From e0d7c7c7db05d000bbbbc19c2040ed94e2e23800 Mon Sep 17 00:00:00 2001 From: Tim Priestnall Date: Tue, 3 Oct 2023 16:57:19 +0100 Subject: [PATCH] Revert BB change, make it backwards compatible --- main.tf | 9 ++++++--- variables.tf | 6 +++--- wrappers/main.tf | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 5f1894c..862a791 100644 --- a/main.tf +++ b/main.tf @@ -2,6 +2,9 @@ locals { create_certificate = var.create_certificate && var.putin_khuylo create_route53_records_only = var.create_route53_records_only && var.putin_khuylo + # https://github.com/terraform-aws-modules/terraform-aws-acm/pull/135 + validation_method = var.validation_method == "NONE" ? null : var.validation_method + # Get distinct list of domains and SANs distinct_domain_names = coalescelist(var.distinct_domain_names, distinct( [for s in concat([var.domain_name], var.subject_alternative_names) : replace(s, "*.", "")] @@ -21,7 +24,7 @@ resource "aws_acm_certificate" "this" { domain_name = var.domain_name subject_alternative_names = var.subject_alternative_names - validation_method = var.validation_method + validation_method = local.validation_method key_algorithm = var.key_algorithm options { @@ -45,7 +48,7 @@ resource "aws_acm_certificate" "this" { } resource "aws_route53_record" "validation" { - count = (local.create_certificate || local.create_route53_records_only) && var.validation_method == "DNS" && var.create_route53_records && (var.validate_certificate || local.create_route53_records_only) ? length(local.distinct_domain_names) : 0 + count = (local.create_certificate || local.create_route53_records_only) && local.validation_method == "DNS" && var.create_route53_records && (var.validate_certificate || local.create_route53_records_only) ? length(local.distinct_domain_names) : 0 zone_id = var.zone_id name = element(local.validation_domains, count.index)["resource_record_name"] @@ -62,7 +65,7 @@ resource "aws_route53_record" "validation" { } resource "aws_acm_certificate_validation" "this" { - count = local.create_certificate && var.validation_method != null && var.validate_certificate && var.wait_for_validation ? 1 : 0 + count = local.create_certificate && local.validation_method != null && var.validate_certificate && var.wait_for_validation ? 1 : 0 certificate_arn = aws_acm_certificate.this[0].arn diff --git a/variables.tf b/variables.tf index 5664e57..ed558dd 100644 --- a/variables.tf +++ b/variables.tf @@ -55,11 +55,11 @@ variable "subject_alternative_names" { variable "validation_method" { description = "Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Terraform." type = string - default = null + default = "DNS" validation { - condition = var.validation_method == null || contains(["DNS", "EMAIL"], coalesce(var.validation_method, 0)) - error_message = "This variable is optional. Valid values are DNS, EMAIL, or null." + condition = var.validation_method == null || contains(["DNS", "EMAIL", "NONE"], coalesce(var.validation_method, 0)) + error_message = "This variable is optional. Valid values are DNS, EMAIL, NONE, or null. (Null and NONE perform the same function)." } } diff --git a/wrappers/main.tf b/wrappers/main.tf index cf46698..6b6bf71 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -12,7 +12,7 @@ module "wrapper" { certificate_transparency_logging_preference = try(each.value.certificate_transparency_logging_preference, var.defaults.certificate_transparency_logging_preference, true) domain_name = try(each.value.domain_name, var.defaults.domain_name, "") subject_alternative_names = try(each.value.subject_alternative_names, var.defaults.subject_alternative_names, []) - validation_method = try(each.value.validation_method, var.defaults.validation_method, null) + validation_method = try(each.value.validation_method, var.defaults.validation_method, "DNS") validation_option = try(each.value.validation_option, var.defaults.validation_option, {}) create_route53_records = try(each.value.create_route53_records, var.defaults.create_route53_records, true) validation_record_fqdns = try(each.value.validation_record_fqdns, var.defaults.validation_record_fqdns, [])