aws_route53_zone imports with a trailing dot

[hashibot]

This issue was originally opened by @TaiSHiNet as hashicorp/terraform#8511. It was migrated here as part of the provider split. The original body of the issue is below.

---

Hi,

I'm on version 0.7.1 and when running an aws_route_53 import it'll end up in the state file with a trailing dot (as in bind, and as shown in the console).
This causes the resource to try and be recreated due to a mismatch with the terraform file.
How to reproduce:

Create a Route53 zone manually
Create the TF resource in a file
Import Route53 zone into your state
Run terraform plan

I could have just bypassed this by by adding a trailing dot to the resource, but documentation shows an example without it and it might be misleading to have both ways.

Bests

[pjgjordaan]

Hi, do we have any update on this?

[Dominik-K]

@Godfried Look at corresponding pull request hashicorp/terraform#8517: it's a WIP & not migrated to this repository, yet.

[samlee64]

I ran into the same issue. According to hasicorp/terraform#8517 a solution is to remove the trailing dot from the state file directly.

[hybby]

Hitting the same thing here. I created an aws_route53_record resource through Terraform without a trailing dot in the name...

resource "aws_route53_record" "foo" {
  zone_id = "${var.zone_id}"
  name    = "foo.drew.example"
  type    = "A"
  ttl     = "300"
  records = [ "foo.com" ]
}

I then remove that resource from my state and reimport it with a dot...

$ terraform state rm aws_route53_record.foo
$ terraform import aws_route53_record.foo ${MY_ZONE_ID}_foo.drew.example._CNAME

And even though the import's successful, subsequent terraform plans want to recreate the resource:

-/+ aws_route53_record.foo (new resource required)
      fqdn:               "foo.drew.example" => "<computed>"
      name:               "foo.drew.example." => "foo.drew.example" (forces new resource)
      records.#:          "1" => "1"
      records.3464609096: "foo.drew.example" => "foo.com"
      ttl:                "300" => "300"
      type:               "CNAME" => "CNAME"
      zone_id:            "${MY_ZONE_ID}" => "${MY_ZONE_ID}"

It'd be nice if this could be fixed, because it makes me wonder what'll happen if I import a bunch of existing records with or without the trailing dots and whether it'll cause me any problems down the line.

Terraform version: v0.10.2

[bflad]

This has been released in version 1.10.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[bflad]

Reopening this issue as it appears this issue was errantly closed by #3321 which fixed the behavior for aws_route53_record, but not aws_route53_zone. 😅

[clarlam]

also running into this issue with ACM.
Terraform v0.11.10

• provider.aws v1.43.2

resource "aws_acm_certificate" "foo" {
  domain_name       = "${data.aws_route53_zone.foo.name}"
  validation_method = "DNS"
  subject_alternative_names = ["*.${data.aws_route53_zone.foo.name}"]
}

aws_acm_certificate.foo: Error requesting certificate: ValidationException: 2 validation errors detected: Value '[*.foo.com.]' at 'subjectAlternativeNames' failed to satisfy constraint: Member must satisfy constraint: [Member must have length less than or equal to 253, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: ^(*.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9]).)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$]; Value 'foo.com.' at 'domainName' failed to satisfy constraint: Member must satisfy regular expression pattern: ^(*.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9]).)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$

[clarlam]

Workaround in the meantime, search for trailing "." with regex and replace

variable "search_period" {default = "/\\.$/"}
variable "replace_period" {default = ""}

resource "aws_acm_certificate" "foo" {
  domain_name       = "${replace(data.aws_route53_zone.foo.name, var.search_period , var.replace_period)}"
  validation_method = "DNS"
  subject_alternative_names = ["*.${replace(data.aws_route53_zone.foo.name, var.search_period, var.replace_period)}"]
}

[victorkabdebon]

This issue also appears for aws_cloudfront_distribution, for origin -> domain_name, the terraform apply errors out when trying to create the resource as it doesn't consider it to be a valid domain_name.

@clarlam workaround fixes the issue for now.

terraform --version
Terraform v0.11.10
+ provider.aws v1.50.0

[jufemaiz]

Yep. Still an issue.

Another part of the problem is that this is changed upon apply, but the plan doesn't respect that it has a change.

[G-Rath]

I've not actually worked with Go before, so this might be a bit silly, but...

The schema for name uses suppressRoute53ZoneNameWithTrailingDot for it's DiffSuppressFunc - doesn't that mean it should ignore trailing dots when diffing?

If so: does that mean the bug lies with DiffSuppressFunc or suppressRoute53ZoneNameWithTrailingDot?

If not: does that mean that the fix for this is to just do what was done in #3321? i.e stick zoneName = strings.TrimSuffix(zoneName, ".") somewhere?

If it's the latter, I'm happy to stick my toe into the water as this seems like a relatively easy fix, but if it's the former that sounds to me like a bigger issue :/

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!