From da401a008932e857b2e9b330d6dbe2719a794efb Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Fri, 11 Aug 2023 15:44:14 -0400 Subject: [PATCH 1/4] provider version upgrade and remove NONE validation_method --- README.md | 16 +++++++++++++--- .../README.md | 2 +- .../main.tf | 1 + .../versions.tf | 2 +- examples/complete-dns-validation/README.md | 4 ++-- examples/complete-dns-validation/main.tf | 4 ++++ examples/complete-dns-validation/versions.tf | 2 +- .../README.md | 4 ++-- .../versions.tf | 2 +- examples/complete-email-validation/README.md | 4 ++-- examples/complete-email-validation/versions.tf | 2 +- main.tf | 2 +- variables.tf | 8 ++++---- versions.tf | 2 +- wrappers/main.tf | 2 +- 15 files changed, 36 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 1a9a753..ec49c34 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,8 @@ module "acm" { domain_name = "my-domain.com" zone_id = "Z2ES7B9AZ6SHAE" + + validation_method = "DNS" subject_alternative_names = [ "*.my-domain.com", @@ -37,6 +39,8 @@ module "acm" { domain_name = "weekly.tf" zone_id = "b7d259641bf30b89887c943ffc9d2138" + validation_method = "DNS" + subject_alternative_names = [ "*.weekly.tf", ] @@ -72,6 +76,8 @@ module "acm" { domain_name = "my-domain.com" zone_id = "Z266PL4W4W6MSG" + validation_method = "DNS" + wait_for_validation = true tags = { @@ -106,6 +112,8 @@ module "acm" { "app.sub.my-domain.com", ] + validation_method = "DNS" + create_route53_records = false validation_record_fqdns = module.route53_records.validation_route53_record_fqdns } @@ -121,6 +129,8 @@ module "route53_records" { create_certificate = false create_route53_records_only = true + validation_method = "DNS" + distinct_domain_names = module.acm.distinct_domain_names zone_id = "Z266PL4W4W6MSG" @@ -170,13 +180,13 @@ module "acm" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.40 | +| [aws](#requirement\_aws) | >= 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.40 | +| [aws](#provider\_aws) | >= 5.0 | ## Modules @@ -208,7 +218,7 @@ No modules. | [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | | [validate\_certificate](#input\_validate\_certificate) | Whether to validate certificate by creating Route53 record | `bool` | `true` | no | | [validation\_allow\_overwrite\_records](#input\_validation\_allow\_overwrite\_records) | Whether to allow overwrite of Route53 records | `bool` | `true` | no | -| [validation\_method](#input\_validation\_method) | Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform. | `string` | `"DNS"` | no | +| [validation\_method](#input\_validation\_method) | Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Terraform. | `string` | `null` | no | | [validation\_option](#input\_validation\_option) | The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. | `any` | `{}` | no | | [validation\_record\_fqdns](#input\_validation\_record\_fqdns) | When validation is set to DNS and the DNS validation records are set externally, provide the fqdns for the validation | `list(string)` | `[]` | no | | [validation\_timeout](#input\_validation\_timeout) | Define maximum timeout to wait for the validation to complete | `string` | `null` | no | diff --git a/examples/complete-dns-validation-with-cloudflare/README.md b/examples/complete-dns-validation-with-cloudflare/README.md index c7a98d7..d3b0ebd 100644 --- a/examples/complete-dns-validation-with-cloudflare/README.md +++ b/examples/complete-dns-validation-with-cloudflare/README.md @@ -24,7 +24,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.40 | +| [aws](#requirement\_aws) | >= 5.0 | | [cloudflare](#requirement\_cloudflare) | >= 3.4 | ## Providers diff --git a/examples/complete-dns-validation-with-cloudflare/main.tf b/examples/complete-dns-validation-with-cloudflare/main.tf index 2186abe..157b628 100644 --- a/examples/complete-dns-validation-with-cloudflare/main.tf +++ b/examples/complete-dns-validation-with-cloudflare/main.tf @@ -24,6 +24,7 @@ module "acm" { ] create_route53_records = false + validation_method = "DNS" validation_record_fqdns = cloudflare_record.validation[*].hostname tags = { diff --git a/examples/complete-dns-validation-with-cloudflare/versions.tf b/examples/complete-dns-validation-with-cloudflare/versions.tf index f210015..d20cfca 