You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I cannot make certificate injection work either so I tried certificate brokering.
While trying to setup SSH Certificates as a Brokered Credentials Sources with Terraform the following error is triggered :
module.my_project.boundary_host_catalog_static.servers: Refreshing state... [id=hcst_M0SoS1sEC2]
module.my_project.boundary_credential_store_vault.foo: Refreshing state... [id=csvlt_HJ7VFn0jsm]
module.my_project.boundary_host_static.my_project: Refreshing state... [id=hst_e1TNApyv4v]
module.my_project.boundary_host_set_static.my_project: Refreshing state... [id=hsst_ZF5vWrXgBr]
module.my_project.boundary_target.ssh: Refreshing state... [id=ttcp_6L5Cr0OUss]
module.my_project.boundary_credential_library_vault_ssh_certificate.foo: Refreshing state... [id=clvsclt_nV8DMWuBcg]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.my_project.boundary_target.ssh will be updated in-place
~ resource "boundary_target" "ssh" {
~ brokered_credential_source_ids = [
+ "clvsclt_nV8DMWuBcg",
]
id = "ttcp_6L5Cr0OUss"
name = "ssh"
# (13 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
module.my_project.boundary_target.ssh: Modifying... [id=ttcp_6L5Cr0OUss]
╷
│ Error: error updating credential sources in target: {"kind":"InvalidArgument","message":"Errors in provided fields.","details":{"request_fields":[{"name":"brokered_credential_source_ids","description":"Incorrectly formatted credential source identifier \"clvsclt_nV8DMWuBcg\"."}]}}
│
│ with module.my_project.boundary_target.ssh,
│ on example_project_my_project/main.tf line 57, in resource "boundary_target" "ssh":
│ 57: resource "boundary_target" "ssh" {
│
A (similar?) error occurs when trying to achieve the same thing using the UI.
Here is the Terraform code:
variable"organization_id" {
}
resource"boundary_scope""project" {
name="project"description="Projet project"# This parameter is the parent scope. It can be either the global scope, an# org-level scope, or a project-level scope.scope_id=var.organization_id# Using the auto_create_x_role flags can help you get set up faster# becasue you won't have to explicitly define these roles.auto_create_admin_role=trueauto_create_default_role=true
}
resource"boundary_host_catalog_static""servers" {
scope_id=boundary_scope.project.id
}
resource"boundary_host_static""project" {
type="static"name="project"description="Machine project"address="192.168.0.10"host_catalog_id=boundary_host_catalog_static.servers.id
}
resource"boundary_host_set_static""project" {
type="static"name="project"description="Host set for project servers"host_catalog_id=boundary_host_catalog_static.servers.idhost_ids=[boundary_host_static.project.id]
}
resource"boundary_credential_store_vault""foo" {
name="foo"description="My first Vault credential store!"address="http://vault:8200"# change to Vault addresstoken="CENSORED"# change to valid Vault tokenscope_id=boundary_scope.project.id
}
resource"boundary_credential_library_vault_ssh_certificate""foo" {
name="foo"description="My first Vault SSH certificate credential library!"key_type="rsa"key_bits=4096credential_store_id=boundary_credential_store_vault.foo.idpath="ssh/sign/boundary-client"# change to correct Vault endpoint and roleusername="root"# change to valid username
}
resource"boundary_target""ssh" {
type="tcp"name="ssh"description="SSH server"enable_session_recording=falsescope_id=boundary_scope.project.idsession_connection_limit=-1session_max_seconds=3600default_port=22host_source_ids=[
boundary_host_set_static.project.id
]
brokered_credential_source_ids=[
boundary_credential_library_vault_ssh_certificate.foo.id
]
# injected_application_credential_source_ids = [# boundary_credential_library_vault_ssh_certificate.foo.id# ]
}
The text was updated successfully, but these errors were encountered:
Hi @shellwhale , thank you for reporting the issue. Did you try setting up SSH Certificates as a Brokered Credentials Sources without TF? Do you still see the same error?
Hello.
I cannot make certificate injection work either so I tried certificate brokering.
While trying to setup SSH Certificates as a Brokered Credentials Sources with Terraform the following error is triggered :
A (similar?) error occurs when trying to achieve the same thing using the UI.
Here is the Terraform code:
The text was updated successfully, but these errors were encountered: