DXE-2796/DXE-3126 v4.1.0 terraform import TXT record with length > 255 chars

[hightoxicity]

Hi there,

Conforming https://community.akamai.com/customers/s/article/How-to-set-TXT-or-SPF-record-longer-than-255-bytes-in-Authoritative-DNS?language=en_US

We have an SPF record larger than 255 that has been created in the past into the gui following previous guide and setting this exact value:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMZAR79x/6UHyyz6INnpuDC0dAMXUqcF6xE4a0nRN8R9FXfGRYhUHIOLCYTtj0PBG39A82lQAb/IB8epeEHkiJBye7/X8Khf4NsuQd2mkJuBgmSGsDXRI9evWE7+LcyxJaiZK/qKBAzVx37iZtbw7KhKimXhq+UztjmkVJ4qTIEkqa1z467Fw3Yyrr70JDv" "0aorve7Fs94v4Lr4/NTWHi7wVLUHl6TpBhqfJir7xVupeMLCcm2pbKkMd8eyeDDhYcrKTnubiuNGO/hqw7Sjt6WoVo8srz3+cvkEPzQbw0NRN4MVUTkcr4XGQjl3C2XSD7Gmtvjrm7sPuvdYtCADGJQIDAQAB\010"

You can find the concerning record here:

dig TXT google._domainkey.springcmcontracts.com

; <<>> DiG 9.10.6 <<>> TXT google._domainkey.springcmcontracts.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54358
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;google._domainkey.springcmcontracts.com. IN TXT

;; ANSWER SECTION:
google._domainkey.springcmcontracts.com. 600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMZAR79x/6UHyyz6INnpuDC0dAMXUqcF6xE4a0nRN8R9FXfGRYhUHIOLCYTtj0PBG39A82lQAb/IB8epeEHkiJBye7/X8Khf4NsuQd2mkJuBgmSGsDXRI9evWE7+LcyxJaiZK/qKBAzVx37iZtbw7KhKimXhq+UztjmkVJ4qTIEkqa1z467Fw3Yyrr70JDv" "0aorve7Fs94v4Lr4/NTWHi7wVLUHl6TpBhqfJir7xVupeMLCcm2pbKkMd8eyeDDhYcrKTnubiuNGO/hqw7Sjt6WoVo8srz3+cvkEPzQbw0NRN4MVUTkcr4XGQjl3C2XSD7Gmtvjrm7sPuvdYtCADGJQIDAQAB\010"

;; Query time: 67 msec
;; SERVER: 10.180.65.60#53(10.180.65.60)
;; WHEN: Wed Jun 14 22:39:52 CEST 2023
;; MSG SIZE  rcvd: 493

But fact is that when we use:

TF_LOG=debug terraform import -var-file=tfvars/production/env.tfvars -var-file=tfvars/production/zones.tfvars 'akamai_dns_record.ak-txt-records["springcmcontracts.com#google._domainkey.springcmcontracts.com"]' "springcmcontracts.com#google._domainkey.springcmcontracts.com#TXT"

We can see there something that is populating a strange value in the state... And this is what we see in the console on the import:

- .target[0]: was cty.StringVal("\"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMZAR79x/6UHyyz6INnpuDC0dAMXUqcF6xE4a0nRN8R9FXfGRYhUHIOLCYTtj0PBG39A82lQAb/IB8epeEHkiJBye7/X8Khf4NsuQd2mkJuBgmSGsDXRI9evWE7+LcyxJaiZK/qKBAzVx37iZtbw7KhKimXhq+UztjmkVJ4qTIEkqa1z467Fw3Yyrr70JDv\" \"0aorve7Fs94v4Lr4/NTWHi7wVLUHl6TpBhqfJir7xVupeMLCcm2pbKkMd8eyeDDhYcrKTnubiuNGO/hqw7Sjt6WoVo8srz3+cvkEPzQbw0NRN4MVUTkcr4XGQjl3C2XSD7Gmtvjrm7sPuvdYtCADGJQIDAQAB\\010\""), but now cty.StringVal("v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMZAR79x/6UHyyz6INnpuDC0dAMXUqcF6xE4a0nRN8R9FXfGRYhUHIOLCYTtj0PBG39A82lQAb/IB8epeEHkiJBye7/X8Khf4NsuQd2mkJuBgmSGsDXRI9evWE7+LcyxJaiZK/qKBAzVx37iZtbw7KhKimXhq+UztjmkVJ4qTIEkqa1z467Fw3Yyrr70JDv\" \"0aorve7Fs94v4Lr4/NTWHi7wVLUHl6TpBhqfJir7xVupeMLCcm2pbKkMd8eyeDDhYcrKTnubiuNGO/hqw7Sjt6WoVo8srz3+cvkEPzQbw0NRN4MVUTkcr4XGQjl3C2XSD7Gmtvjrm7sPuvdYtCADGJQIDAQAB\\010") - .record_sha: was cty.StringVal("cf16f39dfca9ccbe39c81aff2b039f0bef1ae2f3"), but now cty.StringVal("e06b4c3a354d07c55b13da7214ce28b32cfa2492")

This break the first double quote and the last one for some strange reason (which one, I do not know) but fact is that it is not looking what you explain into the above guide.

