fix: handle viewer_certificate.ssl_support_method with CF default certificate #213
Conversation
syphernl
requested review from
adamcrews and
leb4r
and removed request for
a team
|
/test all |
korenyoni
added
patch
| @@ -463,7 +463,7 @@ resource "aws_cloudfront_distribution" "default" { | |||
|
|
|||
| viewer_certificate { | |||
| acm_certificate_arn = var.acm_certificate_arn | |||
| ssl_support_method = "sni-only" | |||
| ssl_support_method = local.use_default_acm_certificate ? null : "sni-only" | |||
There was a problem hiding this comment.
Does null behave differently than "" ? in terms of how the provider validates this field?
There was a problem hiding this comment.
Unfortunately yes. Providing "" results in it complaining you need to provide one of the two valid values. However sni-only causes issues with CF-issued certificates which works fine with null.
There was a problem hiding this comment.
Right I believe because it's an optional value it'll be fine, but "" is subject to the validation method https://github.com/hashicorp/terraform-provider-aws/blob/c47375e5482213883df51795322e2e2b55bc9348/internal/service/cloudfront/distribution.go#L694
|
/test terratest |
mergify
bot
dismissed
korenyoni’s stale review
This Pull Request has been updated, so we're dismissing all reviews.
|
/test all |
korenyoni
added
the
no-release
what
ssl_support_methodtonullwhen default certificate is being used instead of setting it tosni-onlyin all cases.why
sni-only) in conjunction with the "default certificate" results in the state not being idempotent.references