search

terraform-linters / tflint-ruleset-aws

TFLint ruleset for terraform-provider-aws
Mozilla Public License 2.0
332 stars 71 forks source link

aws_route53_record_invalid_zone_id should also allow /hostedzone/ prefix on zone_id #345

Open fstr opened 2 years ago

fstr commented 2 years ago

The rule aws_route53_record_invalid_zone_id has a char limit of 32 chars on the zone_id property. A longer zone_id raises an error when linting.

According to the AWS docs, this is correct. See Id section of linked documentation.

The ID of the hosted zone that contains the resource record sets that you want to change. Length Constraints: Maximum length of 32. Required: Yes

In my use case I generate Terraform files with kOps, and the generated zone_ids are in the format /hostedzone/XXXXXXXXXXXXXXXXXXXXX. The generated zone_id format is accepted by the Terraform AWS provider aws_route53_record resource.

Example:

resource "aws_route53_record" "dummy" {
  alias {
    evaluate_target_health = false
    name                   = aws_elb.myelb.dns_name
    zone_id                = aws_elb.myelb.zone_id
  }
  name    = "example.org"
  type    = "A"
  zone_id = "/hostedzone/XXXXXXXXXXXXXXXXXXXXX"
}

I was not able to find the source code for the aws_route53_record, because I don't know the provider codebase that well. Maybe it's auto generated. As a proof besides my own codebase, I found a test case in the provider repository which also uses the prefix.

The ruleset should be adjusted to support the /hostedzone/ prefix on the aws_route53_record.zone_id property.

PatMyron commented 2 years ago

generated from https://github.com/terraform-linters/tflint-ruleset-aws/blob/67c93daf8fba6cc2a13338462c23ef1f079e9894/rules/models/mappings/route53.hcl#L35 https://github.com/aws/aws-sdk-go/blob/b7f3444e8fe813e07fb71fa8c487ff738882d79f/models/apis/route53/2013-04-01/api-2.json#L3645

bendrucker commented 1 year ago

The trouble here partially comes from the fact that the AWS provider accepts this but then proceeds to chop it off everywhere, e.g.:

https://github.com/hashicorp/terraform-provider-aws/blob/75baa5b0303e54f343a45d591526365c794fbc08/internal/service/route53/record.go#LL261

You can find lots of examples of this happening in other projects:

https://github.com/search?q=zone_id+%3D+%22%2Fhostedzone%2F+TrimPrefix&type=code

And the shape of a ResourceId:

https://github.com/aws/aws-sdk-go/blob/main/models/apis/route53/2013-04-01/api-2.json#LL4069

The provider also asserts that zone_id is <32 characters:

https://github.com/hashicorp/terraform-provider-aws/blob/75baa5b0303e54f343a45d591526365c794fbc08/internal/service/route53/record.go#L98

Particularly given that this report is missing the output, I'm not understanding what the discrepancy is and how the rule logic would change, even setting aside the fact that it's generated.

bendrucker commented 1 year ago

Didn't intend to close, looking for a clear reproduction before spending any more time here

vishwa-trulioo commented 7 months ago

This is a problem for me to. Feels silly.