terraform-provider-gitlab icon indicating copy to clipboard operation
terraform-provider-gitlab copied to clipboard

Published 20 hours ago verified publisher icon gitlabhq

Feature request - Expose DNS records used in Pages configuration to rest of Terraform

Open tangodev opened this issue 5 years ago • 2 comments

Currently configuring Pages with a custom domain requires a manual intervention.

Terraform Version

Terraform v0.13.5

Affected Resource(s)

If applicable:

  • gitlab_project
  • gitlab_project_pages (if it will exist in next release)

Actual Behavior

Jane is working on a static site with GitLab Pages and already has a DNS provider that supports Terraform. She has to manually copy and paste DNS records for her custom domain from the GitLab console into her Terraform code, which is troublesome and error prone.

Expected Behavior

Jane wishes to get the following from the GitLab provider:

  • CNAME DNS record that directs traffic from her domain to Pages;
  • TXT DNS record used for verification;

by ex. using a data source. That way she could pass those records as variables to the provider of her DNS company. This scales much better and is much less error prone than semi-automatic configuration.

Important Factoids

GitLab provider version:

  • 3.1.0
  • 3.2.0

References

  • Similar case, inproving functionality of Pages for Terraform users: https://github.com/gitlabhq/terraform-provider-gitlab/issues/471
  • Documentation: https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/index.html#4-verify-the-domains-ownership

tangodev avatar Nov 26 '20 22:11 tangodev

For whoever takes this issue, note that the API docs for custom Pages domains are incomplete, as they don't illustrate the verification_code response body field, which can be used to generate the TXT record.

The VerificationCode field is there in the go-gitlab client, however, so use that.

Working example:

❯ curl -XPOST -H "PRIVATE-TOKEN: $PRIVATE_TOKEN" https://gitlab.com/api/v4/projects/21095177/pages/domains\?domain\=asdfg.example.com\&auto_ssl_enabled\=true
{"domain":"asdfg.example.com","url":"http://asdfg.example.com","verified":false,"verification_code":"e2683449ff8dd7a5997f8dbb7c3c12a8","enabled_until":null,"auto_ssl_enabled":true}

In that example the TXT record would be

_gitlab-pages-verification-code.abcd.example.com TXT gitlab-pages-verification-code=e2683449ff8dd7a5997f8dbb7c3c12a8

armsnyder avatar Nov 27 '20 01:11 armsnyder

I advise implementing the project_pages_domain resource with attributes matching the API fields, and not to include a computed txt_record attribute, for example.

We can show an example of computing the TXT record from the verification_code attribute in the resource documentation.

armsnyder avatar Nov 27 '20 01:11 armsnyder