You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There should have been a validity error thrown because 2562048 in hours is too big to fit in a time.Duration type.
Actual Behavior
The value overflowed and became negative leading to a NotAfter date before the Not Before date.
WARNING: could not validate bounds for certificate CA: the certificate has expired: NotBefore: 2024-09-13 09:51:20 +0000 UTC, NotAfter: 1732-06-04 10:16:46 +0000 UTC
Interestingly, I found a use case. I was trying to create intentionally expired certificates as part of a learning exercise. This is possible with validity_period_hours = 0 but causes a permanent diff because the certificate is renewed on each apply. early_renewal_hours = 2562048 fixes that !
Terraform CLI and Provider Versions
$ terraform version
Terraform v1.3.6
on linux_amd64
Terraform Configuration
Expected Behavior
There should have been a validity error thrown because 2562048 in hours is too big to fit in a time.Duration type.
Actual Behavior
The value overflowed and became negative leading to a NotAfter date before the Not Before date.
WARNING: could not validate bounds for certificate CA: the certificate has expired: NotBefore: 2024-09-13 09:51:20 +0000 UTC, NotAfter: 1732-06-04 10:16:46 +0000 UTC
Steps to Reproduce
terraform apply
How much impact is this issue causing?
Low
Logs
No response
Additional Information
The calculation is at
terraform-provider-tls/internal/provider/common_cert.go
Line 126 in 6a38629
Missing validity check at
terraform-provider-tls/internal/provider/resource_self_signed_cert.go
Line 68 in 6a38629
Code of Conduct
The text was updated successfully, but these errors were encountered: