[0.11] Work around terraform issue 18359 (#21)

Nuru · osterman · commit 90c7b9370802 · 2019-08-21T18:55:08.000-07:00
* Work around terraform issue 18359

* Revert bad merge

* Revert bad merge, fix proces/process

* Revert bad merge

* Fix proces/process

* Update README
diff --git a/README.md b/README.md
@@ -44,6 +44,11 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
 
 ## Usage
 
+
+**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases.
+Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-acm-request-certificate/releases).
+
+
 This example will request an SSL certificate for `example.com` domain
 
 ```hcl
@@ -92,7 +97,6 @@ Available targets:
 | tags | Additional tags (e.g. map('BusinessUnit`,`XYZ`) | map | `<map>` | no |
 | ttl | The TTL of the record to add to the DNS zone to complete certificate validation | string | `300` | no |
 | validation_method | Which method to use for validation, DNS or EMAIL | string | `DNS` | no |
-| zone_name | The name of the desired Route53 Hosted Zone | string | `` | no |
 
 ## Outputs
 
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -8,7 +8,6 @@
 | tags | Additional tags (e.g. map('BusinessUnit`,`XYZ`) | map | `<map>` | no |
 | ttl | The TTL of the record to add to the DNS zone to complete certificate validation | string | `300` | no |
 | validation_method | Which method to use for validation, DNS or EMAIL | string | `DNS` | no |
-| zone_name | The name of the desired Route53 Hosted Zone | string | `` | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
@@ -3,42 +3,24 @@ resource "aws_acm_certificate" "default" {
   validation_method         = "${var.validation_method}"
   subject_alternative_names = ["${var.subject_alternative_names}"]
   tags                      = "${var.tags}"
-
-  lifecycle {
-    create_before_destroy = true
-  }
 }
 
 data "aws_route53_zone" "default" {
   count        = "${var.process_domain_validation_options == "true" && var.validation_method == "DNS" ? 1 : 0}"
-  name         = "${local.zone_name}."
+  name         = "${var.domain_name}."
   private_zone = false
 }
 
 locals {
-  domain_validation_options = "${aws_acm_certificate.default.domain_validation_options[0]}"
-  zone_name                 = "${var.zone_name == "" ? var.domain_name : var.zone_name}"
-}
-
-resource "null_resource" "default" {
-  count = "${var.process_domain_validation_options == "true" && var.validation_method == "DNS" ? length(aws_acm_certificate.default.domain_validation_options) : 0}"
-
-  triggers = "${aws_acm_certificate.default.domain_validation_options[count.index]}"
-}
-
-resource "aws_acm_certificate_validation" "default" {
-  certificate_arn = "${aws_acm_certificate.default.arn}"
-
-  validation_record_fqdns = [
-    "${distinct(compact(concat(aws_route53_record.default.fqdn, var.subject_alternative_names)))}",
-  ]
+  # Workaround for https://github.com/hashicorp/terraform/issues/18359
+  domain_validation_options = "${flatten(aws_acm_certificate.default.*.domain_validation_options)}"
 }
 
 resource "aws_route53_record" "default" {
-  count   = "${length(null_resource.default.triggers)}"
+  count   = "${var.process_domain_validation_options == "true" && var.validation_method == "DNS" ? 1 : 0}"
   zone_id = "${data.aws_route53_zone.default.zone_id}"
-  name    = "${lookup("null_resource.default.${count.index}","resource_record_name")}"
-  type    = "${lookup("null_resource.default.${count.index}", "resource_record_type")}"
+  name    = "${lookup(local.domain_validation_options[count.index], "resource_record_name")}"
+  type    = "${lookup(local.domain_validation_options[count.index], "resource_record_type")}"
   ttl     = "${var.ttl}"
-  records = ["${lookup("null_resource.default.${count.index}","resource_record_value")}"]
+  records = ["${lookup(local.domain_validation_options[count.index], "resource_record_value")}"]
 }
diff --git a/outputs.tf b/outputs.tf
@@ -4,7 +4,7 @@ output "id" {
 }
 
 output "arn" {
-  value       = "${aws_acm_certificate_validation.default.certificate_arn}"
+  value       = "${aws_acm_certificate.default.arn}"
   description = "The ARN of the certificate"
 }
 
diff --git a/variables.tf b/variables.tf
@@ -32,9 +32,3 @@ variable "subject_alternative_names" {
   default     = []
   description = "A list of domains that should be SANs in the issued certificate"
 }
-
-variable "zone_name" {
-  type        = "string"
-  default     = ""
-  description = "The name of the desired Route53 Hosted Zone"
-}

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ output "id" {`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "arn" {`
`7`		`- value = "${aws_acm_certificate_validation.default.certificate_arn}"`
	`7`	`+ value = "${aws_acm_certificate.default.arn}"`
`8`	`8`	`description = "The ARN of the certificate"`
`9`	`9`	`}`
`10`	`10`