Closed SadriG91 closed 4 days ago
@SadriG91 did you try following the instructions here, that should help avoid this issue?
@wiktorn the link basically says changes will fail if in use, so how would the change be done then? What if it's during a planned maintenance window for example then shouldn't the module allow for that?
Hi @SadriG91,
Thanks for the contribution! We generally avoid using random suffixes/prefixes. Could you instead add an optional
name
field tovar.ssl_certificates
and usecoalesce()
to determine the name?This would allow users to specify a custom name while providing a clear default.
The idea is that if you for example add a subdomain and want to add that to the cert it will get recreated and since it can't be detached while in use we need to add the flag create_before_destroy
and for that we need a unique id or name for the cert otherwise name conflict because of name exist already
@wiktorn the link basically says changes will fail if in use, so how would the change be done then? What if it's during a planned maintenance window for example then shouldn't the module allow for that?
if your configuration is:
ssl_certificates = {
managed_configs = {
default = {
domains = ["${module.addresses.global_addresses["glb-0"].address}.nip.io"]
}
}
You change it to:
ssl_certificates = {
managed_configs = {
default = {
domains = ["${module.addresses.global_addresses["glb-0"].address}.nip.io"]
}
new = {
domains = [
"${module.addresses.global_addresses["glb-0"].address}.nip.io",
"${replace(module.addresses.global_addresses["glb-0"].address, ".", "-")}.nip.io",
]
}
}
}
(or whatever new certificate should look like), and once that is provisioned and working, you can remove the default
part.
closing this, feel free to reopen with a different feature set
I added unique suffix to the certname to prevent conflict when updating domains
Checklist
I applicable, I acknowledge that I have:
terraform fmt
on all modified filestools/tfdoc.py