provider/heroku: Fix heroku_cert update of ssl cert #14240
Conversation
wchrisjohnson
changed the title
wchrisjohnson
changed the title
| if err != nil { | ||
| return err | ||
| return fmt.Errorf("Error updating SSL endpoint: %s", err) | ||
| } | ||
|
|
||
| // Store the new ID | ||
| d.SetId(ad.ID) |
There was a problem hiding this comment.
I know this line isn't changing here, but it caught our eye. Is the ID of the SSL Cert changing? If so, either the private_key or certificate_chain attribute (or both?) should have ForceNew specified and instruct terraform to do a complete destroy and recreate. Updating ID here could result in unexpected behavior (dangling resources), or just undefined behavior, depending on the provider.
The client methods being called, and the underlying PATCH API call, suggests to me the ID is not actually changing and we should remove this line while we are here, if you could.
There was a problem hiding this comment.
Wow, that's great feedback. This is my first PR against Terraform, and I'm still learning how it works. I will do some testing and handle this, or come back with additional questions...
There was a problem hiding this comment.
@catsby I just verified that the ID is NOT changing between the create and the update, so I will remove this line.
catsby
added
the
waiting-response
Trying to surface this bug with a test: hashicorp#5930
wchrisjohnson
force-pushed
the
cj-fix-ssl-cert-update
branch
from
c5d78ad
to
00d0061
Compare
catsby
removed
the
waiting-response
|
Could someone provide feedback on what, if anything, remaining to be done in order to get this merged? |
|
Hey @wchrisjohnson – I ran the tests and got the following error: Is that a limitation of my test account? |
catsby
added
the
waiting-response
|
@catsby It works on my end. Try the following: |
|
I have all the Heroku things I should need in the environment: I ran the tests again, strangely I'm getting a different error now, this time with the US SSL, not the EU one: |
|
I did manage to get them to pass, but the inconsistency is troubling, do you have any thoughts there? |
|
yeah @catsby I have seen that specific error crop up periodically in my running of the test suite as well. It feels like some sort of race condition, as it doesn't occur consistently. Let me dig into this on my end a bit more. |
|
@wchrisjohnson thanks! Feel free to ping me if/when you find out 😄 |
|
@catsby I've been talking to some other engineers here at Heroku; there are some upstream conditions where rapid create/update of addon and SSL endpoints can fail, but can safely be retried. We're diagnosing the issue but believe it's unrelated to the changes in the PR. |
catsby
removed
the
waiting-response
|
OK, sounds good 👍 |
* Attempt to write a new test for cert update Trying to surface this bug with a test: hashicorp#5930 * Fix the error * Fix the test for the update operation * Break apart tests for EU vs US to cleanse test run * Refactor Update to more closely match create, increase debug logging * Reflect differences of EU and US regions via separate tests * Add comment re: why of test breakout * Removed the “SetId” as it was unnecessary * Ensure the SSL Addon has been provisioned
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
This change fixes #5930
Also:
@bernerdschaefer