* aws_route53_record.cert_validation.1: [ERR]: Error building changeset: InvalidChangeBatch: FATAL problem: DomainLabelEmpty (Domain label is empty) encountered with 'Some_Domain_URL' #5237
Comments
|
I think I've found the possible root cause: The Hosted Zone ID's are mistakenly assigned: |
|
I might file a feature request but for now you can close this bug as "works as expected" or something like that. Thank you. |
|
Closing as requested 👍 |
|
@bflad Thank you, Brian |
|
@bflad - It appears that's not the issue and it is a bug in Terraform. Could you please reopen the bug report? I've fixed my code and it now uses the correct Hosted Zones ID's but it still messes up the end result - the "name"-s of the "aws_route53_record.cert_validation". The code: Terraform adds in the end the domain names of the previous two domains during the execution process. The new log: The values of the relevant variables: |
|
It's worth mentioning the fact that TF adds the domain URL in the end only to the entries which are part of "subject_alternative_names" during the creation of the DNS Validation records. This is the moment where things mess up - the "ChangeBatch" step which probably should not be undertaken at all: |
|
@bflad @evanphx @benburkert @steveh @alex |
|
@bflad Thank you. Update: I think I might have found a workaround. I'll post it here when I'm ready - it's a work in progress and will take me around half a day on Monday or Tuesday. |
bflad
added
the
service/route53
|
Nope - I couldn't manage to workaround this. It still ends up with a similar result even though I've rewritten the code. So instead of putting some variable in the code of Terraform needs to be emptied before the next cycle in the loop. And it happens only when it tries to validate the "subject_alternative_names" during the creation of the DNS Validation records. Right now we're probably seeing the previous value of that variable instead of putting "resource_record_type" which is "CNAME". |
|
This bug is a showstopper for me right now - so I'm eager to try to fix this if you could give me some directions. |
|
The error you are seeing ( If you need to do this from an attribute or variable, you can use the records = ["${replace(lookup(local.dvo[count.index], "resource_record_value"), "\\.$", "")}"] |
As it can be seen - there's no such consecutive periods and I can assure you that this is not my input (having 2 consecutive periods). So instead of putting "CNAME" in the end - it puts the previous domain name. I think: some variable in the code of Terraform needs to be emptied before the next cycle in the loop. And it happens only when it tries to validate the "subject_alternative_names" during the creation of the DNS Validation records. |
|
Oh sorry, I meant trimming the end period from If the hosted zone name doesn't match the end of the record name, we append the hosted zone name to the record name to make a fully qualified domain name as required by the Route 53 API. The output you posted most recently has record names that do not seem to line up with the hosted zone name so it would always append the hosted zone name in these cases. For example: and Since However, your case does find a logic bug though! rn = strings.Join([]string{name, zone}, ".")Should be the following, so it is prepending the sanitized record name (lowercase without an ending period) instead of the raw name coming in: rn = strings.Join([]string{rn, zone}, ".")We are getting the double periods when building your records because of this. To workaround the above in the meantime, you'll need to remove the trailing period from name = "${replace(lookup(local.dvo[count.index], "resource_record_name"), "\\.$", "")}"Or remove the trailing period from the FYI, you will not actually see the trailing period in the |
|
@bflad Thank you for being so diligent and professionally working, Brian. And I've tried the workaround but the same error occurred - the two consecutive periods can still be seen: |
|
Also - please note that there is no trailing period according to the TF's logs before the "ChangeBatch" happens: |
|
I think I might need to change the way the Zone ID's are assigned in my code. I'll post an update when I'm ready with my part - so we can test it properly when this change goes into the stable TF's AWS provider release /ver. 1.29, right?/. |
|
Version 1.29.0 of the AWS provider should contain the |
aeschright
added
needs-triage
|
Fixed by #5312 |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
This issue was originally opened by @Xtigyro as hashicorp/terraform#18482. It was migrated here as a result of the provider split. The original body of the issue is below.
Terraform Version
Terraform Configuration Files
The value of the local.hosted_zone_ids is:
The value of the local.dvo is:
Debug Output
Expected Behavior
All 4 objets of type "aws_route53_record.cert_validation" should be created.
Actual Behavior
Terraform messes up the initial input data.
The text was updated successfully, but these errors were encountered: