-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_static_site_custom_domain.validation_token dissapears after successfull validation yielding entire TF setup stuck on failed validation #14750
Comments
I assume that the issue stems from the fact that after validation the token is no longer returned by Azure. Thus during refreshing the property is not present in the response. During validation:
After validation passed (
Attempt to preserve the original token via resource "azurerm_static_site_custom_domain" "txt-root" {
static_site_id = azurerm_static_site.website.id
domain_name = azurerm_dns_zone.dns.name
validation_type = "dns-txt-token"
lifecycle {
ignore_changes = [
validation_token
]
}
} and still yields the same error message as in the issue description |
WorkaroundI went with just hard-coding the variable "txt_validation_token" {
description = "Manual override of the Custom Domain TXT validation token until https://github.com/hashicorp/terraform-provider-azurerm/issues/14750 is fixed"
type = string
nullable = true
default = null
} resource "azurerm_dns_txt_record" "txt-root" {
resource_group_name = var.resource_group_name
ttl = var.ttl
record {
- value = azurerm_static_site_custom_domain.txt-root.validation_token
+ value = var.txt_validation_token != null ? var.txt_validation_token : azurerm_static_site_custom_domain.txt-root.validation_token
}
} For the initial go the variable is null so we actually read the token (as it's available) and after the |
After the validation of the domain name, the TXT record can be removed. Because the validation_token is no longer there, the record can also be removed. Keeping it in the Terraform state is, I think, not necessary anymore. |
After a few hours of debugging this same problem and assuming it was that PEBCAK, but then I discovered this GitHub issue. Thank you for posting this problem and the workaround @piotr-lasota !!! Much appreciated! ❤️ |
To this point, I tried a different workaround. Since the TXT record is no longer needed after validation, and this problem only occurs after validation happens, I changed my resource to this:
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform (and AzureRM Provider) Version
Affected Resource(s)
azurerm_static_site_custom_domain
azurerm_dns_txt_record
- as a resultTerraform Configuration Files
Debug Output
Debug output Github Gist link
Panic Output
Not applicable
Expected Behaviour
I can use
plan
andapply
after successful TXT validation byazurerm_static_site_custom_domain
Actual Behaviour
As long as the TXT validation is still pending (on Azure Portal), everything works perfectly.
As soon as the validation is done:
Steps to Reproduce
terraform apply
the provided configuration fileterraform plan
orterraform apply
(even without changing anything)If you do a
terraform plan -refresh-only
then it is indicated that theazurerm_static_site_custom_domain
no longer contains thevalidation_token
.Proceeding with the refresh via
terraform apply -refresh-only
yields no improvement on the issueImportant Factoids
None that I am aware of
References
Searching for similiar issue yielded no results so I assume this one is first.
The text was updated successfully, but these errors were encountered: