search

dnsimple / terraform-provider-dnsimple

Terraform DNSimple provider.
https://www.terraform.io/docs/providers/dnsimple/
Mozilla Public License 2.0
21 stars 20 forks source link

How to import a dnsimple_lets_encrypt_certificate resource? #171

Open case-fastly opened 12 months ago

case-fastly commented 12 months ago

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

v1.6.3

Affected Resource(s)

dnsimple_lets_encrypt_certificate

Is it possible to import your Lets Encrypt cert resources? I don't see import mentioned on this documentation page:

https://registry.terraform.io/providers/dnsimple/dnsimple/latest/docs/resources/lets_encrypt_certificate

I tried following the same syntax as your docs suggest for importing other resource types, but received the following error in return:

│ Error: Missing Resource Import State
│
│ An unexpected error was encountered when importing the resource. This is always a problem with the provider. Please give the following information to the provider developer:
│
│ Resource ImportState method returned no State in response. If import is intentionally not supported, remove the Resource type ImportState method or return an error.
DXTimer commented 12 months ago

Hi @case-fastly, currently the provider does not support importing certificate resources orders, which is what the dnsimple_lets_encrypt_certificate represents. This is mainly because there is no programmatic way of retrieving the order.

Whenever you create a dnsimple_lets_encrypt_certificate resource the actual issuance goes through multiple steps under the hood 1. Create the Order and obtain the certificate ID from the response 2. Issue certificate for the certificate ID.

As a result, we have the dnsimple_certificate data source to retrieve the actual certificate. I can see some room for improvement in the process and would appreciate your input. Can you share your use case for wanting to import a dnsimple_lets_encrypt_certificate and how you would ideally want to manage your certificates in Terraform?

case-fastly commented 11 months ago

Ah ok, I appreciate the clarification. From my (albeit naive!) reading of the docs, fwiw it wasn't clear to me that this resource represents a LE "order" -- I assumed it represented the certificate's "presence" in the domain's associated config.

(the Terraform provider resource docs here don't mention that this is a one-time order for a cert, not a higher-level representation of the cert's presence)

My primary use-case here is, "I wanted to confirm that the domain has a LE cert attached to it" which I was hoping to store in our Terraform code.

smaddock commented 2 months ago

I also came here looking for this; I've reset (unintentionally) my Terraform state, and in trying to keep our DNSimple account as clean as possible, I was wanting to import the existing order instead of disabling auto-renew on the existing one via the web UI and letting Terraform provision a new order.

DXTimer commented 3 weeks ago

Thank you for sharing your use cases. Unfortunately, we currently do not have the necessary APIs in place to support certificate imports. I’ll share your feedback with the team to ensure this is on our radar for future improvements. In the meantime, as @smaddock suggested, the only available option is to disable auto-renewal on the existing certificates and request new ones.