Terraform-provider-aws: aws_acm_certificate_validation.validation_record_fqdns is not checked correctly
Terraform Version
Terraform v0.11.3
terraform-provider-aws v1.9.0
Affected Resource(s)
- aws_acm_certificate
- aws_acm_certificate_validation
Terraform Configuration Files
resource "aws_acm_certificate" "example_wildcard" {
domain_name = "*.example.com"
validation_method = "DNS"
}
resource "aws_route53_record" "example_wildcard_validation_0" {
name = "${aws_acm_certificate.example_wildcard.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.example_wildcard.domain_validation_options.0.resource_record_type}"
zone_id = "${aws_route53_zone.example.id}"
records = ["${aws_acm_certificate.example_wildcard.domain_validation_options.0.resource_record_value}"]
ttl = 60
}
resource "aws_route53_record" "example_wildcard_validation_1" {
name = "${aws_acm_certificate.example_wildcard.domain_validation_options.1.resource_record_name}"
type = "${aws_acm_certificate.example_wildcard.domain_validation_options.1.resource_record_type}"
zone_id = "${aws_route53_zone.example.id}"
records = ["${aws_acm_certificate.example_wildcard.domain_validation_options.1.resource_record_value}"]
ttl = 60
}
resource "aws_acm_certificate_validation" "example_wildcard" {
certificate_arn = "${aws_acm_certificate.example_wildcard.arn}"
validation_record_fqdns = ["${aws_route53_record.example_wildcard_validation_0.fqdn}", "${aws_route53_record.example_wildcard_validation_1.fqdn}"]
}
Debug Output
Not relevant.
Panic Output
None.
Expected Behavior
I tried to validate an aws_acm_certificate for "*.example.com" domain name with "subject_alternative_names" set to "example.com". This produces two domain_validation_options with the same CNAME. It should either produce a single domain_validation_option or recognise at validation stage that the two are identical.
Actual Behavior
If I pass one or both to aws_acm_certificate_validation.validation_record_fqdns, it complains that:
Certificate needs [_6a81694b41028a7644a2004feeb763e6.example.com _6a81694b41028a7644a2004feeb763e6.example.com] to be set but only [_6a81694b41028a7644a2004feeb763e6.example.com] was passed to validation_record_fqdns. This is because validation_record_fqdns, but the check is done against a list of duplicates, so 1 != 2.
Steps to Reproduce
terraform apply
Important Factoids
None.
References
None.
giacomocariello
All 9 comments
I seem to be in the same state
terraform -version
Terraform v0.11.3
+ provider.aws v1.3.1
I am using subject_alternative_names.
The error message looks the same.
terraform apply will result in an error, but it has been validated in the management console.
officel
on 13 Feb 2018
I'm taking a look at this now and will comment back or submit a PR shortly.
bflad
on 14 Feb 2018
Bugfix PR submitted: #3366
bflad
on 14 Feb 2018
The fix for this has been merged into master and will be released with v1.10.0 of the AWS provider, likely in about a week. 🚀
bflad
on 16 Feb 2018
Awesome, I was just looking for this :)
CumpsD
on 16 Feb 2018
This has been released in version 1.10.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
bflad
on 27 Feb 2018
Works, thanks!
CumpsD
on 27 Feb 2018
@bflad Thank you for a good announcement.
$ terraform -v
Terraform v0.11.3
+ provider.aws v1.10.0
My aws_acm_certificate resource subject_alternative_names argument is worked!! :tada:
Thank you :heart:
officel
on 27 Feb 2018
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 7 Apr 2020
Related issues
hashibot
·
3Comments
joelittlejohn
·
3Comments
blaltarriba
·
3Comments
ccslamstack
·
3Comments
modax
·
3Comments
Most helpful comment
I'm taking a look at this now and will comment back or submit a PR shortly.