100644 --- a/examples/complete-dns-validation-with-cloudflare/versions.tf +++ b/examples/complete-dns-validation-with-cloudflare/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.40" + version = ">= 5.0" } cloudflare = { source = "cloudflare/cloudflare" diff --git a/examples/complete-dns-validation/README.md b/examples/complete-dns-validation/README.md index c89c825..5e56d4d 100644 --- a/examples/complete-dns-validation/README.md +++ b/examples/complete-dns-validation/README.md @@ -24,13 +24,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.40 | +| [aws](#requirement\_aws) | >= 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.40 | +| [aws](#provider\_aws) | >= 5.0 | ## Modules diff --git a/examples/complete-dns-validation/main.tf b/examples/complete-dns-validation/main.tf index de2c77f..d5efb97 100644 --- a/examples/complete-dns-validation/main.tf +++ b/examples/complete-dns-validation/main.tf @@ -46,6 +46,8 @@ module "acm" { "alerts.${local.domain_name}", ] + validation_method = "DNS" + tags = { Name = local.domain_name } @@ -81,6 +83,7 @@ module "acm_only" { ] create_route53_records = false + validation_method = "DNS" validation_record_fqdns = module.route53_records_only.validation_route53_record_fqdns } @@ -93,6 +96,7 @@ module "route53_records_only" { create_certificate = false create_route53_records_only = true + validation_method = "DNS" zone_id = local.zone_id distinct_domain_names = module.acm_only.distinct_domain_names diff --git a/examples/complete-dns-validation/versions.tf b/examples/complete-dns-validation/versions.tf index fa875db..ddfcb0e 100644 --- a/examples/complete-dns-validation/versions.tf +++ b/examples/complete-dns-validation/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.40" + version = ">= 5.0" } } } diff --git a/examples/complete-email-validation-with-validation-domain/README.md b/examples/complete-email-validation-with-validation-domain/README.md index 0850824..b3f9d47 100644 --- a/examples/complete-email-validation-with-validation-domain/README.md +++ b/examples/complete-email-validation-with-validation-domain/README.md @@ -33,13 +33,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.40 | +| [aws](#requirement\_aws) | >= 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.40 | +| [aws](#provider\_aws) | >= 5.0 | ## Modules diff --git a/examples/complete-email-validation-with-validation-domain/versions.tf b/examples/complete-email-validation-with-validation-domain/versions.tf index fa875db..ddfcb0e 100644 --- a/examples/complete-email-validation-with-validation-domain/versions.tf +++ b/examples/complete-email-validation-with-validation-domain/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.40" + version = ">= 5.0" } } } diff --git a/examples/complete-email-validation/README.md b/examples/complete-email-validation/README.md index 00e027b..f214984 100644 --- a/examples/complete-email-validation/README.md +++ b/examples/complete-email-validation/README.md @@ -37,13 +37,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.40 | +| [aws](#requirement\_aws) | >= 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.40 | +| [aws](#provider\_aws) | >= 5.0 | ## Modules diff --git a/examples/complete-email-validation/versions.tf b/examples/complete-email-validation/versions.tf index fa875db..ddfcb0e 100644 --- a/examples/complete-email-validation/versions.tf +++ b/examples/complete-email-validation/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.40" + version = ">= 5.0" } } } diff --git a/main.tf b/main.tf index 0e027ee..5f1894c 100644 --- a/main.tf +++ b/main.tf @@ -62,7 +62,7 @@ resource "aws_route53_record" "validation" { } resource "aws_acm_certificate_validation" "this" { - count = local.create_certificate && var.validation_method != "NONE" && var.validate_certificate && var.wait_for_validation ? 1 : 0 + count = local.create_certificate && var.validation_method != null && var.validate_certificate && var.wait_for_validation ? 