go-gandi / terraform-provider-gandi

Terraform provider for the Gandi Domain services
Mozilla Public License 2.0
152 stars 45 forks source link

Unexpected behaviour when applying first time on an imported domain #144

Open ohookins opened 1 year ago

ohookins commented 1 year ago

I've not used this provider before so don't have any expectations, but we have a number of domains already present that are not yet managed by Terraform. After importing, I'm expecting the first apply to show me what I'm missing in the local configuration that might not quite match this provider's expectation of the resource configuration. The output is a bit confusing though:

Terraform will perform the following actions:

  # gandi_domain.us_entity_owner["xxxx.com"] will be updated in-place
  ~ resource "gandi_domain" "us_entity_owner" {
      - autorenew   = true -> null
        id          = "xxxx.com"
        name        = "xxxx.com"
      ~ nameservers = [
          - "NS1",
          - "NS2,
          - "NS3",
          - "NS4",
        ]

      - owner {
          - city             = "San Francisco" -> null
          - country          = "US" -> null
          - data_obfuscated  = true -> null
          - email            = "me@example.com" -> null
          - extra_parameters = {
              - "birth_city"       = ""
              - "birth_country"    = ""
              - "birth_date"       = ""
              - "birth_department" = ""
            } -> null
          - family_name      = "Admin" -> null
          - given_name       = "Domain" -> null
          - mail_obfuscated  = true -> null
          - organisation     = "Company Inc" -> null
          - phone            = "+1.12345" -> null
          - state            = "US-CA" -> null
          - street_addr      = "our street" -> null
          - type             = "company" -> null
          - zip              = "12345" -> null
        }
      + owner {
          + city            = "San Francisco"
          + country         = "US"
          + data_obfuscated = true
          + email           = "me@example.com"
          + family_name     = "Admin"
          + given_name      = "Domain"
          + mail_obfuscated = true
          + phone           = "+1.12345"
          + state           = "CA"
          + street_addr     = "our street"
          + type            = "company"
          + zip             = "12345"
        }

      - timeouts {}

        # (3 unchanged blocks hidden)
    }

I've redacted a number of fields that contain sensitive information. Aside from things I haven't yet defined (e.g. nameservers) I'm very confused by what is happening to the owner block. Why is it replacing all values with null and then adding another owner block with the same values? Surely it should just update any changed value (they are all identical by the way)?

ohookins commented 1 year ago

OK, I suspect I know what's happening. It seems like the provider wants to replace the entire owner block even if there are some optional attributes missing. I'm not sure if this would require UseStateForUnknown modifiers on all of the attributes?

One other thing I've noticed is that while the nameservers attribute of the gandi_domain resource is marked as deprecated, if you don't supply it and instead use a gandi_nameservers resource (with the same contents), the provider is attempting to remove the nameservers anyway. It seems that this is still required in the gandi_domain resource.

  # gandi_domain.us_entity_owner["xxxx"] will be updated in-place
  ~ resource "gandi_domain" "us_entity_owner" {
        id          = "xxxxl"
        name        = "xxxx"
      ~ nameservers = [
          - "NS1",
          - "NS2",
          - "NS3",
          - "NS4",
        ]
        # (1 unchanged attribute hidden)

      - timeouts {}

        # (4 unchanged blocks hidden)
    }
jedesroches commented 1 year ago

I have the same problem, which prevents any modification of the owner or contact blocks: because the API refuses to delete the current values before creating a new one. At least the admin block should always update in place since the API won't let you delete it.