From d41c74da43a94badbc75faa9314e2faef8da0625 Mon Sep 17 00:00:00 2001 From: Javier Velasquez Date: Mon, 29 Jul 2019 13:55:03 +0100 Subject: [PATCH] fix: remove domain verification enforcement --- .pre-commit-config.yaml | 2 +- README.md | 2 -- examples/complete-dns-validation/README.md | 2 -- examples/complete-dns-validation/outputs.tf | 10 ---------- main.tf | 22 ++++----------------- outputs.tf | 10 ---------- 6 files changed, 5 insertions(+), 43 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4a719be..150a8c8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.14.0 + rev: v1.17.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/README.md b/README.md index 5301158..c0198d4 100644 --- a/README.md +++ b/README.md @@ -82,11 +82,9 @@ module "acm" { | Name | Description | |------|-------------| -| distinct\_domain\_names | List of distinct domains names used for the validation. | | this\_acm\_certificate\_arn | The ARN of the certificate | | this\_acm\_certificate\_domain\_validation\_options | A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used. | | this\_acm\_certificate\_validation\_emails | A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used. | -| validation\_domains | List of distinct domain validation options. This is useful if subject alternative names contain wildcards. | | validation\_route53\_record\_fqdns | List of FQDNs built using the zone domain and name. | diff --git a/examples/complete-dns-validation/README.md b/examples/complete-dns-validation/README.md index 84465ed..bdf59b0 100644 --- a/examples/complete-dns-validation/README.md +++ b/examples/complete-dns-validation/README.md @@ -29,11 +29,9 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Description | |------|-------------| -| distinct\_domain\_names | List of distinct domains names used for the validation. | | this\_acm\_certificate\_arn | The ARN of the certificate | | this\_acm\_certificate\_domain\_validation\_options | A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used. | | this\_acm\_certificate\_validation\_emails | A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used. | -| validation\_domains | List of distinct domain validation options. This is useful if subject alternative names contain wildcards. | | validation\_route53\_record\_fqdns | List of FQDNs built using the zone domain and name. | diff --git a/examples/complete-dns-validation/outputs.tf b/examples/complete-dns-validation/outputs.tf index a52ee46..b4e47d4 100644 --- a/examples/complete-dns-validation/outputs.tf +++ b/examples/complete-dns-validation/outputs.tf @@ -17,13 +17,3 @@ output "validation_route53_record_fqdns" { description = "List of FQDNs built using the zone domain and name." value = module.acm.validation_route53_record_fqdns } - -output "distinct_domain_names" { - description = "List of distinct domains names used for the validation." - value = module.acm.distinct_domain_names -} - -output "validation_domains" { - description = "List of distinct domain validation options. This is useful if subject alternative names contain wildcards." - value = module.acm.validation_domains -} diff --git a/main.tf b/main.tf index ab92a89..7eab4a1 100644 --- a/main.tf +++ b/main.tf @@ -1,17 +1,3 @@ -locals { - // Get distinct list of domains and SANs - distinct_domain_names = distinct(concat([var.domain_name], data.template_file.breakup_san.*.rendered)) - - // Copy domain_validation_options for the distinct domain names - validation_domains = [for k, v in aws_acm_certificate.this[0].domain_validation_options : tomap(v) if contains(local.distinct_domain_names, v.domain_name)] -} - -data "template_file" "breakup_san" { - count = length(var.subject_alternative_names) - - template = replace(var.subject_alternative_names[count.index], "*.", "") -} - resource "aws_acm_certificate" "this" { count = var.create_certificate ? 1 : 0 @@ -27,15 +13,15 @@ resource "aws_acm_certificate" "this" { } resource "aws_route53_record" "validation" { - count = var.create_certificate && var.validation_method == "DNS" && var.validate_certificate ? length(local.distinct_domain_names) : 0 + count = var.create_certificate && var.validation_method == "DNS" && var.validate_certificate ? length(var.subject_alternative_names) + 1 : 0 zone_id = var.zone_id - name = element(local.validation_domains, count.index)["resource_record_name"] - type = element(local.validation_domains, count.index)["resource_record_type"] + name = aws_acm_certificate.this[0].domain_validation_options[count.index]["resource_record_name"] + type = aws_acm_certificate.this[0].domain_validation_options[count.index]["resource_record_type"] ttl = 60 records = [ - element(local.validation_domains, count.index)["resource_record_value"] + aws_acm_certificate.this[0].domain_validation_options[count.index]["resource_record_value"] ] allow_overwrite = var.validation_allow_overwrite_records diff --git a/outputs.tf b/outputs.tf index fb713b3..a1811e4 100644 --- a/outputs.tf +++ b/outputs.tf @@ -17,13 +17,3 @@ output "validation_route53_record_fqdns" { description = "List of FQDNs built using the zone domain and name." value = aws_route53_record.validation.*.fqdn } - -output "distinct_domain_names" { - description = "List of distinct domains names used for the validation." - value = local.distinct_domain_names -} - -output "validation_domains" { - description = "List of distinct domain validation options. This is useful if subject alternative names contain wildcards." - value = local.validation_domains -}