Auth0_custom_domains constantly delete and recreate
Houndie opened this issue · 3 comments
Description
When creating an auth0_custom_domain resource, subsequent runs of terraform apply attempt to destroy and recreate the same resource over and over. It appears that verification_method is not being set in the remote state, and is also set to ForceNew, meaning that terraform constantly sees it as an update and constantly tries to reapply.
Terraform Version
Terraform 0.13.5
+ provider.auth0 0.21.0
Affected Resource(s)
- auth0_custom_domain
Terraform Configuration Files
resource "auth0_custom_domain" "login" {
domain = var.login_domain
type = "auth0_managed_certs"
verification_method = "txt"
}Expected Behavior
resource should cleanly apply
Actual Behavior
resource reapplies every time.
Steps to Reproduce
- Put the above code in your config
terraform applyterraform applyterraform applyterraform applyterraform apply
Debug Output
Panic Output
Important Factoids
References
- #0000
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Just got more info from my coworker...this apparently is a resource that was created in the gui and then terraform imported (ugh). Double checking to make sure this still happens with new resources.
Hi, coworker here. I have more information that may help in triaging this issue to most accurately describe how we've encountered this behavior.
We created Custom Domain in Auth0 UI, and verified it first.
After, I made a GET call to the /api/custom-domains endpoint to get the ID of the resource, and created the same in our terraform:
API response:
[
{
"custom_domain_id": "<SNIP ID>",
"domain": "<FQDN SNIP>",
"primary": true,
"status": "ready",
"tls_policy": "recommended",
"type": "auth0_managed_certs",
"verification": {
"methods": [
{
"name": "cname",
"record": "<PRIVATE SNIP>.edge.tenants.us.auth0.com"
}
]
}
}
]With the id value in hand, I did terraform import module.auth0.auth0_custom_domain.login <SNIP ID>, which resulted in the following addition to our state (from terraform state show):
# module.auth0.auth0_custom_domain.login:
resource "auth0_custom_domain" "login" {
domain = "<FQDN SNIP>"
id = "<SNIP ID>"
primary = true
status = "ready"
type = "auth0_managed_certs"
verification = [
{
methods = [
{
"name" = "cname"
"record" = "<PRIVATE SNIP>.edge.tenants.us.auth0.com"
},
]
},
]
}Finally I tried terraform plan to verify the imported resource was successful and could cleanly apply:
# module.auth0.auth0_custom_domain.login must be replaced
-/+ resource "auth0_custom_domain" "login" {
domain = "<FQDN SNIP>"
~ id = "<SNIP ID>" -> (known after apply)
~ primary = true -> (known after apply)
~ status = "ready" -> (known after apply)
type = "auth0_managed_certs"
~ verification = [
- {
- methods = [
- {
- "name" = "cname"
- "record" = "<PRIVATE SNIP>.edge.tenants.us.auth0.com"
},
]
},
] -> (known after apply)
+ verification_method = "txt" # forces replacement
}As shown, the verification_method field that is required per the provider docs is forcing replacement for the resource, possibly due to the field not being in state, or coming inbound from the API after validation has completed?
Presently to work around this, I've added a lifecycle ignore changes directive to the resource:
resource "auth0_custom_domain" "login" {
domain = var.login_domain
type = "auth0_managed_certs"
verification_method = "txt"
lifecycle {
ignore_changes = [
# Ignore changes to verification_method
# After verification, the verification_method is dropped
verification_method
]
}
}We have moved this issue over at auth0/terraform-provider-auth0#45 as this repo is now maintained at https://github.com/auth0/terraform-provider-auth0.