Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_route53_record_invalid_zone_id should also allow /hostedzone/ prefix on zone_id #345

Open
fstr opened this issue May 11, 2022 · 4 comments
Open

aws_route53_record_invalid_zone_id should also allow /hostedzone/ prefix on zone_id #345

fstr opened this issue May 11, 2022 · 4 comments

Comments

@fstr
Copy link

fstr commented May 11, 2022

The rule aws_route53_record_invalid_zone_id has a char limit of 32 chars on the zone_id property. A longer zone_id raises an error when linting.

According to the AWS docs, this is correct. See Id section of linked documentation.

The ID of the hosted zone that contains the resource record sets that you want to change.
Length Constraints: Maximum length of 32.
Required: Yes

In my use case I generate Terraform files with kOps, and the generated zone_ids are in the format /hostedzone/XXXXXXXXXXXXXXXXXXXXX. The generated zone_id format is accepted by the Terraform AWS provider aws_route53_record resource.

Example:

resource "aws_route53_record" "dummy" {
  alias {
    evaluate_target_health = false
    name                   = aws_elb.myelb.dns_name
    zone_id                = aws_elb.myelb.zone_id
  }
  name    = "example.org"
  type    = "A"
  zone_id = "/hostedzone/XXXXXXXXXXXXXXXXXXXXX"
}

I was not able to find the source code for the aws_route53_record, because I don't know the provider codebase that well. Maybe it's auto generated. As a proof besides my own codebase, I found a test case in the provider repository which also uses the prefix.

The ruleset should be adjusted to support the /hostedzone/ prefix on the aws_route53_record.zone_id property.
@PatMyron
Copy link
Contributor

generated from

tflint-ruleset-aws/rules/models/mappings/route53.hcl

Line 35 in 67c93da

zone_id = ResourceId

https://github.com/aws/aws-sdk-go/blob/b7f3444e8fe813e07fb71fa8c487ff738882d79f/models/apis/route53/2013-04-01/api-2.json#L3645

@bendrucker
Copy link
Member

The trouble here partially comes from the fact that the AWS provider accepts this but then proceeds to chop it off everywhere, e.g.:

https://github.com/hashicorp/terraform-provider-aws/blob/75baa5b0303e54f343a45d591526365c794fbc08/internal/service/route53/record.go#LL261

You can find lots of examples of this happening in other projects:

https://github.com/search?q=zone_id+%3D+%22%2Fhostedzone%2F+TrimPrefix&type=code

And the shape of a ResourceId:

https://github.com/aws/aws-sdk-go/blob/main/models/apis/route53/2013-04-01/api-2.json#LL4069

The provider also asserts that zone_id is <32 characters:

https://github.com/hashicorp/terraform-provider-aws/blob/75baa5b0303e54f343a45d591526365c794fbc08/internal/service/route53/record.go#L98

Particularly given that this report is missing the output, I'm not understanding what the discrepancy is and how the rule logic would change, even setting aside the fact that it's generated.

@bendrucker bendrucker reopened this Dec 7, 2022
@bendrucker
Copy link
Member

Didn't intend to close, looking for a clear reproduction before spending any more time here

@vishwa-trulioo

This comment was marked as duplicate.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fstr @bendrucker @PatMyron @vishwa-trulioo