-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version 1.46 aws_route53_zone changed behavior which breaks a lot of configurations #6535
Comments
Interesting.. I have mine pinned to version 1.40.0 and I am having the issue. |
A possible solution for the issue could be a creation of interpolation function to strip trailing dot. |
To get around this I am having to do a replace on code which is not ideal. domain_name = "api.${replace(aws_route53_zone.public_io.name, "/.$/", "")}"
validation_method = "DNS"
tags {
Name = "${var.environment}-integration-cert"
Environment = "${var.environment}"
}
} |
For me it is bigger issue, than certificates only. Between 1.41 and 1.42 the behaviour of property name has changed, so it is returning trailing dot now. I've pinned my version to 1.41 to avoid revriting of configurations that use this property. |
I'm doing pretty much the same, but I'm using this name in dozens of the places, so I assign it once to local variable and than everywhere use ${local.dns_zone}. |
hmmm when I do an init with it like below I get an error
Can you show me the example on how you are using it? I might just change over to that setup. I am using it almost a dozen times as well. |
|
Perfect.. That is cleaner than what I was doing... Also see what I was missing. Thanks!! |
The change was intentional (we should always refresh the Terraform state from the API), but the behavior change (the Terraform attribute always returning a trailing period even if the resource was created without the trailing period) was unintentional. So sorry about that. Previously the resource was just honoring what was passed via the Terraform configuration during resource creation (the name with or without trailing period). It would always return the trailing period in the name attribute during import. The This leaves us in an awkward position now that the breaking change for the creation without trailing period situation has been introduced. In my opinion, the resource should always be consistent with its attribute outputs no matter how the resource got to be into the Terraform state, otherwise the behavior, like before, can be confusing. Consistently refreshing attributes and returning their result from the API is the operating model for almost all other resource attributes in the AWS provider. Unfortunately in this case, consistency in this case always means including the trailing period if we always just take the API response as-is. I see one or more options here:
|
Thinking about this more, I should mention for the first option there, its not possible to fix the Terraform state to remove the trailing period based on the configuration if the state has already been refreshed to include the trailing period. The Terraform provider SDK does not give us a way to forcibly read ( To put it another way, if you've already upgraded the provider and refreshed the Terraform state like #6533, the trailing period is "stuck" at this point even if you try to downgrade versions and refresh. |
I think a combination of both the 2nd and 3rd points is the way to go. |
Something to keep in mind is that the content of the field |
Same here thing here for me, between 1.41 and 1.42 the behaviour of property name has changed and it adds a trailing dot in the end. Many of my certificates are broken right now. |
Pull request submitted to have the |
The above has been released in version 1.52.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I had this on |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Terraform Version
Terraform v0.11.10
Affected Resource(s)
in previous versions (at least in 1.41) property name was returned without trailing dot, what allow to use it in creation certificates, dns records, etc.
Terraform Configuration Files
For instance (related to issue #6533 )
resource "aws_acm_certificate" "my_cert" {
domain_name = "${var.dns_name}.${aws_route53_zone.myzone.name}"
validation_method = "DNS"
}
This construction is failing now due to traling dot in ${aws_route53_zone.myzone.name}
Expected Behavior
To maintain compatibility with previous versions and remove traling from the name property.
It is much easier to add a dot where it is needed, than remove it in all places where it is harmful.
The text was updated successfully, but these errors were encountered: