Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS zone created in wrong project, plan errors #2508

Open
imiric opened this issue Apr 5, 2024 · 2 comments
Open

DNS zone created in wrong project, plan errors #2508

imiric opened this issue Apr 5, 2024 · 2 comments
Assignees
@yfodil
Labels
bug domain Domains issues, bugs and feature requests priority:high New features

Comments

@imiric
Copy link

imiric commented Apr 5, 2024

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.7.4-dev
on linux_amd64
+ provider registry.terraform.io/scaleway/scaleway v2.38.3

Affected Resource(s)

  • scaleway_domain_zone
  • scaleway_domain_record

Terraform Configuration Files

resource "scaleway_domain_zone" "zone" {
  domain    = "example.com"
  subdomain = "zone"
}

resource "scaleway_domain_record" "a" {
  dns_zone = "zone.example.com"
  type = "A"
  name = "sub"

  ttl = 900
  data = "99.99.99.99"
}

Debug Output

I can provide the debug output if needed, but not publicly, since it contains sensitive information. Let me know a personal email address I can send it to instead.

Panic Output

N/A

Expected Behavior

The DNS record is created under a new DNS zone of an external domain in the respective Scaleway project associated to the API key.

Actual Behavior

The behavior is different depending on the initial state.

  • If the DNS zone doesn't exist, either as a Scaleway resource or in the TF state file, it is created in the default Scaleway project, under the internal domain.

    This is wrong, since it should be created in the respective project that the Scaleway API key is associated with, and it should create an external domain reference, if it doesn't exist yet.

  • Once the zone exists in the default project and in the state file, subsequent terraform plan or terraform apply commands fail with the error:

    │ Error: no zone found with the name zone.example.com
│
│   with module.dns_zone_example_com.scaleway_domain_zone.zone[0],
│   on ../modules/dns/main.tf line 11, in resource "scaleway_domain_zone" "zone":
│   11: resource "scaleway_domain_zone" "zone" {

A workaround for this issue is to:

  1. Delete the zone from the default project in the Scaleway web UI.

  2. Delete the zone object(s) from the state file with e.g. terraform state rm module.dns_zone_example_com.scaleway_domain_zone.zone.

  3. Create the zone object(s) individually with terraform apply -target=module.dns_zone_example_com.scaleway_domain_zone.zone.

  4. Run terraform apply to create the DNS records that reference the domain zones. After this everything is created as expected, in the correct Scaleway project, and not in default.

Steps to Reproduce

See above. Given this configuration, terraform apply creates resources in the wrong project, and then a subsequent apply or plan returns no zone found errors.

Important Factoids

N/A

References

I couldn't find any similar issues.
@yfodil yfodil self-assigned this Apr 8, 2024
@yfodil yfodil added bug domain Domains issues, bugs and feature requests labels Apr 8, 2024
@remyleone remyleone added the priority:high New features label Apr 8, 2024
@ohemelaar
Copy link
Contributor

I'm experiencing a similar issue, although for me it the zone is created in the right project, but subsequent terraform plan fail.

I have a domain in our default project. I wanted to create a zone from this domain in a different project, we'll call this project Application.

So I have project Main with domain domain.tld, and I create in project Application app.dev.domain.tld using terraform by specifying the Application project id.

resource "scaleway_domain_zone" "app_dev" {
  subdomain  = "app.dev"
  domain     = "domain.tld"
  project_id = "<Application project ID>"
}
provider "scaleway" {
  region          = "fr-par"
  zone            = "fr-par-1"
  organization_id = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
  project_id      = "<Main project ID>"
  access_key      = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
  secret_key      = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
}

So indeed, the zone is created and available in the Application project, even though the domain is in the Main project, but the apply and subsequent plan failed with no zone found with the name ...

@ohemelaar
Copy link
Contributor

ohemelaar commented May 21, 2024
edited

Okay, it looks like what was missing is for the API key used to create the new zone to have permissions over the Application project's DNS. It only needs permissions on the Main project to create the zone, but afterwards to list/modify it it needs permissions over the Application project too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yfodil yfodil

Labels
bug domain Domains issues, bugs and feature requests priority:high New features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@remyleone @imiric @ohemelaar @yfodil