin: "jsch-ssh"
default_node_file_copier_plugin: "jsch-scp"
description: "Rundeck for the staging environment"
name: "my-project"
resource_model_source.#: "2"
resource_model_source.0.config.%: "2"
resource_model_source.0.config.file: "/var/lib/rundeck/projects/my-project/etc/resources.xml"
resource_model_source.0.config.format: "resourcexml"
resource_model_source.0.type: "local"
resource_model_source.1.config.%: "8"
resource_model_source.1.config.endpoint: "ec2.eu-west-1.amazonaws.com"
resource_model_source.1.config.filter: "tag:Environment=staging"
resource_model_source.1.config.httpProxyPort: "80"
resource_model_source.1.config.mappingParams: "sshport.default=22;sshport.selector=tags/rundeck_ssh_port;tags.default=;attributes.selector=tags/*;username.default=rundeck;username.selector=tags/rundeck_user;nodename.selector=instanceId;hostname.selector=privateIpAddress;description.selector=tags/Name;subnet.selector=subnetId"
resource_model_source.1.config.refreshInterval: "30"
resource_model_source.1.config.runningOnly: "1"
resource_model_source.1.config.synchronousLoad: "0"
resource_model_source.1.config.useDefaultMapping: "1"
resource_model_source.1.type: "aws-ec2"
ssh_authentication_type: "privateKey"
ui_url: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
rundeck_project.project: Creating...
default_node_executor_plugin: "" => "jsch-ssh"
default_node_file_copier_plugin: "" => "jsch-scp"
description: "" => "Rundeck for the staging environment"
name: "" => "my-project"
resource_model_source.#: "" => "2"
resource_model_source.0.config.%: "" => "2"
resource_model_source.0.config.file: "" => "/var/lib/rundeck/projects/my-project/etc/resources.xml"
resource_model_source.0.config.format: "" => "resourcexml"
resource_model_source.0.type: "" => "local"
resource_model_source.1.config.%: "" => "8"
resource_model_source.1.config.endpoint: "" => "ec2.eu-west-1.amazonaws.com"
resource_model_source.1.config.filter: "" => "tag:Environment=staging"
resource_model_source.1.config.httpProxyPort: "" => "80"
resource_model_source.1.config.mappingParams: "" => "sshport.default=22;sshport.selector=tags/rundeck_ssh_port;tags.default=;attributes.selector=tags/*;username.default=rundeck;username.selector=tags/rundeck_user;nodename.selector=instanceId;hostname.selector=privateIpAddress;description.selector=tags/Name;subnet.selector=subnetId"
resource_model_source.1.config.refreshInterval: "" => "30"
resource_model_source.1.config.runningOnly: "" => "1"
resource_model_source.1.config.synchronousLoad: "" => "0"
resource_model_source.1.config.useDefaultMapping: "" => "1"
resource_model_source.1.type: "" => "aws-ec2"
ssh_authentication_type: "" => "privateKey"
ui_url: "" => "<computed>"
Error: Error applying plan:
1 error occurred:
* rundeck_project.project: 1 error occurred:
* rundeck_project.project: rundeck.BaseClient#ProjectCreate: Failure sending request: StatusCode=0 -- Original Error: Post https://rundeck.eu-west-1.stag.ts.sv/api/14/projects: remote error: tls: handshake failure
References
None
Please try to recreate this issue on the current Terraform and provider version. If it's still an need we are happy to review community PRs.