search

pan-net / terraform-provider-powerdns

Terraform PowerDNS provider
https://www.terraform.io/docs/providers/powerdns/
Mozilla Public License 2.0
44 stars 48 forks source link

Provider forcing replacement of records unnecessairily #77

Open ag-TJNII opened 3 years ago

ag-TJNII commented 3 years ago

While evaluating this plugin we noticed it is deleting and recreating records on otherwise minor changes. Note the following diff output:

 # powerdns_record.pdns_instance_a_record[0] must be replaced
-/+ resource "powerdns_record" "pdns_instance_a_record" {
      ~ id      = "[Snip FQDN]:::A" -> (known after apply)
        name    = "[Snip FQDN]."
      ~ records = [ # forces replacement
          - "[Snip Subnet].135",
          + "[Snip Subnet].32",
        ]
      ~ ttl     = 60 -> 5 # forces replacement
        type    = "A"
        zone    = "[Snip zone]"
    }

In auditing the API calls it is sending rrsets to the server with a changetype of DELETE. This is an aggressive approach that can cause service impacts as the DNS record will cease to exist between when it is deleted and recreated, instead of simply being updated. PowerDNS does not require the record to be deleted in these cases, a REPLACE rrset without the delete will cause the record to be replaced by PowerDNS in one API call.

Provider Version

terraform-provider-powerdns_v1.4.1

Expected Behavior

PowerDNS should have been sent a single REPLACE rrset per record.

Actual Behavior

PowerDNS was sent a DELETE rrset, deleting the record unnecessarily.

Steps to Reproduce

Apply a TTL or record change to a powerdns_record resource. Other fields were not verified but assumed to behave the same way.

Important Factoids

None

References

https://doc.powerdns.com/authoritative/http-api/zone.html#rrset

ag-TJNII commented 3 years ago

I see ForceNew is set on all the resource parameters: https://github.com/pan-net/terraform-provider-powerdns/blob/f14b9782561d93841a7dfb7d8a9758e8a48e251e/powerdns/resource_powerdns_record.go#L22-L60