Unable to query published provider info and local terraform init got error about boring-registry HOT 5 CLOSED

Hi @liuke0712! :)

Does it mean the server has already started?

Yes. This is also indicated by the http: server gave HTTP response to HTTPS client you posted

and how I can query the provider info using the server API?

You can check that yourself by using command line tools like curl to query boring-registry:

curl http://localhost:5601/v1/providers/hashicorp/azurerm/versions

Disclaimer: I didn't test the above command

Regarding the following error

Could not retrieve the list of available versions for provider localhost:5601/hashicorp/azurerm:
could not connect to localhost:5601:
Failed to request discovery document:
Get "https://localhost:5601/.well-known/terraform.json":
http: server gave HTTP response to HTTPS client

Your Terraform CLI tries to to connect to localhost:5601 with HTTPS (see https://localhost:5601/.well-known/terraform.json from above), but the server gave HTTP response to HTTPS client.
As far as I know, Terraform requires HTTPS. RIght now I see two options:

1. pass a valid TLS certificate to the boring-registry command with --tls-cert-file=self-signed.crt --tls-key-file=self-signed.key for example
2. service the boring-registry API behind a reverse-proxy which has a valid certificate

Someone else had a similar problem to yours here: #73. I hope that helps!

Just out of curiosity, why do you want to serve the azurerm provider from hashicorp with the boring-registry, instead of using the hashicorp registry directly? :)

from boring-registry.

Hi Oliver,

Much appreciated for your guide.

I generated a self-signed cert and key by

openssl req -x509 -nodes -sha256 -newkey rsa:2048 \

-keyout localhost.key -out localhost.crt \

-days 3650 \

-subj "/CN=localhost"

after adding

basicConstraints = critical,CA:true

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid:always,issuer

subjectAltName = DNS:localhost

to /etc/ssl/openssl.cnf

but seems the certification is not compliant/accepted by terraform

266859644@C02D94YHML85 test % terraform init

 

Initializing the backend...

 

Initializing provider plugins...

- Finding localhost:5601/hashicorp/azurerm versions matching "3.24.0"...

╷

│ Error: Failed to query available provider packages

│

│ Could not retrieve the list of available versions for provider

│ localhost:5601/hashicorp/azurerm: could not connect to localhost:5601:

│ Failed to request discovery document: Get

│ "https://localhost:5601/.well-known/terraform.json": x509: “localhost”

│ the certificate is not standards compliant

Wondering if is there any requirement for the generation of the TLS cert?

Related to your question, because our current tfe server cannot access the internet based on security considerations, we are using bundle for now, but intend to switch to a private provider solution. however, the private provider does not support provider invokes from a different organization. That is why we're looking for alternatives.

Thanks!

from boring-registry.

Wondering if is there any requirement for the generation of the TLS cert?

You need to check how the Terraform CLI works internally, I do now know that. With the script I posted in #73 , I was able to run it locally. I really can't help you here, sorry :/ Have you tried the bash script?

Related to your question, because our current tfe server cannot access the internet based on security considerations, we are using bundle for now, but intend to switch to a private provider solution. however, the private provider does not support provider invokes from a different organization. That is why we're looking for alternatives.

Interesting, thanks :)

from boring-registry.

You could maybe use some other tools to check why your certificate is not complying with the standards

from boring-registry.

Closing this issue due to inactivity and as it's more of a general question. Feel free to re-open it anytime!

from boring-registry.