Merge pull request #2 from bethdevopsbunny/fix_ssl_400_already_exists

fix(ssl): inability to change domain name
bethdevopsbunny · Aug 1, 2023 · 9182939 · 9182939
2 parents b6762d4 + bd2a7c0
commit 9182939
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/load_balancer.tf b/load_balancer.tf
@@ -7,9 +7,21 @@
 # creates google managed ssl certificate for the provided domain.
 resource "google_compute_managed_ssl_certificate" "default" {
   project = local.deployment_project
-  name    = var.application_name
+  name    = random_id.certificate.hex
   managed {
-    domains = [var.dns_name]
+    domains = local.managed_domains
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# random id generated for ssl name
+resource "random_id" "certificate" {
+  byte_length = 4
+  prefix      = "just-in-time-certificate-"
+  keepers = {
+    domains = join(",", local.managed_domains)
   }
 }
 

diff --git a/locals.tf b/locals.tf
@@ -10,4 +10,7 @@ locals {
 
   # Roles required to view assets and to apply changes to iam configuration.
   app_roles = ["roles/iam.securityAdmin", "roles/cloudasset.viewer"]
+
+  # random id requires a list of urls
+  managed_domains = tolist([var.dns_name])
 }