Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

digitalocean_spaces_bucket_cors_configuration: Updating allowed origins has no effect #1129

Open
MauriceArikoglu opened this issue Mar 17, 2024 · 4 comments
Open

digitalocean_spaces_bucket_cors_configuration: Updating allowed origins has no effect #1129

MauriceArikoglu opened this issue Mar 17, 2024 · 4 comments
Labels
bug

Comments

@MauriceArikoglu
Copy link

Consider the below scenario for an update to digitalocean_spaces_bucket_cors_configuration of a spaces bucket (cdn enabled).
From documentation and platform UI, it becomes clear that adding multiple cors origins is possible. Using terraform, the update does not go through, even though the apply states success.

~ resource "digitalocean_spaces_bucket_cors_configuration" "cors" {
        id     = "my-id"
        # (2 unchanged attributes hidden)
      - cors_rule {
          - allowed_headers = [
              - "*",
            ] -> null
          - allowed_methods = [
              - "GET",
              - "HEAD",
            ] -> null
          - allowed_origins = [
              - "https://*.example.com",
            ] -> null
          - expose_headers  = [
              - "*",
            ] -> null
          - max_age_seconds = 300 -> null
        }
      + cors_rule {
          + allowed_headers = [
              + "*",
            ]
          + allowed_methods = [
              + "GET",
              + "HEAD",
            ]
          + allowed_origins = [
              + "https://*.example.com",
              + "sub.another.com",
              + "www.sub.another.com",
            ]
          + expose_headers  = [
              + "*",
            ]
          + max_age_seconds = 300
        }
    }
@danaelhe
Copy link
Member

danaelhe commented Mar 18, 2024
edited

Oh yes, I'm able to reproduce it as well:

  # digitalocean_spaces_bucket_cors_configuration.test will be updated in-place
  ~ resource "digitalocean_spaces_bucket_cors_configuration" "test" {
        id     = "seyedries"
        # (2 unchanged attributes hidden)

      - cors_rule {
          - allowed_headers = [
              - "*",
            ] -> null
          - allowed_methods = [
              - "POST",
              - "PUT",
            ] -> null
          - allowed_origins = [
              - "https://s3-website-test.hashicorp.com",
            ] -> null
          - expose_headers  = [
              - "ETag",
            ] -> null
          - max_age_seconds = 3000 -> null
        }
      + cors_rule {
          + allowed_headers = [
              + "*",
            ]
          + allowed_methods = [
              + "POST",
              + "PUT",
            ]
          + allowed_origins = [
              + "https://s3-website-test.hashicorp.com",
              + "sub.another.com",
            ]
          + expose_headers  = [
              + "ETag",
            ]
          + max_age_seconds = 3000
        }
    }
Screenshot 2024-03-18 at 12 05 21 PM

Will investigate 👍 thanks for bringing this to our attention.

@danaelhe
Copy link
Member

Hi there,

We've uncovered the bug on our end. Turns out it's at the API layer. The database team has created a ticket to address it. In the meantime as a workaround, you can create multiple COR rules to support multiple origins:

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT", "POST"]
    allowed_origins = ["https://s3-website-test.hashicorp.com"]
    expose_headers  = ["ETag"]
    max_age_seconds = 3000
  }

  cors_rule {
    allowed_methods = ["GET"]
    allowed_origins = ["*"]
  }

Will keep this issue opened until it is resolved.

@MauriceArikoglu
Copy link
Author

MauriceArikoglu commented Mar 21, 2024
edited

Hi @danaelhe thank you.

I have another issue I am unsure to create an issue for, since it only affects terraform on the side.

We have a kubernetes cluster with update policy. Last Monday the update was applied by digitalocean while running terraform apply (from 1.27.6 to 1.27.10). Now, the underlying droplet was destroyed in this process. With it, the resource monitors created by terraform were destroyed by the update. This all happened on digitalocean's side and terraform is unaware of this.

Now we wanted to reapply terraform to push some updates and were greeted by a terraform error that should already be known to your team:

image

@danaelhe
Copy link
Member

Hi @danaelhe thank you.

I have another issue I am unsure to create an issue for, since it only affects terraform on the side.

We have a kubernetes cluster with update policy. Last Monday the update was applied by digitalocean while running terraform apply (from 1.27.6 to 1.27.10). Now, the underlying droplet was destroyed in this process. With it, the resource monitors created by terraform were destroyed by the update. This all happened on digitalocean's side and terraform is unaware of this.

Now we wanted to reapply terraform to push some updates and were greeted by a terraform error that should already be known to your team:

image

Interesting....could you create a separate github issue so we can track this better?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MauriceArikoglu @danaelhe