Skip to content

[feature request] Support HTTP proxy for tls_certificate data source #96

Closed
#179
Closed
[feature request] Support HTTP proxy for tls_certificate data source#96
#179
Assignees
detro
Labels
enhancement
@donovanmuller

Description

@donovanmuller
donovanmuller
opened on Jan 15, 2021

I am trying to retrieve a certificate via the tls_certificate data source as per the example in the docs. This is in context of an OIDC provider for an EKS cluster running in a private VPC (no public network connectivity).

Given an OIDC issuer URL such as https://oidc.eks.eu-west-1.amazonaws.com/id/838DB18FA8EC26D87848FDEC1D50CFDC the call evetually fails with:

Error: dial tcp 34.248.140.150:443: connect: connection timed out

This is because of the private VPC and the fact that the data source does not support a HTTP proxy (there are unfortunately no EKS VPC endpoints currently).

Terraform Version

0.14.4

Affected Data Source(s)

  • tls_certificate

Terraform Configuration Files

data "tls_certificate" "eks_cluster_oidc_issuer" {
  // E.g. https://oidc.eks.eu-west-1.amazonaws.com/id/838DB18FA8EC26D87848FDEC1D50CFDC
  url = aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer
}

Expected Behavior

The url should support using a HTTP proxy. Currently

terraform-provider-tls/internal/provider/data_source_tls_certificate.go

Line 92 in 0fe77c5

conn, err := tls.Dial("tcp", u.Host, &tls.Config{InsecureSkipVerify: !verifyChain})
does not.

Actual Behavior

Connection eventually times out (connection timed out)

References

Perhaps adjusting/replacing the dialer with something similar to:

Metadata

Metadata

Assignees

Labels

enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions