ptous
commented
2 years ago The forced pushes were to add sign-off (for DCO) and then to fix the email on my commit to match the key I signed it with. :stuck_out_tongue:
Closed ptous closed 1 year ago
ptous
commented
2 years ago The forced pushes were to add sign-off (for DCO) and then to fix the email on my commit to match the key I signed it with. :stuck_out_tongue:
psa
commented
1 year ago @alexvlasov Can this please be merged?
This PR aims to address two issues I ran into attempting to create CAA records with the Provider. Feel free to use it as idea fodder rather than merging it directly. (See especially the 2nd bullet under "What I Changed" below.)
What I wanted to fix
issueandissuewildrecords is wrapped in quotes by your back-end. For example,0 issue amazon.combecomes0 issue "amazon.com". (My conclusion that this happens is based creating the records in TF and then inspecting the records in the Namecheap web console.). However, because the provider allows the record without quotes, and stores it like that in TF state, such records forever shows a difference when planned, saying the record was removed outside of Terraform and needs to be created. (Edit: That behavior describes aMERGEmode operation.)iodefrecords should permit amailto:address, but the provider (or more accurately, the vendoredgo-namecheap-sdklibrary) checks that the record against a regex that only permitsproto://style addresses with two trailing slashes. There are no trailing slashes with themailto:protocol.What I changed
This PR contains what seemed like minimal changes needed to address these issues.
fixCAAIodefAddressValue()tofixCAAAddressValue()and apply it to all CAA records, not justiodeftypes. This ensures the domain is always quoted, to match what your back-end actually creates.iodefURL protocol matches to make the//after the:optional. I realize this should really not be changed in a vendored copy of thego-namecheap-sdk, but I figured this was a simple way to show the change in context. Honestly, this regex (and the check in general) could stand to be made smarter. From what I can tell, onlyhttp://,https://andmailto:are expected in aniodefCAA record, so the regex could be something likehttps?://|mailto:. And if you're going to check the protocol at all, you might want to check the whole URI for validity. For example, the current logic doesn't care what protocol name you put in front of the slashes or check that the rest of the URL is valid.hasSuffixQuite()->hasSuffixQuote()ttlfor records being 1799s seconds, or 29 minutes, 59 seconds. That just seemed strange, since even your web console offers standard values like 5, 10, 30 and 60 minutes. But you may have good reasons for using that value here. :man_shrugging:Did I test this?
Yes. I modified the tests so
go testwill pass with the changes tofixCAAIodefAddressValue(). I also added new test cases for the expanded use.Additionally, I tested the provider locally and verified the following:
issueandissuewildrecords that lack quotes around the domain now show no differences when you plan after apply. Note that Terraform thinks that records with and without quotes are different records, so changing them back and forth to quoted or not in HCL will cause plan differences between changes. However, entries are now consistent with your back-end behavior whether they have quotes in the HCL or not.iodefrecords with amailto:URI. where previously this would fail on apply.