Remove the resource_domain nameservers attribute

[nlewo]

We have planned to remove the resource_domain nameservers attribute and create a dedicated resource_nameservers instead.

The main objective is to allow people to manage nameservers of a domain in Terraform without having to manage the domain resource with Terraform. A domain is actually painful to manage with Terraform because

• contact informations needs to be provided
• the API doesn't allow to remove it.

Note the resource_domain.nameservers attribute is deprecated: your Terraform manifest would still apply. It will however be removed in the next major release.

How to migrate

Suppose there is an existing resource such:

resource "gandi_domain" "example_com" {
  name = "example.com"
  nameservers = ["ns1.example.foo", "ns2.example.foo"]
  owner {
  ...
  }
}

It has to be rewritten to:

resource "gandi_domain" "example_com" {
  name = "example.com"
  owner {
  ...
  }
}

resource "gandi_nameservers" "example_com" {
  domain = "${gandi_domain.example_com.id}"
  nameservers = ["ns1.example.foo", "ns2.example.foo"]
}

---

Note if you plan to remove livedns nameservers from your domain resource, you could have to run two times terraform apply: the first run fails with

Error: StatusCode: 400 ; Err: nameservers: Required

A second run terraform apply run should succeed.

[adamjacobmuller]

This seems to not work since gandi_domain still requires the nameservers attribute

│ 
│   with gandi_domain.abc,
│   on gandi.tf line 14, in resource "gandi_domain" "abc":
│   14: resource "gandi_domain" "abc" {

[nlewo]

@AdamJacobMuller Could you show the full error message?

Are you sure to use the latest provider version (because the attribute is optional)?

[adamjacobmuller]

Hi @nlewo,

I'm using v2.0.0

Full error is only slightly longer...

│ Error: nameservers: Required
│ 
│   with gandi_domain.xxx,
│   on domains.tf line 1, in resource "gandi_domain" "xxx":
│    1: resource "gandi_domain" "xxx" {
│ 
╵

[nlewo]

@AdamJacobMuller I can't reproduce. Moreover, the documentation generated from the schemas also claims this attribute is not required.

It really looks like your are not using the version 2.0.0 of the provider.

Could you run a init and plan from an new directory (without any .terraform* and terraform.state files)?

[dhess]

I'm seeing the same thing as https://github.com/go-gandi/terraform-provider-gandi/issues/88#issuecomment-1020370752 and I'm definitely using 2.0.0.

[nlewo]

@dhess Do you reproduce from a clean directory (no state or other terraform files)?

[jamestait]

I have existing domains that I'm now importing into a terraform config. I've made the change as recommended in the migration instructions. My terraform plan now shows the nameservers attribute being cleaned out to an empty list, and the new gandi_nameservers models being created. This makes sense from the point of view of the configuration, but will this be a noop on the server side, or will those nameserver configurations be deleted and re-created?

[nlewo]

@jamestait the nameserver will be destroyed and recreated on the API. So, this won't be a noop. Depending on your configuration, Terraform offer several commands to manipulate the state to avoid this kind of operations.

[raspbeguy]

I am using last provider version:

$ terraform --version
Terraform v1.1.7
on linux_amd64
+ provider registry.terraform.io/go-gandi/gandi v2.0.0

I have the following config:

resource "gandi_domain" "gugod_fr" {
    autorenew   = true
    name        = "gugod.fr"
    owner {
      #...
    }
    admin {
      #...
    }
    billing {
      #...
    }
    tech {
      #...
    }
    timeouts {} 
}

resource "gandi_nameservers" "gugod_fr" {
    domain      = "gugod.fr"
    nameservers = [
        "ns-142-a.gandi.net",
        "ns-118-b.gandi.net",
        "ns-125-c.gandi.net",
    ]

    timeouts {}
}

When I terraform plan I have this:

  # gandi_domain.gugod_fr will be updated in-place
  ~ resource "gandi_domain" "gugod_fr" {
        id          = "gugod.fr"
        name        = "gugod.fr"
      ~ nameservers = [
          - "ns-142-a.gandi.net",
          - "ns-118-b.gandi.net",
          - "ns-125-c.gandi.net",
        ]
        # (1 unchanged attribute hidden)

        # (5 unchanged blocks hidden)
    }

And when I terraform apply I have this:

╷
│ Error: nameservers: Required
│ 
│   with gandi_domain.gugod_fr,
│   on gugod_fr.tf line 2, in resource "gandi_domain" "gugod_fr":
│    2: resource "gandi_domain" "gugod_fr" {
│ 
╵

[nlewo]

@raspbeguy hm, i don't understand how plan can success while apply fail on this error. Did you create the resource with a Terraform provider version < 2.0 ? If it is the case, could you remove this resource from the state and import it?

