search

dnsimple / terraform-provider-dnsimple

Terraform DNSimple provider.
https://www.terraform.io/docs/providers/dnsimple/
Mozilla Public License 2.0
22 stars 20 forks source link

Validation failed #177

Closed andrewbaxter closed 9 months ago

andrewbaxter commented 9 months ago

Terraform Version

1.6.4

Should this be asking for the provider version? 1.3.1

Affected Resource(s)

Debug Output

TF_LOG=TRACE doesn't show any http errors

Expected Behavior

I'm not sure what the contents of the error response is but one of the following:

  1. Error provides specifics about what's wrong
  2. Full error response is dumped
  3. Upstream provides more info that can be dumped

Actual Behavior

What actually happened?

Terraform just outputs

╷
│ Error: API returned an error
│ 
│   with dnsimple_zone_record.z505NHHYX,
│   on stack.tf.json line 75, in resource.dnsimple_zone_record.z505NHHYX:
│   75:       },
│ 
│ Validation failed
╵
DXTimer commented 9 months ago

@andrewbaxter Thank you for reporting the issue. I will investigate and come back with my findings.

andrewbaxter commented 9 months ago

Thanks! If it helps, I think the problem in the end was that I was trying to update an existing record to have a name already occupied by another record. On create this reports the error correctly, but on update the error just shows the above.

DXTimer commented 9 months ago

@andrewbaxter Thank you for the additional information, I wasn't able to reproduce using common scenarios, I would get the error returned:

╷
│ Error: API returned an error
│
│   with dnsimple_zone_record.demo_a_a_duplicate,
│   on main.tf line 267, in resource "dnsimple_zone_record" "demo_a_a_duplicate":
│  267: resource "dnsimple_zone_record" "demo_a_a_duplicate" {
│
│ Validation failed
╵
╷
│ Error: API returned a Validation Error for: base
│
│   with dnsimple_zone_record.demo_a_a_duplicate,
│   on main.tf line 267, in resource "dnsimple_zone_record" "demo_a_a_duplicate":
│  267: resource "dnsimple_zone_record" "demo_a_a_duplicate" {
│
│ Matching record already exists for this zone
╵

Can you share what is the record type and value (anonymised is also ok)? It could be that our API is not returning a reason.

andrewbaxter commented 9 months ago 
 ~ resource "dnsimple_zone_record" "z505NHHYX" {
        id               = 50888675
      ~ name             = "spaghettinuum.isandrew.com" -> "spaghettinuum"
      ~ priority         = 0 -> (known after apply)
      ~ qualified_name   = "spaghettinuum.isandrew.com.isandrew.com" -> (known after apply)
      ~ value_normalized = "spaghettinuum.isandrew.com.xmxxzn.flydns.net" -> (known after apply)
      ~ zone_id          = "isandrew.com" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

Ah no worries, I don't think there's anything particularly non-public here. I was changing name, other fields were left the same.

DXTimer commented 9 months ago

Thanks for the information, I was able to reproduce the issue.

curl -i -H "Authorization: Bearer ${API_TOKEN}" -X PATCH \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{ "name": "a" }' \  
 ${BASE_URL}/${ACCOUNT_ID}/zones/clk66xty3eordtwtcpd4ph5zyqqj85khelxci732onseuvuvqbm7euph9luxot.com/records/3099738

And the API returns 400 however, it doesn't provide any information of what the validation error is:

HTTP/2 400
server: nginx
date: Tue, 12 Dec 2023 10:14:13 GMT
content-type: application/json; charset=utf-8
x-ratelimit-limit: 2400
x-ratelimit-remaining: 2339
x-ratelimit-reset: 1702379449
x-work-with-us: Love automation? So do we! https://dnsimple.com/jobs
cache-control: no-cache
x-request-id: ccf1dd6e-b324-4d2c-bf3e-a0c2b305721d
x-runtime: 0.048246
strict-transport-security: max-age=63072000

{"message":"Validation failed","errors":{}}

I will open an internal issue to enhance our error handling of such cases. For the moment there is no fix for the provider as it's an upstream issue.

andrewbaxter commented 9 months ago

Awesome, thanks so much! A lot of places don't take error message and reporting seriously, I really appreciate this. And I love dnsimple!

andrewbaxter commented 9 months ago

Oh but could a way to dump the raw http traffic into the logs be added too (ex in TF_LOG=TRACE)? To help troubleshooting issues like this in the future, if they occur again.

DXTimer commented 9 months ago

Oh but could a way to dump the raw http traffic into the logs be added too (ex in TF_LOG=TRACE)? To help troubleshooting issues like this in the future, if they occur again.

This is a great suggestion. It has come up a few times during development. I will note it down as a future improvement.

DXTimer commented 9 months ago

I am happy to share that we have restored the detailed error messages for record updates.

╷
│ Error: API returned an error
│
│   with dnsimple_zone_record.demo_cname_duplicate,
│   on main.tf line 267, in resource "dnsimple_zone_record" "demo_cname_duplicate":
│  267: resource "dnsimple_zone_record" "demo_cname_duplicate" {
│
│ Validation failed
╵
╷
│ Error: API returned a Validation Error for: base
│
│   with dnsimple_zone_record.demo_cname_duplicate,
│   on main.tf line 267, in resource "dnsimple_zone_record" "demo_cname_duplicate":
│  267: resource "dnsimple_zone_record" "demo_cname_duplicate" {
│
│ A record (id=3099431) already exists on a.clk66xty3eordtwtcpd4ph5zyqqj85khelxci732onseuvuvqbm7euph9luxot.com. CNAME and A records cannot both exist on the same name.
╵
andrewbaxter commented 9 months ago

Awesome, thanks again!