Terraform v0.13.7
- provider registry.terraform.io/hashicorp/aws v3.59.0
- provider registry.terraform.io/hashicorp/template v2.2.0
Hi,
I’m trying to move from version 2.70.0 to version 3.X of the AWS provider plug-in. That entails dealing with a change in the domain_validation_options attribute of aws_acm_certificate, which becomes a set rather than a list.
I have code managing a certificate with 3 SANs in addition to the main certificate name. With version 2.70.0 of the AWS provider plug-in, as expected, this produces a four-element list, as can be seen in this output from a terraform show -json planfile:
"domain_validation_options": [
{
"domain_name": "example.net",
"resource_record_name": "blah-1.example.net.",
"resource_record_type": "CNAME",
"resource_record_value": "blah-1.acm-validations.aws."
},
{
"domain_name": "*.a.example.net",
"resource_record_name": "blah-2.a.example.net.",
"resource_record_type": "CNAME",
"resource_record_value": "blah-2.acm-validations.aws."
},
{
"domain_name": "*.b.example.net",
"resource_record_name": "blah-3.b.example.net.",
"resource_record_type": "CNAME",
"resource_record_value": "blah-3.acm-validations.aws."
},
{
"domain_name": "*.c.example.net",
"resource_record_name": "blah-4.c.example.net.",
"resource_record_type": "CNAME",
"resource_record_value": "blah-4.acm-validations.aws."
}
],
Also as expected, I can address each one of these list elements by its index, e.g.:
aws_acm_certificate.sslcert.domain_validation_options[0]
When I install a 3.X version of the plug-in, however, a set is returned. I am trying to make things easy by converting it to a list with the tolist() function. That returns a lexicographically ordered list–which is expected.
"domain_validation_options": [
{
"domain_name": "*.a.example.net",
"resource_record_name": "blah-2.a.example.net.",
"resource_record_type": "CNAME",
"resource_record_value": "blah-2.acm-validations.aws."
},
{
"domain_name": "*.b.example.net",
"resource_record_name": "blah-3.b.example.net.",
"resource_record_type": "CNAME",
"resource_record_value": "blah-3.acm-validations.aws."
},
{
"domain_name": "*.c.example.net",
"resource_record_name": "blah-4.c.example.net.",
"resource_record_type": "CNAME",
"resource_record_value": "blah-4.acm-validations.aws."
},
{
"domain_name": "example.net",
"resource_record_name": "blah-1.example.net.",
"resource_record_type": "CNAME",
"resource_record_value": "blah-1.acm-validations.aws."
},
],
What is unexpected is Terraform reports that it is a two-element rather than a four-element list. When I try to access what appears to be the last element in the second terraform show -json planfile output quoted above (“domain_name”: “example.net”), it gives me the following error:
on common/certificate/certificate.tf line 14, in locals:
14: vopt = tolist(aws_acm_certificate.sslcert.domain_validation_options)[3]
aws_acm_certificate.sslcert.domain_validation_options is set of object with 2 elements
Can anyone help me understand why this is happening? And is there a more reliable way to inspect variables than browsing the output of terraform show -json planfile?
Thanks!