Skip to content

fix(lightsail): Handle wildcard DNS entries with escaped asterisks #44588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(lightsail): Handle wildcard DNS entries with escaped asterisks #44588

wants to merge 2 commits into from

Conversation

alvarolb
Copy link

@alvarolb alvarolb commented Oct 8, 2025

Fixes #44587

Description

AWS Lightsail API returns wildcard domain entries with asterisks escaped as \052 (octal notation). This causes Terraform to fail reading wildcard DNS
entries after creation and to detect drift on subsequent applies.

This PR fixes the issue by normalizing wildcard characters in two places:

  1. FindDomainEntryById: Compare both * and \052 formats when searching for domain entries
  2. flattenDomainEntryName: Convert \052 back to * before saving to state

Changes

  • Modified internal/service/lightsail/domain_entry.go:
    • Updated FindDomainEntryById() to match entries using both wildcard formats
    • Updated flattenDomainEntryName() to unescape \052 to * for state consistency

Testing

Tested with:

  • Terraform 1.5.7, 1.6.6
  • AWS Provider 4.67.0, 6.15.0

Test scenario:

  1. Create Lightsail instance with wildcard DNS entry (*.subdomain.example.com)
  2. Verify creation succeeds without "empty result" error
  3. Run terraform apply again to verify no drift is detected
  4. Verify state stores * instead of \052

Before this fix:
Error: reading AWS Lightsail DomainEntry (*.test,example.com,A,1.2.3.4): empty result

After this fix:
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

Related Issues

Checklist

Notes

This fix maintains backward compatibility with existing non-wildcard DNS entries while properly handling the escaped wildcard format returned by the AWS
Lightsail API.

@alvarolb
fix(lightsail): Handle wildcard DNS entries with escaped asterisks
87da2b3 
AWS Lightsail API returns wildcard domain entries with asterisks escaped
as \052 (octal notation). This causes two issues:

1. Terraform fails reading wildcard entries after creation with 'empty result'
2. State drift is detected because \052 doesn't match the input *

This fix normalizes wildcards in two places:
- FindDomainEntryById: Compare both * and \052 formats when searching
- flattenDomainEntryName: Convert \052 back to * before saving to state

This allows wildcard DNS entries to be properly created and managed without
drift detection.
@alvarolb alvarolb requested a review from a team as a code owner October 8, 2025 14:12
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 8, 2025
edited
Loading

✅ Thank you for correcting the previously detected issues! The maintainers appreciate your efforts to make the review process as smooth as possible.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 8, 2025

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/lightsail Issues and PRs that pertain to the lightsail service. size/XS Managed by automation to categorize the size of a PR. labels Oct 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-triage Waiting for first response or review from a maintainer. service/lightsail Issues and PRs that pertain to the lightsail service. size/XS Managed by automation to categorize the size of a PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

aws_lightsail_domain_entry fails to read wildcard DNS entries

1 participant

@alvarolb