1 : 0 certificate_arn = aws_acm_certificate.this[0].arn diff --git a/variables.tf b/variables.tf index 13761c9..5664e57 100644 --- a/variables.tf +++ b/variables.tf @@ -53,13 +53,13 @@ variable "subject_alternative_names" { } variable "validation_method" { - description = "Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform." + description = "Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Terraform." type = string - default = "DNS" + default = null validation { - condition = contains(["DNS", "EMAIL", "NONE"], var.validation_method) - error_message = "Valid values are DNS, EMAIL or NONE." + condition = var.validation_method == null || contains(["DNS", "EMAIL"], coalesce(var.validation_method, 0)) + error_message = "This variable is optional. Valid values are DNS, EMAIL, or null." } } diff --git a/versions.tf b/versions.tf index fa875db..ddfcb0e 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.40" + version = ">= 5.0" } } } diff --git a/wrappers/main.tf b/wrappers/main.tf index 6b6bf71..cf46698 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -12,7 +12,7 @@ module "wrapper" { certificate_transparency_logging_preference = try(each.value.certificate_transparency_logging_preference, var.defaults.certificate_transparency_logging_preference, true) domain_name = try(each.value.domain_name, var.defaults.domain_name, "") subject_alternative_names = try(each.value.subject_alternative_names, var.defaults.subject_alternative_names, []) - validation_method = try(each.value.validation_method, var.defaults.validation_method, "DNS") + validation_method = try(each.value.validation_method, var.defaults.validation_method, null) validation_option = try(each.value.validation_option, var.defaults.validation_option, {}) create_route53_records = try(each.value.create_route53_records, var.defaults.create_route53_records, true) validation_record_fqdns = try(each.value.validation_record_fqdns, var.defaults.validation_record_fqdns, []) From 8be8448aa246a62b834c1decdf1ea47774a740f1 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Mon, 28 Aug 2023 19:51:01 -0400 Subject: [PATCH 2/4] revert v5 upgrade since no changes depend on it --- README.md | 4 ++-- examples/complete-dns-validation-with-cloudflare/README.md | 2 +- examples/complete-dns-validation-with-cloudflare/versions.tf | 2 +- examples/complete-dns-validation/README.md | 4 ++-- examples/complete-dns-validation/versions.tf | 2 +- .../README.md | 4 ++-- .../versions.tf | 2 +- examples/complete-email-validation/README.md | 4 ++-- examples/complete-email-validation/versions.tf | 2 +- versions.tf | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index ec49c34..d80f7de 100644 --- a/README.md +++ b/README.md @@ -180,13 +180,13 @@ module "acm" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 4.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 4.40 | ## Modules diff --git a/examples/complete-dns-validation-with-cloudflare/README.md b/examples/complete-dns-validation-with-cloudflare/README.md index d3b0ebd..c7a98d7 100644 --- a/examples/complete-dns-validation-with-cloudflare/README.md +++ b/examples/complete-dns-validation-with-cloudflare/README.md @@ -24,7 +24,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 4.40 | | [cloudflare](#requirement\_cloudflare) | >= 3.4 | ## Providers diff --git a/examples/complete-dns-validation-with-cloudflare/versions.tf b/examples/complete-dns-validation-with-cloudflare/versions.tf index d20cfca..f210015 100644 --- a/examples/complete-dns-validation-with-cloudflare/versions.tf +++ b/examples/complete-dns-validation-with-cloudflare/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 4.40" } cloudflare = { source = "cloudflare/cloudflare" diff --git a/examples/complete-dns-validation/README.md b/examples/complete-dns-validation/README.md index 5e56d4d..c89c825 100644 --- a/examples/complete-dns-validation/README.md +++ b/examples/complete-dns-validation/README.md @@ -24,13 +24,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 4.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 4.40 | ## Modules diff --git a/examples/complete-dns-validation/versions.tf b/examples/complete-dns-validation/versions.tf index ddfcb0e..fa875db 100644 --- a/examples/complete-dns-validation/versions.tf +++ b/examples/complete-dns-validation/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 4.40" } } } diff --git a/examples/complete-email-validation-with-validation-domain/README.md b/examples/complete-email-validation-with-validation-domain/README.md index b3f9d47..0850824 100644 --- a/examples/complete-email-validation-with-validation-domain/README.md +++ b/examples/complete-email-validation-with-validation-domain/README.md @@ -33,13 +33,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 4.