New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
failed to apply google_dns_managed_zone #17682
Comments
Hi @fawaf could you be more specific on what are you trying to update or it can be any property like the description? For example: Initial value: Updated value: |
ahh for sure. I'm not updating anything. it works on initial creation and then immediately fails the second time the apply is run. the plan shows tf tries to remove the dnssec config. orm used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
~ update in-place
Terraform will perform the following actions:
# google_dns_managed_zone.dns_managed_zone will be updated in-place
~ resource "google_dns_managed_zone" "dns_managed_zone" {
id = "projects/blah/managedZones/blah"
name = "blah"
# (11 unchanged attributes hidden)
- dnssec_config {
- kind = "dns#managedZoneDnsSecConfig" -> null
- non_existence = "nsec3" -> null
- state = "off" -> null
- default_key_specs {
- algorithm = "rsasha256" -> null
- key_length = 2048 -> null
- key_type = "keySigning" -> null
- kind = "dns#dnsKeySpec" -> null
}
- default_key_specs {
- algorithm = "rsasha256" -> null
- key_length = 1024 -> null
- key_type = "zoneSigning" -> null
- kind = "dns#dnsKeySpec" -> null
}
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to per |
I was not able to reproduce the issue following your steps. I noticed that the Is there any chance this managed zone was modified outside of Terraform (like through the console or gcloud)? |
i tested it on both types of zones that you mentioned. modifying outside of tf causes the error, and directly creating with tf and not touching it afterwards also produces the same error. i'll double check again if there's something funky going on. |
I looked into this a bit more (reading our docs and some internal source), and it looks to me like there are ways for DNSSEC to be configured elsewhere that could be applied to a newly created zone, even when a If this is a default that is applied to the zone on the backend, I believe we would need to add a |
Community Note
Terraform Version
Affected Resource(s)
google_dns_managed_zone
Terraform Configuration
Debug Output
https://gist.github.com/fawaf/38d1633ef38e8a37867a24cedd054190
Expected Behavior
tf should have applied successfully if the zone already exists previously
Actual Behavior
error produced:
Steps to reproduce
terraform apply
Important Factoids
No response
References
No response
b/332515087
The text was updated successfully, but these errors were encountered: