New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Route53 doesn't validate TXT record lengths #14941
Comments
BTW, the solution to "fix" is to split the record to 255-byte chunks. So you end up with:
It's quite error prone. Great addition would be allow me to re-paste DKIM / TXT records the way GSuite / Hubspot etc software tell me too, without a need of manual tinkering. |
The records are in a schema.TypeSet and there is no helper validation support for sets. something like this would be nice but is not possible at this time: resource_aws_route53_record.go
|
His, this is documented in resource official docs: records - (Required for non-alias records) A string list of records. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \"\" inside the Terraform configuration string (e.g. "first255characters\"\"morecharacters"). |
Hope you all don't mind but I've raised #16317 that hopefully addresses this, let me know if I've missed anything 馃槃 |
@philnichol The PR looks good, but I wonder if we're bound to the current way of doing it, just because we already have this limit in place, and for backward compatibility, or could we do something better? If I give domain record > 255 chars, why can't AWS provider split it up for me? What's the advantage of me putting quotes in place? |
@wkoszek I agree with you personally. Main thought behind just adding validation for me is backward compatibility and to avoid introducing a breaking change to route53 (which is pretty |
Hit this again today. Here is the nicest workaround I could come up with: locals {
dkim_record = "v=DKIM1; k=rsa; p=MIIBIjAN..."
zone_id = "..."
domain = "mydomain.com"
}
resource "aws_route53_record" "scarf-sh-google-domainkey" {
zone_id = local.zone_id
name = "google._domainkey.${local.domain}"
type = "TXT"
# AWS only accepts records up to 255 chars. We know that this one is ~410.
# The provider doesn't know about it. So this is our workaround.
# See https://github.com/hashicorp/terraform-provider-aws/issues/14941
records = [
join("\"\"", [
substr(local.dkim_record, 0, 255),
substr(local.dkim_record, 255, 255),
])
]
ttl = "300"
} |
> `records` - (Required for non-alias records) A string list of records. > To specify a single record value longer than 255 characters such as a > TXT record for DKIM, add `\"\"` inside the Terraform configuration > string (e.g. `"first255characters\"\"morecharacters"`). > > https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record#records More info: hashicorp/terraform-provider-aws#14941 (comment)
Another workaround, in case your record would need to be split up more than once potentially (or even 0 times, ie. within a module that creates these records). This will just insert resource "aws_route53_record" "example" {
...
records = [
replace(local.dkim_record, "/(.{255})/", "$1\"\"")
]
} |
// got the difference between "different TXT DNS records" and "TXT DNS record with several 255-or-less strings", RTFD :( Was something wrong with #16317 ? Any chances such PR get merged after proper rebase and updating? |
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform v0.13.1
Affected Resource(s)
Terraform Configuration Files
Debug Output
Panic Output
[ERR]: Error building changeset: InvalidChangeBatch: [Invalid Resource Record: FATAL problem: CharacterStringTooLong (Value is too long) encountered with '"v=DKIM1; k=rsa; p=MIIBIjANBgkqhRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRrRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR_very_long_string"']
status code: 400, request id: 1f3fcfb0-344a-4b66-adbd-a40788df8990
Expected Behavior
Since 255 length limit is known, I'd expect
terraform plan
to warn me about a domain name that is too long, so that my GitOps "prep" stage could fail.Actual Behavior
terraform plan
is OK with very long domains.terraform apply
crashes.Steps to Reproduce
terraform plan
and see it succeed.terraform apply
and see it crash withCharacterStringTooLong
errorImportant Factoids
References
The text was updated successfully, but these errors were encountered: