Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revamp fastly_tls_subscription examples #527

Merged
merged 2 commits into from
Jan 17, 2022
Merged

Revamp fastly_tls_subscription examples #527

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cd8cf68
Revamp `fastly_tls_subscription` examples
smaeda-ks Jan 15, 2022
f752bfd
apply feedback
smaeda-ks Jan 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ terraform {
required_providers {
fastly = {
source = "fastly/fastly"
version >= "0.39.0"
version >= "0.40.0"
}
}
}
Expand Down
55 changes: 40 additions & 15 deletions docs/resources/tls_subscription.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,21 @@ Usage with AWS Route 53:

```terraform
locals {
domain_name = "example.com"
domains = [
"example.com",
"*.example.com",
]
aws_route53_zone_id = "your_route53_zone_id"
}

resource "fastly_service_v1" "example" {
name = "example-service"

domain {
name = local.domain_name
dynamic domain {
for_each = local.domains
content {
name = domain.value
}
}

backend {
Expand All @@ -71,24 +78,42 @@ resource "fastly_tls_subscription" "example" {
certificate_authority = "lets-encrypt"
}

data "aws_route53_zone" "demo" {
name = local.domain_name
private_zone = false
}

# Set up DNS record for managed DNS domain validation method
resource "aws_route53_record" "domain_validation" {
depends_on = [fastly_tls_subscription.example]

for_each = {
for challenge in fastly_tls_subscription.example.managed_dns_challenges :
trimprefix(challenge.record_name, "_acme-challenge.") => challenge
# NOTE: in this example, two domains are added to the cert ("example.com" and "*.example.com").
# The "managed_dns_challenges" read-only attribute only includes one object
# for "_acme-challenge.example.com" as the challenge record is common in these two domains.
#
# In order to process a cert containing wildcard entries, remove wildcard prefix "*." from the key
# and use ellipsis (...) to group results by key to avoid "Duplicate object key" error.
# Therefore, a key may have multiple elements. For example, domains "example.com" and "*.example.com"
# find the exact same object in the "managed_dns_challenges" attribute due to the "if" statement below.
#
# A simplified version of this complex "for_each" usage would be:
# ```
# for_each = {
# for challenge in fastly_tls_subscription.example.managed_dns_challenges :
# trimprefix(challenge.record_name, "_acme-challenge.") => challenge
# }
# ```
# but since the "managed_dns_challenges" attribute is only known after apply,
# you will need to create this resource separately ("-target" option) and may not be ideal.
for_each = {
for domain in fastly_tls_subscription.example.domains :
replace(domain, "*.", "") => element([
for obj in fastly_tls_subscription.example.managed_dns_challenges :
obj if obj.record_name == "_acme-challenge.${replace(domain, "*.", "")}"
], 0)...
}
name = each.value.record_name
type = each.value.record_type
zone_id = data.aws_route53_zone.demo.id

# only reads the first element in the list since all elements are exactly the same (see above)
name = each.value[0].record_name
type = each.value[0].record_type
zone_id = local.aws_route53_zone_id
allow_overwrite = true
records = [each.value.record_value]
records = [each.value[0].record_value]
ttl = 60
}

Expand Down
55 changes: 40 additions & 15 deletions examples/resources/tls_subscription_with_route53.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,19 @@
locals {
domain_name = "example.com"
domains = [
"example.com",
"*.example.com",
]
aws_route53_zone_id = "your_route53_zone_id"
}

resource "fastly_service_v1" "example" {
name = "example-service"

domain {
name = local.domain_name
dynamic domain {
for_each = local.domains
content {
name = domain.value
}
}

backend {
Expand All @@ -22,24 +29,42 @@ resource "fastly_tls_subscription" "example" {
certificate_authority = "lets-encrypt"
}

data "aws_route53_zone" "demo" {
name = local.domain_name
private_zone = false
}

# Set up DNS record for managed DNS domain validation method
resource "aws_route53_record" "domain_validation" {
depends_on = [fastly_tls_subscription.example]

for_each = {
for challenge in fastly_tls_subscription.example.managed_dns_challenges :
trimprefix(challenge.record_name, "_acme-challenge.") => challenge
# NOTE: in this example, two domains are added to the cert ("example.com" and "*.example.com").
# The "managed_dns_challenges" read-only attribute only includes one object
# for "_acme-challenge.example.com" as the challenge record is common in these two domains.
#
# In order to process a cert containing wildcard entries, remove wildcard prefix "*." from the key
# and use ellipsis (...) to group results by key to avoid "Duplicate object key" error.
# Therefore, a key may have multiple elements. For example, domains "example.com" and "*.example.com"
# find the exact same object in the "managed_dns_challenges" attribute due to the "if" statement below.
#
# A simplified version of this complex "for_each" usage would be:
# ```
# for_each = {
# for challenge in fastly_tls_subscription.example.managed_dns_challenges :
# trimprefix(challenge.record_name, "_acme-challenge.") => challenge
# }
# ```
# but since the "managed_dns_challenges" attribute is only known after apply,
# you will need to create this resource separately ("-target" option) and may not be ideal.
for_each = {
for domain in fastly_tls_subscription.example.domains :
replace(domain, "*.", "") => element([
for obj in fastly_tls_subscription.example.managed_dns_challenges :
obj if obj.record_name == "_acme-challenge.${replace(domain, "*.", "")}"
], 0)...
}
name = each.value.record_name
type = each.value.record_type
zone_id = data.aws_route53_zone.demo.id

# only reads the first element in the list since all elements are exactly the same (see above)
name = each.value[0].record_name
type = each.value[0].record_type
zone_id = local.aws_route53_zone_id
allow_overwrite = true
records = [each.value.record_value]
records = [each.value[0].record_value]
ttl = 60
}

Expand Down