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 4.40 | ## Modules diff --git a/examples/complete-email-validation-with-validation-domain/versions.tf b/examples/complete-email-validation-with-validation-domain/versions.tf index ddfcb0e..fa875db 100644 --- a/examples/complete-email-validation-with-validation-domain/versions.tf +++ b/examples/complete-email-validation-with-validation-domain/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 4.40" } } } diff --git a/examples/complete-email-validation/README.md b/examples/complete-email-validation/README.md index f214984..00e027b 100644 --- a/examples/complete-email-validation/README.md +++ b/examples/complete-email-validation/README.md @@ -37,13 +37,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 4.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 4.40 | ## Modules diff --git a/examples/complete-email-validation/versions.tf b/examples/complete-email-validation/versions.tf index ddfcb0e..fa875db 100644 --- a/examples/complete-email-validation/versions.tf +++ b/examples/complete-email-validation/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 4.40" } } } diff --git a/versions.tf b/versions.tf index ddfcb0e..fa875db 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 4.40" } } } From 46645c411d6448137a6cbe2ce671dda92af99172 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Fri, 1 Sep 2023 09:12:38 -0400 Subject: [PATCH 3/4] fix pre-commit failures --- examples/complete-dns-validation-with-cloudflare/README.md | 4 ++-- examples/complete-dns-validation-with-cloudflare/versions.tf | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/complete-dns-validation-with-cloudflare/README.md b/examples/complete-dns-validation-with-cloudflare/README.md index c7a98d7..4b9b525 100644 --- a/examples/complete-dns-validation-with-cloudflare/README.md +++ b/examples/complete-dns-validation-with-cloudflare/README.md @@ -25,13 +25,13 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.40 | -| [cloudflare](#requirement\_cloudflare) | >= 3.4 | +| [cloudflare](#requirement\_cloudflare) | >= 3.4, <=3.32 | ## Providers | Name | Version | |------|---------| -| [cloudflare](#provider\_cloudflare) | >= 3.4 | +| [cloudflare](#provider\_cloudflare) | >= 3.4, <=3.32 | ## Modules diff --git a/examples/complete-dns-validation-with-cloudflare/versions.tf b/examples/complete-dns-validation-with-cloudflare/versions.tf index f210015..16510f6 100644 --- a/examples/complete-dns-validation-with-cloudflare/versions.tf +++ b/examples/complete-dns-validation-with-cloudflare/versions.tf @@ -6,9 +6,12 @@ terraform { source = "hashicorp/aws" version = ">= 4.40" } + # Terraform v1.0.0 only functional with cloudflare versions less than or equal to 3.33.0 + # Cloudflare provider version 3.33.0 introduced a regression which produced errors when + # passing credentials via environment variables cloudflare = { source = "cloudflare/cloudflare" - version = ">= 3.4" + version = ">= 3.4, <=3.32" } } } From f678314352235588cb85cee0c4bc6d2c3b5bac04 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Fri, 1 Sep 2023 13:04:35 -0400 Subject: [PATCH 4/4] add related issues to comments --- examples/complete-dns-validation-with-cloudflare/versions.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/complete-dns-validation-with-cloudflare/versions.tf b/examples/complete-dns-validation-with-cloudflare/versions.tf index 16510f6..3177d7c 100644 --- a/examples/complete-dns-validation-with-cloudflare/versions.tf +++ b/examples/complete-dns-validation-with-cloudflare/versions.tf @@ -7,8 +7,10 @@ terraform { version = ">= 4.40" } # Terraform v1.0.0 only functional with cloudflare versions less than or equal to 3.33.0 + # https://github.com/cloudflare/terraform-provider-cloudflare/issues/2340 # Cloudflare provider version 3.33.0 introduced a regression which produced errors when # passing credentials via environment variables + # https://github.com/cloudflare/terraform-provider-cloudflare/issues/2184 cloudflare = { source = "cloudflare/cloudflare" version = ">= 3.4, <=3.32"