Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

domain_validation_options not iterable #18359

Closed
mzhaase opened this issue Jun 29, 2018 · 5 comments
Closed

domain_validation_options not iterable #18359

mzhaase opened this issue Jun 29, 2018 · 5 comments
Labels
bug config
Milestone
v0.12.0

Comments

@mzhaase
Copy link

mzhaase commented Jun 29, 2018

Terraform Version

0.11.7

Terraform Configuration Files

resource "aws_acm_certificate" "certificates" {
  count             = "${var.value_count}"
  domain_name       = "${var.aws_lb_listener_rule_values[count.index]}"
  validation_method = "DNS"
}

resource "cloudflare_record" "validation_record" {
  count      = "${var.value_count}"
  type       = "${aws_acm_certificate.certificates.*.domain_validation_options.0.type[count.index]}"
  name       = "${aws_acm_certificate.certificates.*.domain_validation_options.0.name[count.index]}"
  value      = "${aws_acm_certificate.certificates.*.domain_validation_options.0.value[count.index]}"
  depends_on = [ "aws_acm_certificate.certificates" ]
}

resource "aws_acm_certificate_validation" "validation" {
  count                   = "${var.value_count}"
  certificate_arn         = "${aws_acm_certificate.certificates.*.arn[count.index]}"
  validation_record_fqdns = ["${cloudflare_record.validation_record.*.hostname[count.index]}"]
  depends_on              = [ "aws_acm_certificate.certificates", "cloudflare_record.validation_record" ]
}

Expected Behavior

This should iterate over aws_lb_listener_rule_values and create a cert for every entry. Then create validation records on cloudflare.

Actual Behavior

module.dcms_load_balancer_rules.cloudflare_record.validation_record[0]: Resource 'aws_acm_certificate.certificates' does not have attribute 'domain_validation_options.0.name' for variable 'aws_acm_certificate.certificates.*.domain_validation_options.0.name'

This however, works fine:

resource "aws_acm_certificate" "certificate" {
  count             = "${var.value_count}"
  domain_name       = "${var.aws_lb_listener_rule_values[count.index]}"
  validation_method = "DNS"
}

locals {
  flattened_domains = "${flatten(aws_acm_certificate.certificate.*.domain_validation_options)}"
}

resource "cloudflare_record" "validation_record" {
  count      = "${var.value_count}"
  domain     = "${replace(var.aws_lb_listener_rule_values[count.index], "*.", "")}"
  name       = "${lookup(local.flattened_domains[count.index], "resource_record_name")}"
  type       = "${lookup(local.flattened_domains[count.index], "resource_record_type")}"
  value      = "${lookup(local.flattened_domains[count.index], "resource_record_value")}"
  depends_on = [ "aws_acm_certificate.certificate" ]
}

resource "aws_acm_certificate_validation" "validation" {
  count                   = "${var.value_count}"
  certificate_arn         = "${aws_acm_certificate.certificate.*.arn[count.index]}"
  validation_record_fqdns = ["${cloudflare_record.validation_record.*.hostname[count.index]}"]
  depends_on              = [ "aws_acm_certificate.certificate", "cloudflare_record.validation_record" ]
}

resource "aws_lb_listener_certificate" "listener_certificate" {
  count           = "${var.value_count}"
  listener_arn    = "${var.aws_lb_listener_rule_listener_ssl_arn}"
  certificate_arn = "${aws_acm_certificate_validation.validation.*.certificate_arn[count.index]}"
}
@somanianshul
Copy link

Same thing over here. Is there any update on this one?

@apparentlymart
Copy link
Contributor

It's a known bug, and it should be addressed in the next major release.

@apparentlymart
Copy link
Contributor

Hi again, @mzhaase! Sorry for the long silence here.

This issue has the same root cause as #17156, which I've verified is fixed in master and ready for inclusion in the forthcoming v0.12.0 release. In my latest comment over there you can see what I tested and also a different way I was able to update that config using the new features coming in v0.12.0.

A similar reorganization of the expressions should be possible for your configuration too. For example:

resource "cloudflare_record" "validation_record" {
  count      = var.value_count
  type       = aws_acm_certificate.certificates[count.index].domain_validation_options[0].type
  name       = aws_acm_certificate.certificates[count.index].domain_validation_options[0].name
  value      = aws_acm_certificate.certificates[count.index].domain_validation_options[0].value
}

(The depends_on wasn't doing anything here because the references to aws_acm_certificate.certificates already establish that dependency.)

Since the fix is in master, I'm going to close this out now. Thanks for reporting this, and sorry again for the late response.

@apparentlymart apparentlymart added this to the v0.12.0 milestone Oct 31, 2018
@rosscdh
Copy link

rosscdh commented Jan 8, 2019

wow this 0.12.0 release has allot of pressure to get these things right :(

@Nuru Nuru mentioned this issue Aug 22, 2019
Merged
@ghost
Copy link

ghost commented Mar 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Mar 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug config
Projects
None yet
Milestone
v0.12.0
Development

No branches or pull requests
5 participants
@apparentlymart @bflad @rosscdh @mzhaase @somanianshul