search

iits-consulting / terraform-opentelekomcloud-project-factory

This repository helps to create an OTC-based cloud-native infrastructure landscape with Kubernetes, load balancers, VPCs, etc. With these modules, we provide you a rocket start while you can still deep-dive into detailed configuration later.
GNU General Public License v3.0
82 stars 19 forks source link

ACME module uses unsupported argument default_project_id #98

Closed sekoban closed 5 months ago

sekoban commented 6 months ago

Dear iits colleagues

Running the ACME example I get an error

╷
│ Error: Unsupported argument
│
│   on .terraform/modules/acme_certificate/modules/acme/dns_admin.tf line 39, in resource "opentelekomcloud_identity_user_v3" "dns_admin":
│   39:   default_project_id = data.opentelekomcloud_identity_project_v3.project.id
│
│ An argument named "default_project_id" is not expected here.
╵

My code

module "acme_certificate" {
  source                  = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/acme"
  version                 = "5.7.1"
  otc_domain_name         = var.otc_domain
  otc_project_name        = var.otc_project
  cert_registration_email = local.acme_email
  dns_admin_name          = local.acme_dns_admin_name
  domains = {
    "${local.domain_name}" = ["*.${local.domain_name}"]
  }
}

Regards, Sener

canaykin commented 5 months ago

Hi Sener,

I was taking a long vacation and just got back to write a reply, sorry for the delay.

You are absolutely correct, it appears that the OTC provider has changed the resource in accordance to the API changes they had around 6 months ago (https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/commit/56c0290d7ac48656bcab5115c262e3f82b415765) and it became effective for versions >=1.35.5 .

I will update the opentelekomcloud_identity_user_v3 resource and version constraints accordingly and make a release tonight.

Hope that it will solve the problem. Best, Can.

canaykin commented 5 months ago

I tested the fixed version and while the ACME terraform provider can still be finicky with OTC DNS, it appears that the problem is fixed and I was able to obtain a wildcard cert.

Please keep in mind that we generally use and recommend cert-manager with HTTP challenge for CCE clusters that do not necessarily need the DNS challenge (e.g. for wildcard certs) since the ACME DNS via terraform has some considerable disadvantages.

Please give it a try with the latest release: v5.8.2

Best, Can.