-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unset dynamic blocks appearing in validations #280
Comments
Hi @morgante My thought process here is:
cty.ObjectVal(map[string]cty.Value{
"allow": cty.SetVal([]cty.Value{
cty.ObjectVal(map[string]cty.Value{
"ports": cty.UnknownVal(cty.List(cty.String)),
"protocol": cty.UnknownVal(cty.String),
}),
}),
"creation_timestamp": cty.NullVal(cty.String),
"deny":cty.SetVal([]cty.Value{
cty.ObjectVal(map[string]cty.Value{
"ports": cty.UnknownVal(cty.List(cty.String)),
"protocol": cty.UnknownVal(cty.String),
}),
}),
...
)}) cc @hashicorp/terraform-core TLDR; I suppose we need to look into why |
The values you're getting here are what I would expect from a dynamic block. I don't recognize this particular validation, so it may be encountering a condition I had not anticipated, but the other validations do also have to take unknown values into account. A block cannot be directly "assigned" or "unassigned" at all (which is why I haven't looked closely yet at the validation code, but there's probably a check missing for "all unknown" values, in which case you cannot know if it will be set, or how many values it will contain. You also need to take into account that blocks may be set multiple times, in which case you will want to see what combinations of static and dynamic blocks will produce through the shims. IIRC most of the more complex validations abort if there are any unkowns, as it's hard to predict what the final shape of he value will be. |
As @jbardin kindly pointed out to me in a separate conversation we actually run validation twice - for the first time before interpolation and then after. Hence the first validation receives unknowns and fails and we never do the second one due to that failure. I will check how does |
Also I just verified that the example above is plannable/appliable with a custom build of @danawillow hashicorp/terraform-provider-google#5193 should be unblocked once we merge it & release a patched version of the SDK and Google provider upgrades to that version. |
@radeksimko Awesome, thanks for the fix! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Terraform Version
Terraform Configuration Files
Expected Behavior
When dynamic blocks are used, validations should be run against the actual produced blocks.
Actual Behavior
As reported on the Google provider, all dynamic blocks seem to appear at validation time - causing
ExactlyOneOf
validations to fail, even if at apply-time only one block is actually populated.The specific error which is raised looks like this:
References
The text was updated successfully, but these errors were encountered: