Validate DNS prefix

This validation is not done in the CLI, so creating a cluster with a DNS prefix that does not fulfill these requirements will not fail. However, in some cases such a cluster will be badly broken; for example, if the specified DNS prefix has subdomain parts (e.g. foo.bar.baz), certificate validation will fail when communicating with the cluster, resulting in broken behavior for commands such as kubectl logs. Because of the seriously broken state a cluster can end up in, and since the cluster will have to be completely recreated in order to change the DNS prefix, I think it's worthwhile to implement this validation even before the CLI has been patched to include it. The source for the validation rules (and error message) is the client- side validation error message in the Azure Portal, where validation is already implemented.
hashicorp · Jan 7, 2019 · d16b533 · d16b533
1 parent a6051d9
commit d16b533
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go
@@ -76,6 +76,7 @@ func resourceArmKubernetesCluster() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
+				ValidateFunc: validateKubernetesClusterDnsPrefix(),
 			},
 
 			"kubernetes_version": {
@@ -1124,6 +1125,13 @@ func validateKubernetesClusterAgentPoolName() schema.SchemaValidateFunc {
 	)
 }
 
+func validateKubernetesClusterDnsPrefix() schema.SchemaValidateFunc {
+	return validation.StringMatch(
+		regexp.MustCompile("^[a-zA-Z][a-zA-Z0-9\\-]{0,43}[a-zA-Z0-9]$"),
+		"The DNS name must contain between 3 and 45 characters. The name can contain only letters, numbers, and hyphens. The name must start with a letter and must end with a letter or a number.",
+	)
+}
+
 func flattenKubernetesClusterKubeConfig(config kubernetes.KubeConfig) []interface{} {
 	values := make(map[string]interface{})
 

diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown
@@ -69,6 +69,8 @@ The following arguments are supported:
 
 * `dns_prefix` - (Required) DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
 
+-> **NOTE:** The `dns_prefix` must contain between 3 and 45 characters, and can contain only letters, numbers, and hyphens. It must start with a letter and must end with a letter or a number.
+
 * `service_principal` - (Required) A `service_principal` block as documented below.
 
 ---
-Original file line number
+Diff line change
@@ Expand Up / @@ -69,6 +69,8 @@ The following arguments are supported: @@
     * `dns_prefix` - (Required) DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
+    -> **NOTE:** The `dns_prefix` must contain between 3 and 45 characters, and can contain only letters, numbers, and hyphens. It must start with a letter and must end with a letter or a number.
     * `service_principal` - (Required) A `service_principal` block as documented below.
     ---
@@ Expand Down @@