n3integration / terraform-provider-godaddy

A terraform plugin for managing godaddy domain records
Apache License 2.0
153 stars 52 forks source link

Issue with updating Name Servers #32

Open ghost opened 5 years ago

ghost commented 5 years ago

I used terraform-godaddy provider to update Name servers on Godaddy. Even though The Name servers are updated in Godaddy and also the state file, the next time I run a terraform plan it still Shows the old name servers and notifies that I needs to update again.

Terraform Version

Terraform v0.12.16
+ provider.aws v2.35.0
+ provider.godaddy (unversioned)

Affected Resource(s)

Terraform Configuration Files

main.tf

resource "godaddy_domain_record" "update-gd-nameservers" {
  count        = length(var.domains)
  domain       = var.domains[count.index]
  nameservers  = local.domain-ids["${var.domains[count.index]}."]["nameservers"]
}

Debug Output

Expected Behavior

Since the Name servers are already updated, No changes in Infrastructure should be made.

Infrastructure should be up-to-date.

Actual Behavior

Terraform will perform the following actions:

  # module.register_sub_domains.godaddy_domain_record.update-gd-nameservers[0] will be updated in-place
  ~ resource "godaddy_domain_record" "update-gd-nameservers" {
        addresses   = []
        domain      = "xxxxxx.net"
        id          = "xxxxx"
      ~ nameservers = [
          - "ns47.domaincontrol.com",
          - "ns48.domaincontrol.com",
          + "ns-xxxx.awsdns-42.co.uk",
          + "ns-xxx.awsdns-41.com",
          + "ns-xxxx.awsdns-53.org",
          + "ns-xxx.awsdns-16.net",
        ]

      - record {
          - data     = "@" -> null
          - name     = "www" -> null
          - priority = 0 -> null
          - ttl      = 3600 -> null
          - type     = "CNAME" -> null
        }
      - record {
          - data     = "Parked" -> null
          - name     = "@" -> null
          - priority = 0 -> null
          - ttl      = 600 -> null
          - type     = "A" -> null
        }
      - record {
          - data     = "_domainconnect.gd.domaincontrol.com" -> null
          - name     = "_domainconnect" -> null
          - priority = 0 -> null
          - ttl      = 3600 -> null
          - type     = "CNAME" -> null
        }
    }

  # module.register_sub_domains.godaddy_domain_record.update-gd-nameservers[1] will be updated in-place
  ~ resource "godaddy_domain_record" "update-gd-nameservers" {
        addresses   = []
        domain      = "xxxxx.com"
        id          = "xxxxx"
      ~ nameservers = [
          - "ns47.domaincontrol.com",
          - "ns48.domaincontrol.com",
          + "ns-xxx.awsdns-42.co.uk",
          + "ns-xxxx.awsdns-41.com",
          + "ns-xxxxx.awsdns-53.org",
          + "ns-xxx.awsdns-16.net",
        ]

      - record {
          - data     = "@" -> null
          - name     = "www" -> null
          - priority = 0 -> null
          - ttl      = 3600 -> null
          - type     = "CNAME" -> null
        }
      - record {
          - data     = "Parked" -> null
          - name     = "@" -> null
          - priority = 0 -> null
          - ttl      = 600 -> null
          - type     = "A" -> null
        }
      - record {
          - data     = "_domainconnect.gd.domaincontrol.com" -> null
          - name     = "_domainconnect" -> null
          - priority = 0 -> null
          - ttl      = 3600 -> null
          - type     = "CNAME" -> null
        }
    }

Plan: 0 to add, 2 to change, 0 to destroy.

Steps to Reproduce

  1. Apply the infrastructure first time.
  2. Do a terraform plan again .
abagayev commented 4 years ago

Yes, the same issue for me.

n3integration commented 4 years ago

Hey @jasonalex - thanks for filing the detailed report. I have experienced delays in record propagation at times when deleting record types. I would say to confirm whether or not the change is reflected after a 24 hour period. If this is not the case for you, let me know so I can run a few more tests to confirm on my end.

RulerOf commented 4 years ago

Edit: The assessment here is incorrect. Please see the next post.

@n3integration the API is returning incorrect data. This kind of crap is extremely frustrating.

