googleapi: Error 400: The 'entity.managedZone.dnssecConfig' parameter is required but was missing #227
Description
I have Jenkins X running in GCP, after switching the source in my terraform to github.com/jenkins-x/terraform-google-jx?ref=v1.11.2 I've started to have an error from google API with the required dnssecConfig parameter.
Error message:
module.jx.module.dns.google_dns_managed_zone.externaldns_managed_zone_with_sub[0]: Modifying... [id=projects/cicd-jenkinsx-prd/managedZones/dev-jx-xxxxx-dev-sub]
╷
│ Error: Error updating ManagedZone "projects/cicd-jenkinsx-prd/managedZones/dev-jx-xxxxx-dev-sub": googleapi: Error 400: The 'entity.managedZone.dnssecConfig' parameter is required but was missing., required
│
│ with module.jx.module.dns.google_dns_managed_zone.externaldns_managed_zone_with_sub[0],
│ on .terraform/modules/jx/modules/dns/main.tf line 37, in resource "google_dns_managed_zone" "externaldns_managed_zone_with_sub":
│ 37: resource "google_dns_managed_zone" "externaldns_managed_zone_with_sub" {
│
╵
Releasing state lock. This may take a few moments...
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.
I have figured out that the dnssec_config is missing in .terraform/modules/jx/modules/dns/main.tf so I have forked the terraform-google-jx, added the missing configuration, and used it to deploy my infrastructure without errors.
It would be nice if a similar solution could be applied to the official repo because for now, it's a blocker for Jenkins X infrastructure deployment on GCP.
Below is the resource with my patch in main.tf and variables.tf:
// if we have a subdomain managed the zone here and add recordsets to the apex zone
resource "google_dns_managed_zone" "externaldns_managed_zone_with_sub" {
count = var.apex_domain != "" && var.subdomain != "" ? 1 : 0
name = "${replace(var.subdomain, ".", "-")}-${replace(var.apex_domain, ".", "-")}-sub"
dns_name = "${var.subdomain}.${var.apex_domain}."
description = "JX DNS subdomain zone managed by terraform"
dnssec_config {
kind = "dns#managedZoneDnsSecConfig"
non_existence = "nsec3"
state = var.dnssec_state
default_key_specs {
algorithm = "rsasha256"
key_length = 2048
key_type = "keySigning"
kind = "dns#dnsKeySpec"
}
default_key_specs {
algorithm = "rsasha256"
key_length = 1024
key_type = "zoneSigning"
kind = "dns#dnsKeySpec"
}
}
force_destroy = true
}
variables.tf
variable "dnssec_state" {
description = "The apex domain to be allocated to the cluster"
type = string
default = "off"
}
Environment details:
Terraform version 1.3.2
Terraform init versions:
- Installing hashicorp/helm v2.7.1...
- Installed hashicorp/helm v2.7.1 (signed by HashiCorp)
- Installing hashicorp/google v4.40.0...
- Installed hashicorp/google v4.40.0 (signed by HashiCorp)
- Installing hashicorp/random v3.4.3...
- Installed hashicorp/random v3.4.3 (signed by HashiCorp)
- Installing hashicorp/local v2.2.3...
- Installed hashicorp/local v2.2.3 (signed by HashiCorp)
- Installing hashicorp/null v3.1.1...
- Installed hashicorp/null v3.1.1 (signed by HashiCorp)
- Installing hashicorp/google-beta v4.40.0...
- Installed hashicorp/google-beta v4.40.0 (signed by HashiCorp)
- Installing hashicorp/kubernetes v2.14.0...
- Installed hashicorp/kubernetes v2.14.0 (signed by HashiCorp)