Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Traling period is causing updates #264

Closed
1oglop1 opened this issue Jun 14, 2022 · 5 comments · Fixed by #263
Closed

Traling period is causing updates #264

1oglop1 opened this issue Jun 14, 2022 · 5 comments · Fixed by #263
Assignees
@stack72
Labels
awaiting-upstream Awaiting upstream dependency kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Milestone
0.75

Comments

@1oglop1
Copy link

1oglop1 commented Jun 14, 2022

What happened?

Hi I found this issue exactly describing the problem: cloudflare/terraform-provider-cloudflare#154

Steps to reproduce

What happens:
When you create acm.Certificate and return certificate.domain_validation_options

cert_validation_option: pulumi.Output[
            acm.outputs.CertificateOptions
        ] = certificate.domain_validation_options.apply(lambda o: o[0])

and pass this in cloudflare.Record

cloudflare.Record(
            f"{self._name}-cert",
            args=cloudflare.RecordArgs(
                name=cert_validation_option.resource_record_name,
                value=cert_validation_option.resource_record_value,
                type=cert_validation_option.resource_record_type,
                zone_id=self._config.zone_id,
                # We need to allow overwrite due to ACM being regional.
                # We cannot re-use the certificate from another region
                # Validation domain name depends on the certificate domain
                # Two certificates in different regions and same domain name
                # have the same validation record
                allow_overwrite=True,
            ),
            opts=   pulumi.ResourceOptions(delete_before_replace=True),
        )

value cert_validation_option.resource_record_value will cause forever diff because Cloudflare trims the trailing period.

~ value: "_dbdxxx05384ca.hnyhpvdqhv.acm-validations.aws" => "_dbdxxxf205384ca.hnyhpvdqhv.acm-validations.aws."

Expected Behavior

No updates

Actual Behavior

Forever update

Versions used

NAME VERSION
pulumi 3.33.2
pip 22.0.3
projects 0.1.0
pulumi-cloudflare 4.7.0
setuptools 60.6.0
wheel 0.37.1

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@1oglop1 1oglop1 added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Jun 14, 2022
@1oglop1 1oglop1 mentioned this issue Jun 14, 2022
Closed
2 tasks
@stack72
Copy link
Contributor

stack72 commented Jun 15, 2022

Hi @1oglop1

Can you tell me what version of pulumi-aws that you are using as well?

Paul

@1oglop1
Copy link
Author

1oglop1 commented Jun 16, 2022

@stack72 pulumi_aws-5.4.0

@1oglop1 1oglop1 mentioned this issue Jun 20, 2022
Closed
2 tasks
@stack72 stack72 removed the needs-triage Needs attention from the triage team label Jun 20, 2022
@stack72
Copy link
Contributor

stack72 commented Jun 20, 2022
edited

Hi @1oglop1

Unfortunately, this is the AWS provider that is returning the trailing . character. This means that we would need to strip that character before passing this to the cloudflare provider. Even in the upstream issue, there are mentions of replace to remove it :/

I am not 100% sure we can do anything in the provider here because the behaviour is actually correct. I guess I suggest that we'd need to run an apply as part of the value and trim any trailing . as follows:

cloudflare.Record(
            f"{self._name}-cert",
            args=cloudflare.RecordArgs(
                name=cert_validation_option.resource_record_name,
                value=cert_validation_option.resource_record_value.apply(
		    lambda val: val. removesuffix(".")
	        ),
                type=cert_validation_option.resource_record_type,
                zone_id=self._config.zone_id,
                # We need to allow overwrite due to ACM being regional.
                # We cannot re-use the certificate from another region
                # Validation domain name depends on the certificate domain
                # Two certificates in different regions and same domain name
                # have the same validation record
                allow_overwrite=True,
            ),
            opts=   pulumi.ResourceOptions(delete_before_replace=True),
        )

Paul

@stack72 stack72 added the resolution/by-design This issue won't be fixed because the functionality is working as designed label Jun 20, 2022
@stack72 stack72 self-assigned this Jun 20, 2022
@stack72 stack72 added this to the 0.74 milestone Jun 20, 2022
@1oglop1
Copy link
Author

1oglop1 commented Jun 20, 2022

I believe that this is not a mistake fo AWS provider, but instead Cloudflare bending RFCs which state that FQND ends with traling period.
https://datatracker.ietf.org/doc/html/rfc1034
https://datatracker.ietf.org/doc/html/rfc1035

If there is nothing to do about that, at the very least it would probably be good to emit a warning message to the user about this problem.

@stack72
Copy link
Contributor

stack72 commented Jun 20, 2022

Hi @1oglop1

I totally understand - i've actually just opened cloudflare/terraform-provider-cloudflare#1713 upstream in the Terraform provider to ensure that we can get this added - if they don't want to accept that, I can bring it directly to a fork of our provider and we will get this fixed

I will change this to be awaiting-upstream and I can track changes directly here

Paul

@stack72 stack72 added awaiting-upstream Awaiting upstream dependency and removed resolution/by-design This issue won't be fixed because the functionality is working as designed labels Jun 20, 2022
@stack72 stack72 modified the milestones: 0.74, 0.75 Jun 27, 2022
@stack72 stack72 mentioned this issue Jun 29, 2022
Merged
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Jun 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stack72 stack72

Labels
awaiting-upstream Awaiting upstream dependency kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Projects
None yet
Milestone
0.75
Development

Successfully merging a pull request may close this issue.

Upgrade to v3.16.0 of the Cloudflare Terraform Provider pulumi/pulumi-cloudflare
3 participants
@stack72 @1oglop1 @pulumi-bot