Long TXT value is getting recreated upon `terraform apply`

[ThomasLandauer]

I have this DKIM record in my terraform.tf:

value  = "v=DKIM1;h=sha256;k=rsa;s=email;p=MIIB...QAB""

Now, upon each terraform apply, I'm getting:

# hetznerdns_record.... will be updated in-place
~ resource "hetznerdns_record" "..." {
      id      = "..."
      name    = "default._domainkey.mail"
    ~ value   = "\"v=DKIM1;h=sha256;k=rsa;s=email;p=MIIB...rui\" \"6AD...QAB\" " -> "v=DKIM1;h=sha256;k=rsa;s=email;p=MIIB...QAB\""
      # (3 unchanged attributes hidden)
  }

So (together with the information from https://github.com/timohirt/terraform-provider-hetznerdns/issues/13) this looks like the API is automatically splitting the long string. But then, this provider thinks it's different from my long string, and tries to recreate it. Unfortunately, I didn't quite get the bottom line of https://github.com/timohirt/terraform-provider-hetznerdns/issues/13 - is it to split the value string manually in 2 parts?

[kimdre]

You should use jsonencode for things like dkim records:

value = jsonencode("v=DKIM1;h=sha256;k=rsa;s=email;p=MIIBIjAN...")

[ThomasLandauer]

@kimdre Sorry, I edited the question a lot after your comment. But in any case: I just tried jsconencode, and it doesn't make a difference.

[kimdre]

The splitting is normal for long records like dkim, as the length of a single string in TXT records is limited to 255 bytes. It's normal though and the only workaround for this is to replace your single string with the splitted one that terraform shows as the current value before performing actions.

[kimdre]

A nice workaround to split recods automatically is described in a similiar issue related to route53 on aws: https://github.com/hashicorp/terraform-provider-aws/issues/14941#issuecomment-744591440

[ThomasLandauer]

Thanks, here's what I came up with after some trial and error: https://github.com/timohirt/terraform-provider-hetznerdns/pull/56 jsonencode takes care of escaping the quotes, and the last "" is to get the blank character at the end. Do you see a nicer way?

[kimdre]

I thought of the other workaround under my linked comment, which splits the string when needed (after every 255th char). However I have not tried it.

[ThomasLandauer]

Oh, I've overlooked that. However, it's overescaping (\"\"), so jsonencode would probably be required as well. Anyway, I've already spent too much time for this - if anybody finds a cleaner solution, feel free to update my example in README! :-)

[kimdre]

I just tried it out with a combination of your example and the mentioned workaround with small changes: This not only splits the string every 255th character but also adds \" at the start and the space at the end just like hetzner wants it.

#DKIM record
locals {
  dkim = "v=DKIM1;k=rsa;t=s;s=email;p=abc"
}

resource "hetznerdns_record" "example_com_dkim" {
  zone_id = hetznerdns_zone.example_com.id
  name    = "dkim._domainkey"
  type    = "TXT"
  value   = join("\"", [
    "",
    replace(local.dkim, "/(.{255})/", "$1\" \""),
    " "
  ])

}

[ThomasLandauer]

Indeed, this works for me too. I added it as alternative way - since it isn't really simpler than the other way ;-)