remove trailing period in computed attribute to address acm_cert vali…

…dation test errors and add to documentation
hashicorp · Jul 30, 2020 · 3349867 · 3349867
1 parent dc19585
commit 3349867
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/aws/resource_aws_acm_certificate.go b/aws/resource_aws_acm_certificate.go
@@ -165,6 +165,9 @@ func resourceAwsAcmCertificate() *schema.Resource {
 			// Attempt to calculate the domain validation options based on domains present in domain_name and subject_alternative_names
 			if diff.Get("validation_method").(string) == "DNS" && (diff.HasChange("domain_name") || diff.HasChange("subject_alternative_names")) {
 				domainValidationOptionsList := []interface{}{map[string]interface{}{
+					// AWS Provider 3.0 -- plan-time validation prevents "domain_name"
+					// argument to accept a string with trailing period; thus, trim of trailing period
+					// no longer required here
 					"domain_name": diff.Get("domain_name").(string),
 				}}
 
@@ -177,7 +180,10 @@ func resourceAwsAcmCertificate() *schema.Resource {
 						}
 
 						m := map[string]interface{}{
-							"domain_name": strings.TrimSuffix(san, "."),
+							// AWS Provider 3.0 -- plan-time validation prevents "subject_alternative_names"
+							// argument to accept strings with trailing period; thus, trim of trailing period
+							// no longer required here
+							"domain_name": san,
 						}
 
 						domainValidationOptionsList = append(domainValidationOptionsList, m)
@@ -244,7 +250,7 @@ func resourceAwsAcmCertificateCreateRequested(d *schema.ResourceData, meta inter
 	if sans, ok := d.GetOk("subject_alternative_names"); ok {
 		subjectAlternativeNames := make([]*string, len(sans.(*schema.Set).List()))
 		for i, sanRaw := range sans.(*schema.Set).List() {
-			subjectAlternativeNames[i] = aws.String(strings.TrimSuffix(sanRaw.(string), "."))
+			subjectAlternativeNames[i] = aws.String(sanRaw.(string))
 		}
 		params.SubjectAlternativeNames = subjectAlternativeNames
 	}
@@ -390,8 +396,11 @@ func convertValidationOptions(certificate *acm.CertificateDetail) ([]map[string]
 		for _, o := range certificate.DomainValidationOptions {
 			if o.ResourceRecord != nil {
 				validationOption := map[string]interface{}{
-					"domain_name":           aws.StringValue(o.DomainName),
-					"resource_record_name":  aws.StringValue(o.ResourceRecord.Name),
+					"domain_name": aws.StringValue(o.DomainName),
+					// To be consistent with other AWS resources (e.g. Route53 Record) that do not accept a trailing period,
+					// as well conform to the "domain_name" argument validation, we remove the suffix from
+					// the DNS Record's Name returned from the API
+					"resource_record_name":  trimTrailingPeriod(aws.StringValue(o.ResourceRecord.Name)),
 					"resource_record_type":  aws.StringValue(o.ResourceRecord.Type),
 					"resource_record_value": aws.StringValue(o.ResourceRecord.Value),
 				}

diff --git a/aws/resource_aws_route53_record_test.go b/aws/resource_aws_route53_record_test.go
@@ -1935,7 +1935,7 @@ resource "aws_route53_zone" "main" {
 }
 
 resource "aws_route53_record" "sample" {
-	zone_id = "${aws_route53_zone.main.zone_id}"
+  zone_id = "${aws_route53_zone.main.zone_id}"
   name = "sample"
   type = "CNAME"
   ttl = "30"

diff --git a/website/docs/guides/version-3-upgrade.html.md b/website/docs/guides/version-3-upgrade.html.md
@@ -568,6 +568,10 @@ Previously the `subject_alternative_names` argument was stored in the Terraform
 
 Previously when the `certificate_body`, `certificate_chain`, and `private_key` arguments were stored in state, they were stored as a hash of the actual value. This prevented Terraform from properly updating the resource when necessary and the hashing has been removed. The Terraform AWS Provider will show an update to these arguments on the first apply after upgrading to version 3.0.0, which is fixing the Terraform state to remove the hash. Since the `private_key` attribute is marked as sensitive, the values in the update will not be visible in the Terraform output. If the non-hashed values have not changed, then no update is occurring other than the Terraform state update. If these arguments are the only updates and they all match the hash removal, the apply will occur without submitting API calls.
 
+### Removal of trailing period in domain_validation_options.resource_record_name attribute
+
+Previously the resource returned the name of the DNS Record directly from the API, which included a `.` suffix. This proves difficult when many other AWS resources do not accept this trailing period (e.g. Route53 Record's `name` argument). This period is now automatically removed. For example, when the attribute would previously return a DNS Record Name such as `_a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com.`, the attribute now will be returned as `_a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com`.
+
 ## Resource: aws_api_gateway_method_settings
 
 ### throttling_burst_limit and throttling_rate_limit Arguments Now Default to -1