[raspbeguy]

No I imported it. Never used this provider before.

[nlewo]

@raspbeguy ok, thank you for all details you provided! I have been able to reproduce and https://github.com/go-gandi/terraform-provider-gandi/pull/112 fixes your issue.

Actually, the reported error was pretty confusing because the error message looks like Terraform is complaining about a required variable (which is actually optional). However, the error message comes from the Gandi API.

Note to myself: ask reporters to provide debug logs ;)

[nlewo]

@AdamJacobMuller @raspbeguy @dhess your issue should now be fixed in version 2.0.1.

[irishcornelius]

I'm still experiencing this issue, using the latest Terraform and Gandi provider versions. I have updated my code to match the documentation above, but I see the following entries of significance in my debug log:

Error: StatusCode: 400 ; Err: nameservers.0: At least one nameserver is required

2023-02-05T18:16:39.871Z [INFO]  Terraform version: 1.3.7
2023-02-05T18:16:39.872Z [DEBUG] using github.com/hashicorp/go-tfe v1.9.0
2023-02-05T18:16:39.872Z [DEBUG] using github.com/hashicorp/hcl/v2 v2.15.0
2023-02-05T18:16:39.872Z [DEBUG] using github.com/hashicorp/terraform-config-inspect v0.0.0-20210209133302-4fd17a0faac2
2023-02-05T18:16:39.872Z [DEBUG] using github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734
2023-02-05T18:16:39.872Z [DEBUG] using github.com/zclconf/go-cty v1.12.1
2023-02-05T18:16:39.872Z [INFO]  Go runtime version: go1.19.4
.....
2023-02-05T18:16:40.264Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/go-gandi/gandi/2.2.2/linux_amd64/terraform-provider-gandi_v2.2.2 args=[.terraform/providers/registry.terraform.io/go-gandi/gandi/2.2.2/linux_amd64/terraform-provider-gandi_v2.2.2]
2023-02-05T18:16:40.266Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/go-gandi/gandi/2.2.2/linux_amd64/terraform-provider-gandi_v2.2.2 pid=48
.....
2023-02-05T18:16:40.504Z [WARN]  Provider "registry.terraform.io/go-gandi/gandi" produced an invalid plan for gandi_domain.*****, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .nameservers: planned value cty.ListValEmpty(cty.String) for a non-computed attribute
- .timeouts: planned for existence but config wants absence
.....
2023-02-05T18:16:41.234Z [INFO]  provider.terraform-provider-gandi_v2.2.2: 2023/02/05 18:16:41 Response : [400 Bad Request] Content-Type: [application/json] Content-Length: [132] Last-Modified: [Sun, 05 Feb 2023 18:16:41 GMT] Trace-Id: [ae3414872b0d8c09] Server: [nginx] Connection: [keep-alive] Cache-Control: [max-age=0, must-revalidate, no-cache, no-store] Expires: [Sun, 05 Feb 2023 18:16:41 GMT] Pragma: [no-cache] Date: [Sun, 05 Feb 2023 18:16:41 GMT]: timestamp=2023-02-05T18:16:41.233Z
2023-02-05T18:16:41.234Z [INFO]  provider.terraform-provider-gandi_v2.2.2: 2023/02/05 18:16:41 Response body: {"status": "error", "errors": [{"location": "body", "name": "nameservers.0", "description": "At least one nameserver is required"}]}: timestamp=2023-02-05T18:16:41.233Z

Any help appreciated.

[nlewo]

@irishcornelius do you have livedns disabled on this domain? Also, you could run TF_LOG=DEBUG terraform apply to get debug logs.