Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression/Bug in 1.2.0 - Sub DNS Delegation broken with NS Changes #729

Closed
Russell-IO opened this issue Nov 13, 2017 · 7 comments · Fixed by #807
Closed

Regression/Bug in 1.2.0 - Sub DNS Delegation broken with NS Changes #729

Russell-IO opened this issue Nov 13, 2017 · 7 comments · Fixed by #807
Labels
bug forward/review In review; remove label to forward service/cloud-dns

Comments

@Russell-IO
Copy link

Russell-IO commented Nov 13, 2017
edited
Loading

With Google Provider 1.2.0 I'm unable to create a dns delegation between two zones, details are in the hcl code below, N.B. I've changed the domain names from my code, but have validated that the issue still exists

Terraform Version

Terraform v0.10.8
Google Cloud Provider 1.2.0 (N.b. issue doesn't exist in 1.1.1)

Affected Resource(s)

  • google_dns_record_set

Terraform Configuration Files

// Configure the Google Cloud provider
provider "google" {
  //version     = "~> 1.1.1"
  version = "1.2.0"
  region      = "europe-west2"
}

// Create Root zone
resource "google_dns_managed_zone" "gcp-root" {
  dns_name    = "gcp.domain.test."
  name        = "gcp-root"
}

// Create dev root zone
resource "google_dns_managed_zone" "gcp-dev" {
  dns_name    = "dev.gcp.domain.test."
  name        = "gcp-dev"
}

// Delegate dev root zone to dev nameservers
resource "google_dns_record_set" "gcp-dev-ns" {
  managed_zone  = "${google_dns_managed_zone.gcp-root.name}"
  name          = "dev.${google_dns_managed_zone.gcp-root.dns_name}"
  rrdatas       = [
    "${google_dns_managed_zone.gcp-dev.name_servers.0}",
    "${google_dns_managed_zone.gcp-dev.name_servers.1}",
    "${google_dns_managed_zone.gcp-dev.name_servers.2}",
    "${google_dns_managed_zone.gcp-dev.name_servers.3}"
  ]
  ttl           = 86400
  type          = "NS"
}

Debug Output

https://gist.github.com/Russell-IO/86ccbeb5188d0eb3cf203117286031be

Expected Behavior

Terraform should create the NS records on the named record without trying to delete the root records

Actual Behavior

Terraform tries to delete the root nameservers and create the nonroot nameservers in the same call and google fails the api call

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform init
  2. terraform apply

Important Factoids

I'm using different providers (i.e. google.infra & google.dev) - but the same issues occurs without them present, so I'm assuming... that this isn't related to the provider aliasing at all and an issue with the terraform provider google

Related Information

#359
https://github.com/terraform-providers/terraform-provider-google/blob/4a342ca8eec32039ad2003d92bc3802834ac910d/google/resource_dns_record_set.go#L80-L105

This code, only checks if the NS is the record type, it doesn't validate that NAME is the apex, which is what is causing this defect
@paddycarver
@danawillow danawillow added the bug label Nov 13, 2017
@Russell-IO
Copy link
Author

Hi @danawillow @paddycarver any update on this ?

@sqerison
Copy link

+1

3 similar comments
@Rocklviv
Copy link

+1

@james-s-nduka
Copy link

+1

@fernandohonig
Copy link

+1

@Russell-IO Russell-IO changed the title Sub DNS Delegation broken with NS Changes in 1.2.0 Regression/Bug in 1.2.0 - Sub DNS Delegation broken with NS Changes Nov 22, 2017
@mikrob
Copy link

mikrob commented Nov 27, 2017

+1

paddycarver added a commit that referenced this issue Nov 30, 2017
@paddycarver
Only handle root NS records special.
bb8725e 
We introduced special handling for NS records in 1.2.0 under the
assumption that ALL NS records can't be deleted. This isn't actually
true. Only NS records for the naked domain of the managed zone can't be
removed; all other NS records can be. Because of this, 1.2.0 contains a
bug where all NS records are removed.

This update fixes the situation to only use special handling on NS
records that are for the naked root domain of the managed zone, and
treat all subdomain NS records as normal records. It also adds a test to
ensure this functionality.

Fixes #729.
@paddycarver paddycarver mentioned this issue Nov 30, 2017
Merged
luis-silva pushed a commit to luis-silva/terraform-provider-google that referenced this issue May 21, 2019
@modular-magician @danawillow
Fix typo "google_client_openid_useremail" (hashicorp#729)
cb67670 
Signed-off-by: Modular Magician <[email protected]>
@ghost
Copy link

ghost commented Mar 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 30, 2020
@github-actions github-actions bot added forward/review In review; remove label to forward service/cloud-dns labels Jan 14, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug forward/review In review; remove label to forward service/cloud-dns
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Only handle root NS records special. hashicorp/terraform-provider-google
8 participants
@paddycarver @mikrob @Rocklviv @danawillow @Russell-IO @fernandohonig @james-s-nduka @sqerison