search

cloudposse / terraform-aws-acm-request-certificate

Terraform module to request an ACM certificate for a domain name and create a CNAME record in the DNS zone to complete certificate validation
https://cloudposse.com/accelerate
Apache License 2.0
106 stars 69 forks source link

Certificate validation exception #56

Open ssro opened 2 years ago

ssro commented 2 years ago

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

A clear and concise description of what the bug is.

I have a certificate.tf in which I have a domain + subject_alternative_names. This worked well until the aws provider (hashicorp/aws) version was changed to 4.12.0

Expected Behavior

A clear and concise description of what you expected to happen.

Terraform doesn't error while planning or applying

Steps to Reproduce

Steps to reproduce the behavior:

Requesting a certificate where the aws provider is at version 4.12.0 will fail with an error. A snippet of my main.tf where the aws provider is used is shown below:

...
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "4.12.0"
    }
    http = {
      source  = "terraform-aws-modules/http"
      version = "2.4.1"
    }
  }
...

The error:

╷
│ Error: reading ACM Certificate (2022-04-01 04:14:15.359 +0000 UTC): ValidationException: 1 validation error detected: Value '2022-04-01 04:14:15.359 +0000 UTC' at 'certificateArn' failed to satisfy constraint: Member must satisfy regular expression pattern: arn:[\w+=/,.@-]+:acm:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=,.@-]+)*
│
│   with module.acm_request_certificate.aws_acm_certificate_validation.default[0],
│   on .terraform/modules/acm_request_certificate/main.tf line 49, in resource "aws_acm_certificate_validation" "default":
│   49: resource "aws_acm_certificate_validation" "default" {

If I change the version of the provider to be >= 4.11.0, terraform completes successfully.

Below is the TF configuration (domain and other data has been redacted):

provider "aws" {
  region  = var.region
  profile = var.profile
}

terraform {
  required_version = ">= 1.1.4"

  backend "s3" {
  # s3 specific parameters
  }

  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "4.12.0"
    }
    http = {
      source  = "terraform-aws-modules/http"
      version = "2.4.1"
    }
  }

}

module "acm_request_certificate" {
  source = "cloudposse/acm-request-certificate/aws"
  version                           = "v0.16.0"
  domain_name                       = aws_route53_zone.SOME_ZONE.name
  process_domain_validation_options = true
  ttl                               = "300"
  subject_alternative_names         = ["*.SOME_ZONE.com", "*.SUBDOMAIN.SOME_ZONE.com"]
  wait_for_certificate_issued       = true
}

resource "aws_route53_zone" "SOME_ZONE" {
  name = "SOME_ZONE.com"
}

Screenshots

If applicable, add screenshots or logs to help explain your problem.

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

Additional Context

Add any other context about the problem here.

nitrocode commented 1 year ago

Ah ok so this is to bump the aws provider minimum requirement to at least >= 4.11.0

https://github.com/cloudposse/terraform-aws-acm-request-certificate/blob/d64d26e8d100d9fefeb0816ea0e1d3b28bbdf204/versions.tf#L4-L9

https://github.com/cloudposse/terraform-aws-acm-request-certificate/blob/d64d26e8d100d9fefeb0816ea0e1d3b28bbdf204/examples/complete/versions.tf#L4-L9

@ssro would you like to put in the PR for this? 😄