search

dnsimple / terraform-provider-dnsimple

Terraform DNSimple provider.
https://www.terraform.io/docs/providers/dnsimple/
Mozilla Public License 2.0
22 stars 20 forks source link

`data.dnsimple_certificate` has unstable `id` property #208

Closed cailyoung closed 3 months ago

cailyoung commented 6 months ago

Terraform Version

1.6.5

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration Files

data "dnsimple_certificate" "star_example_com" {
  certificate_id = var.star_example_com_certificate_id
  domain         = "example.com"
}

Expected Behavior

The id of this data resource should be stable over time if the underlying certificate hasn't been changed.

Actual Behavior

id is hardcoded to be a datetime for when the data object is refreshed.

This causes replacement behaviour to be triggered on every apply operation as the data resource changes.

Ideally the data object would expose something like the issue date time, or the expiry date time, or the thumbprint of the certificate so that we could know when to update dependent resources.

Steps to Reproduce

  1. terraform apply
  2. Wait briefly
  3. terraform apply
DXTimer commented 6 months ago

Thank you, @cailyoung, for bringing this issue to our attention. I concur that having a more stable resource ID is crucial. Considering your suggestion, hashing the certificate chain seems like a viable approach, given that both the root and intermediate chains are subject to change. I'm leaning towards using a method such as sha1 for this purpose.

DXTimer commented 3 months ago

This change is getting released in 1.6.0.