Error if CAA 'iodef' record defined

[bgre033]

Hi,

It seems if a zone in Namecheap contains a CAA 'iodef' record, the Namecheap Terraform provider fails to create DNS records. If the CAA record is removed, the creation succeeds. I've tested with A and CNAME records, using Terraform 1.4.0 and 1.4.6, with Namecheap provider 2.1.0.

Terraform Version

Terraform v1.4.6

• provider registry.terraform.io/namecheap/namecheap v2.1.0

Namecheap provider version

What version of terraform-provider-namecheap are you using? 2.1.0

Steps to Reproduce

1. Create a CAA record such as below in the zone file on Namecheap

CAA Record
@
iodef
"mailto:[email protected]"

2. Create Namecheap resource block

resource "namecheap_domain_records" "create-record" {

    domain = "domain.com"
    mode = "MERGE"

    # ACM Certificate Validation Record
    record {
        hostname = "test"
        type = "A"
        address = "1.1.1.1"
        ttl = 1800
    }
}

3. Run 'terraform apply'
4. Output is an error such as below.

Error: Records[10].Address "0 iodef "mailto:[email protected]"" must contain a protocol prefix for CAA iodef record

[psa]

I'm not sure why they're not merging it, but #66 has the fix you're looking for.

[bgre033]

Thanks, and good work! I have a case open with Namecheap and have passed this on. Fingers crossed they actually do something about it.

[LarsArtmann]

I just tried to add the following records and failed with the error message below.
If I add it in the Web GUI it works without any complaints.

I'm sure somehow the validation logic does not recognise mailto: correctly.

Code

 record {
    address  = "0 issue \"pki.goog\""
    hostname = "@"
    mx_pref  = 10
    ttl      = 1799
    type     = "CAA"
  }
  record {
    address  = "0 iodef \"mailto:[email protected]\""
    hostname = "@"
    mx_pref  = 10
    ttl      = 1799
    type     = "CAA"
  }

Error

│ Error: Records[18].Address "0 iodef "mailto:[email protected]"" must contain a protocol prefix for CAA iodef record
│
│ with namecheap_domain_records.larsartmann_com,
│ on larsartmann.com.tf line 5, in resource "namecheap_domain_records" "larsartmann_com":
│ 5: resource "namecheap_domain_records" "larsartmann_com" {
│

locating the bug

After adding the CAA iodef record manually through the namecheap Web GUI (Image 1), the error stayed the same.
Only after applying CAA issue record manually through the namecheap Web GUI (Image 2), there by fully syncing the real state and the terraform target state, did the error disappear. It's also noticeable that terraform plan did not find anything to do after fully syncing them manually.

[LarsArtmann]

Update: if it's fully synced but you want to change any other part of the domain e.g. TXT _dmarc it wouldn't let you/me.
Version: 2.1.2

[LarsArtmann]

The problem

terraform-provider-namecheap/vendor/github.com/namecheap/go-namecheap-sdk/v2/namecheap/domains_dns_set_hosts.go

Line 40 in 5e44263

var validURLProtocolPrefix = regexp.MustCompile("[a-z]+://")

validURLProtocolPrefix checks for :// but mailto: doesn't contain //
See: https://www.rfc-editor.org/rfc/rfc6844#:~:text=5.4.%20%20CAA%20iodef%20Property

terraform-provider-namecheap/vendor/github.com/namecheap/go-namecheap-sdk/v2/namecheap/domains_dns_set_hosts.go

Line 193 in 5e44263

if strings.Contains(*record.Address, "iodef") && !validURLProtocolPrefix.MatchString(*record.Address) {

Suggested fix

if strings.Contains(*record.Address, "iodef") && (!validURLProtocolPrefix.MatchString(*record.Address) && !strings.HasPrefix(*record.Address, "mailto:")) {

[fdrvrtm]

Please give a try to the latest version of this provider released yesterday.