Cannot create an Essentials database with TLS enabled

[joey-squid]

Terraform Version

Terraform v1.8.2
on darwin_arm64
[...]

• provider registry.terraform.io/redislabs/rediscloud v1.7.0

Affected Resource(s)

Please list the resources as a list, for example:

• rediscloud_essentials_database

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "rediscloud_essentials_subscription" "subscription" {
  name              = "${var.environment}-with-tls"
  plan_id           = data.rediscloud_essentials_plan.plan.id
  payment_method_id = data.rediscloud_payment_method.card.id
}

resource "rediscloud_essentials_database" "redis" {
  subscription_id  = rediscloud_essentials_subscription.subscription.id
  name             = var.environment
  data_persistence = "none"
  enable_tls       = false
  replication = false
  enable_payg_features = true

  # Omitting alerts{} because of #530 
}

Debug Output

Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

Expected Behavior

A Redis database is created with TLS enabled; or, an existing database is updated to enable TLS.

Actual Behavior

Error: 400 BAD_REQUEST - BAD_REQUEST: Bad request detected. Please see additional info for more details

Steps to Reproduce

terraform apply -target module.common.rediscloud_essentials_database.redis
I doubt it's relevant that my database and subscription are inside a module.

Important Factoids

I can enable and disable TLS in the console, and I can even do it using the API:

curl -X 'PUT' \
  'https://api.redislabs.com/v1/fixed/subscriptions/2363872/databases/12395251' \
  -H 'accept: application/json' \
  -H 'x-api-key: foo' \
  -H 'x-api-secret-key: bar' \
  -H 'Content-Type: application/json' \
  -d '{
    "enableTls": true
}'

I am also unable to create a database without TLS if I specify enable_payg_features. I don't know what that means but I do know it's required for enable_tls to function. Maybe it shouldn't be?

[joey-squid]

I can confirm that joey-squid@cc50ef4 resolves the immediate issue for me (please forgive the indentation, my editor isn't configured for Go). Note that I'm on a paid plan (one of the cheapest, but still paid). I'm not sure what needs to happen on free plans.

[sidatcd]

Any update on this?

[NoamSternRedis]

@sidatcd, I'm truly sorry for the late response.
TLS configuration is not supported for new Essentials databases. Only for databases that are part of Pro subscriptions (thank you @joey-squid ).
As for enable_payg_features, it is only available for legacy subscriptions (it was available years ago before we had the Pro tier). As described in the attribute's description, PAYG is no longer available for new subscriptions. It's only there to support long-lived legacy databases.
I hope that makes sense.

[sidatcd]

@NoamSternRedis
Thank you for the response. I have come to terms with this now. We have our staging databases set up with the new Essentials databases.

However, I don't fully understand your statement, "TLS configuration is not supported for new Essentials databases," and why this feature is not yet supported. I noticed that I can still enable TLS and add certificates using the console or API—just not through Terraform.

I would understand if this limitation applied to free-tier databases, but these are paid services, so the lack of support is surprising.

[NoamSternRedis]

@sidatcd, sorry. I just read my last comment and it wasn't clear at all.
I wanted to point out that the enable_tls attribute is only available for the legacy PAYG plans in Essentials.
For the current Essentials plans, you can use client_tls_certificates.
Have you tried using it, but it didn't work?