I'm trying to configure 20+ domains, but I've singled out transformprocurement.net to show what's going on. I run terraform the first time to configure a set of name servers, then view the configuration in GoDaddy's web console and see that it's correct: web-console

But then I turn around and call the API, looking for the same information, but it returns data as though my change had never happened. An HTTP GET on https://api.godaddy.com/v1/domains/transformprocurement.net/records returns:

[
    {
        "data": "Parked",
        "name": "@",
        "ttl": 600,
        "type": "A"
    },
    {
        "data": "ns27.domaincontrol.com",
        "name": "@",
        "ttl": 3600,
        "type": "NS"
    },
    {
        "data": "ns28.domaincontrol.com",
        "name": "@",
        "ttl": 3600,
        "type": "NS"
    },
    {
        "data": "calendar.secureserver.net",
        "name": "calendar",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "email.secureserver.net",
        "name": "email",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "fax.secureserver.net",
        "name": "fax",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "files.secureserver.net",
        "name": "files",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "@",
        "name": "ftp",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "imap.secureserver.net",
        "name": "imap",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "pop.secureserver.net",
        "name": "mail",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "mobilemail-v01.prod.mesa1.secureserver.net",
        "name": "mobilemail",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "pop.secureserver.net",
        "name": "pop",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "smtp.secureserver.net",
        "name": "smtp",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "@",
        "name": "www",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "_domainconnect.gd.domaincontrol.com",
        "name": "_domainconnect",
        "ttl": 3600,
        "type": "CNAME"
    },
    {
        "data": "smtp.secureserver.net",
        "name": "@",
        "priority": 0,
        "ttl": 3600,
        "type": "MX"
    },
    {
        "data": "mailstore1.secureserver.net",
        "name": "@",
        "priority": 10,
        "ttl": 3600,
        "type": "MX"
    }
]

Querying DNS directly though shows that the changes have clearly taken effect:

$ nslookup -type=ns transformprocurement.net 1.1.1.1
Server:     1.1.1.1
Address:    1.1.1.1#53

Non-authoritative answer:
transformprocurement.net    nameserver = ns-1451.awsdns-53.org.
transformprocurement.net    nameserver = ns-152.awsdns-19.com.
transformprocurement.net    nameserver = ns-1688.awsdns-19.co.uk.
transformprocurement.net    nameserver = ns-640.awsdns-16.net.

Authoritative answers can be found from:

I've even tried manually setting just the name servers with the API. It returns HTTP 200 and then the GET turns around and looks like nothing happened. The GoDaddy API is just deeply broken.

The best suggestion I have is that you could instead query the actual DNS in order to determine if the API changes have taken effect. Which is stupid and prone to breakage.

I'm just going to put an lifecycle block on my resources for now and ignore changes. I'll open a thread on the GoDaddy site (edit: link) but I'm not confident it'll get anything fixed if it's been broken for six months already.

Thanks for writing and maintaining this provider though. It would be incredibly useful if GoDaddy's API actually worked.

RulerOf commented 4 years ago

@n3integration Godaddy got back to me.

Nameserver information is returned as a list in the GET query to https://api.godaddy.com/v1/domains/DOMAIN, and not https://api.godaddy.com/v1/domains/DOMAIN/records.

The provider is attempting to verify the custom NS config based on the contents of the zone file, but this behavior is incorrect.

I can't make heads or tails of Golang code, and I can't breakpoint it either, so I'm not even sure how to begin suggesting a patch here.

n3integration commented 4 years ago

@RulerOf No worries. Thanks for providing the update. A patch would be ideal, but I'll probably have some cycles to take a look into this over the weekend.

RulerOf commented 4 years ago

@n3integration I've looked at the code but unfortunately I barely understand Go. I had the idea of attaching a debugger and stepping through it, but then I found out you can't do that with Terraform, so I ran out of ideas pretty fast.

joshuaspence commented 4 years ago

I'm seeing a similar issue, I think:

Error: Put https://api.godaddy.com/v1/domains/REDACTED/records/NS: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

  on dns.tf line 81, in resource "godaddy_domain_record" "main":
  81: resource "godaddy_domain_record" "main" {