Hi all,
The lab’s steps seem to be out of date. In step 2 you are asked to fix the issues with the main.tf configuration file based on “terraform validate”. This seems to involve
- changing dsa_bits to rsa_bits in tls_private_key.private_key
- removing the attribute key_algorithm in tls_cert_request.csr
Despite the hint only suggesting the first change.
In Step 3, we see “terraform plan” runs without error.
In Step 4, we see “terraform apply” runs with an error.
In Step 5, it’s described that it happens because “terraform validate” only does a syntax check.
In Step 6, we are asked to fix previous problem.
But how?
The lab forbids you any change in tls_private_key.private_key. You also can’t change the generation algorithm in tls_cert_request.csr with the key_algorithm attribute as it’s read only and as such removed in step 2.
To me the logical fix would be to change tls_private_key.algorithm to tls_cert_request.csr.key_algorithm, but, once again, the lab asks us to solve this differently, which seems to be impossible at this state. This would also introduce a circular dependency, so I don’t know.
Anyways, tls_cert_request seems to expect an RSA key by default so the “terraform apply” shouldn’t have even failed in Step 4 by the reasoning given to us, the config is in a fixed state since step 2.
And as such running terraform plan and terraform apply twice in a row (without changing anything in main.tf prior to step 2) solves the problem, the step turns green with that. This is really messy to me, what’s going on? If the config is fixed why does the first “terraform plan & apply” fail? If it is not, why does it run successfully with a second “terraform plan & apply”?