hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.36k stars 1.75k forks source link

google_dns_record_set does not allow empty names #18755

Open erlingtonjcardoza opened 4 months ago

erlingtonjcardoza commented 4 months ago

Community Note

Terraform Version & Provider Version(s)

Terraform v1.9.2 on x86_64

Affected Resource(s)

google_dns_record_set

Terraform Configuration

  {
    "description": "SMTP config for Google Mail",
    "name": "",
    "type": "MX",
    "ttl": 86400,
    "rrdatas": [
      "1 smtp.google.com."
    ]
  }

Debug Output

google_dns_record_set.record[""]: Creating... ╷ │ Error: Error creating DNS RecordSet: googleapi: Error 400: Invalid value for 'entity.change.additions[.mydomain.com.][MX].name': '.mydomain.com.', invalid │ │ with google_dns_record_set.record[""], │ on main.tf line 30, in resource "google_dns_record_set" "record": │ 30: resource "google_dns_record_set" "record" {

Expected Behavior

The record should be created with an empty name as requested by Google here: https://support.google.com/a/answer/9222085#zippy=%2Cstep-add-the-mx-record

Actual Behavior

The record is not created.

Steps to reproduce

  1. Set a dns record with "" as name.
  2. terraform plan will report it'll create the resource
  # google_dns_record_set.record[""] will be created
  + resource "google_dns_record_set" "record" {
      + id           = (known after apply)
      + managed_zone = "prod-zone"
      + name         = ".mydomain.com."
      + project      = "<my_project>"
      + rrdatas      = [
          + "1 smtp.google.com.",
        ]
      + ttl          = 86400
      + type         = "MX"
    }
  1. terraform apply fails with the error.

Important Factoids

No response

References

No response

b/356441194

ggtisc commented 4 months ago

Hi @erlingtonjcardoza!

The instructions of your shared link are general but not specific for use in terraform. For terraform purpose you should follow this terraform registry example if you are looking to work with an MX record.

erlingtonjcardoza commented 4 months ago

Hi @erlingtonjcardoza!

The instructions of your shared link are general but not specific for use in terraform. For terraform purpose you should follow this terraform registry example if you are looking to work with an MX record.

The problem is not about creating an MX record, that gets created properly as long as you specify the name parameter.

What I'm reporting is the fact that Google's Web Console allows the creation of records without a name, however, Terraform does not allow this.

From the resource documentation it explicitely states the name is required.

My impresion is that Terraform should be able to do the same as the Web Console.

ggtisc commented 4 months ago

Apparently there is an inconsistency between the terraform registry information and what appears in the GCP console which may confuse some users since they may think that the name argument of the google_dns_record_set resource is mandatory, while in the GCP console it can be created without specifying it.

erlingtonjcardoza commented 4 months ago

Apparently there is an inconsistency between the terraform registry information and what appears in the GCP console which may confuse some users since they may think that the name argument of the google_dns_record_set resource is mandatory, while in the GCP console it can be created without specifying it.

Sadly, it's not just documentation, but the actual operational status of terraform. From the error, we can see we hit a 400 if we attempt to create the record without name.

│ Error: Error creating DNS RecordSet: googleapi: Error 400: Invalid value for 'entity.change.additions[.mydomain.com.][MX].name': '.mydomain.com.', invalid

Oddly enough, on the Google Web Console, the same operation (creating records that does not require a name - tested with SPF and MX ) is permitted.

nick4fake commented 3 months ago

Is it something new? Just trapped into this issue with code that previously worked on another DNS zone

ajbeach2 commented 3 months ago

I have the same issue. I need to create a top level A record and i can create it in console but not in terraform, as name is required.

ngarciaf commented 3 months ago

Same here :) I'm having the same problem as @erlingtonjcardoza.