Here is the populated record into the state:

    {
      "mode": "managed",
      "type": "akamai_dns_record",
      "name": "ak-txt-records",
      "provider": "provider[\"registry.terraform.io/akamai/akamai\"]",
      "instances": [
        {
          "index_key": "springcmcontracts.com#google._domainkey.springcmcontracts.com",
          "schema_version": 0,
          "attributes": {
            "active": null,
            "algorithm": null,
            "answer_type": null,
            "certificate": null,
            "digest": null,
            "digest_type": null,
            "dns_name": null,
            "email_address": null,
            "expiration": null,
            "expiry": null,
            "fingerprint": null,
            "fingerprint_type": null,
            "flags": null,
            "flagsnaptr": null,
            "hardware": null,
            "id": "springcmcontracts.com#google._domainkey.springcmcontracts.com#TXT",
            "inception": null,
            "iterations": null,
            "key": null,
            "keytag": null,
            "labels": null,
            "mailbox": null,
            "match_type": null,
            "name": "google._domainkey.springcmcontracts.com",
            "name_server": null,
            "next_hashed_owner_name": null,
            "nxdomain_ttl": null,
            "order": null,
            "original_ttl": null,
            "port": null,
            "preference": null,
            "priority": null,
            "priority_increment": null,
            "protocol": null,
            "record_sha": "e06b4c3a354d07c55b13da7214ce28b32cfa2492",
            "recordtype": "TXT",
            "refresh": null,
            "regexp": null,
            "replacement": null,
            "retry": null,
            "salt": null,
            "selector": null,
            "serial": null,
            "service": null,
            "signature": null,
            "signer": null,
            "software": null,
            "subtype": null,
            "svc_params": null,
            "svc_priority": null,
            "target": [
              "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMZAR79x/6UHyyz6INnpuDC0dAMXUqcF6xE4a0nRN8R9FXfGRYhUHIOLCYTtj0PBG39A82lQAb/IB8epeEHkiJBye7/X8Khf4NsuQd2mkJuBgmSGsDXRI9evWE7+LcyxJaiZK/qKBAzVx37iZtbw7KhKimXhq+UztjmkVJ4qTIEkqa1z467Fw3Yyrr70JDv\" \"0aorve7Fs94v4Lr4/NTWHi7wVLUHl6TpBhqfJir7xVupeMLCcm2pbKkMd8eyeDDhYcrKTnubiuNGO/hqw7Sjt6WoVo8srz3+cvkEPzQbw0NRN4MVUTkcr4XGQjl3C2XSD7Gmtvjrm7sPuvdYtCADGJQIDAQAB\\010"
            ],
            "target_name": null,
            "ttl": 600,
            "txt": null,
            "type_bitmaps": null,
            "type_covered": null,
            "type_mnemonic": null,
            "type_value": null,
            "usage": null,
            "weight": null,
            "zone": "springcmcontracts.com"
          },
          "sensitive_attributes": [],
          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
        }
      ]
    },

I think both the value and the computed sha1 are wrong into the state json file...

Terraform Version

1.5.0

Affected Resource(s)

• akamai_dns_record (TXT type)

[hightoxicity]

In other term for which reason are you trimming double quotes here?

https://github.com/akamai/terraform-provider-akamai/blob/master/pkg/providers/dns/resource_akamai_dns_record.go#L2076

		case RRTypeTxt:
			logger.Debugf("Bind TXT Data IN: [%s]", recContentStr)
			recContentStr = strings.Trim(recContentStr, `"`)
			recContentStr = txtRecordEscape(recContentStr)

			logger.Debugf("Bind TXT Data %s", recContentStr)
			logger.Debugf("Bind TXT Data OUT: [%s]", recContentStr)
			records = append(records, recContentStr)

Thx

[mgwoj]

Thank you for rising this issue. We will investigate and update once we have some details.

[hightoxicity]

You may be interested by the WIP to try to deal with this: https://github.com/hightoxicity/terraform-provider-akamai/tree/v4.1.0-safer-double-quotes-trim

I may not have understood what it should do or what is expected as behaviour:

• I do not know if the provider should do any magical stuff with user input like doing the cut for more than 255 txt strings
• I do not know which kind of string is expected to be stored into the state

If you can share some specs about this, I may help.

[hightoxicity]

A better attempt: master...hightoxicity:terraform-provider-akamai:v4.1.0-revamp-txt-mgmt

[hightoxicity]

Hi, any update here?

Thx

[lsadlon]

Hi @hightoxicity,

Fix for this issue will be a part for upcoming release.

BR,
Lukasz

[hightoxicity]

Hi @hightoxicity,

Fix for this issue will be a part for upcoming release.

BR, Lukasz

Where can we see the upcoming changes that will be merged into next release?
I mean are you about to integrate my changes or do you have made your own fix and in such case do you have a link to the relative commits?

Thx

[lsadlon]

Hi @hightoxicity,

Unfortunately, there is no place that we can share with you to see the upcoming changes. All changes (commits) will be available after release.

BR,
Lukasz

[sriraamas]

Hi @lsadlon

The underlying issue here also prevented managing TXT records with length > 255 chars in terraform, not just the terraform import of it. Can we assume that the upcoming release will allow managing the long (> 255 chars) TXT records in terraform as well?

BR,
Sriraam

[lsadlon]

Hi @sriraamas

Yes, fix is in general for handling record with length > 255 chars, not just import.

BR,
Lukasz

[lkowalsk-akamai-com]

This issue should be fixed now with Akamai Terraform Provider 5.5.0 release.