-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
provider/heroku: Fix heroku_cert update of ssl cert #14240
provider/heroku: Fix heroku_cert update of ssl cert #14240
Conversation
if err != nil { | ||
return err | ||
return fmt.Errorf("Error updating SSL endpoint: %s", err) | ||
} | ||
|
||
// Store the new ID | ||
d.SetId(ad.ID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this line isn't changing here, but it caught our eye. Is the ID of the SSL Cert changing? If so, either the private_key
or certificate_chain
attribute (or both?) should have ForceNew
specified and instruct terraform to do a complete destroy and recreate. Updating ID here could result in unexpected behavior (dangling resources), or just undefined behavior, depending on the provider.
The client methods being called, and the underlying PATCH
API call, suggests to me the ID is not actually changing and we should remove this line while we are here, if you could.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow, that's great feedback. This is my first PR against Terraform, and I'm still learning how it works. I will do some testing and handle this, or come back with additional questions...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@catsby I just verified that the ID is NOT changing between the create and the update, so I will remove this line.
Trying to surface this bug with a test: hashicorp#5930
c5d78ad
to
00d0061
Compare
Could someone provide feedback on what, if anything, remaining to be done in order to get this merged? |
Hey @wchrisjohnson – I ran the tests and got the following error:
Is that a limitation of my test account? |
@catsby It works on my end. Try the following:
|
I have all the Heroku things I should need in the environment:
I ran the tests again, strangely I'm getting a different error now, this time with the US SSL, not the EU one:
|
I did manage to get them to pass, but the inconsistency is troubling, do you have any thoughts there? |
yeah @catsby I have seen that specific error crop up periodically in my running of the test suite as well. It feels like some sort of race condition, as it doesn't occur consistently. Let me dig into this on my end a bit more. |
@wchrisjohnson thanks! Feel free to ping me if/when you find out 😄 |
@catsby I've been talking to some other engineers here at Heroku; there are some upstream conditions where rapid create/update of addon and SSL endpoints can fail, but can safely be retried. We're diagnosing the issue but believe it's unrelated to the changes in the PR. |
OK, sounds good 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
* Attempt to write a new test for cert update Trying to surface this bug with a test: hashicorp#5930 * Fix the error * Fix the test for the update operation * Break apart tests for EU vs US to cleanse test run * Refactor Update to more closely match create, increase debug logging * Reflect differences of EU and US regions via separate tests * Add comment re: why of test breakout * Removed the “SetId” as it was unnecessary * Ensure the SSL Addon has been provisioned
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
This change fixes #5930
Also:
@bernerdschaefer