Provider configuration_aliases and module validation #27739
Conversation
Add support for parsing configuration_aliases in required_providers entries. The decoder needed to be re-written here in order to support the bare reference style usage of provider names so that they match the usage in other location within configuration. The only change to existing handling of the required_providers block is more precise error locations in a couple cases.
The configload package should only be responsible for locating and loading the configuration, and not be further inspecting the config source itself. Moving the validating into the configs package.
Codecov Report
|
| // if the module call has any of count, for_each or depends_on, | ||
| // providers are prohibited from being configured in this module, or | ||
| // any module beneath this module. | ||
| nope := noProviderConfig || mc.Count != nil || mc.ForEach != nil || mc.DependsOn != nil |
| // noProviderConfig argument is passed down the call stack, indicating that the | ||
| // module call, or a parent module call, has used a feature that precludes | ||
| // providers from being configured at all within the module. | ||
| func validateProviderConfigs(call *ModuleCall, cfg *Config, noProviderConfig bool) (diags hcl.Diagnostics) { |
There was a problem hiding this comment.
Excellent comments and warning/error messages in this entire function, thank you!
| @@ -26,132 +29,214 @@ type RequiredProviders struct { | |||
|
|
|||
| func decodeRequiredProvidersBlock(block *hcl.Block) (*RequiredProviders, hcl.Diagnostics) { | |||
| attrs, diags := block.Body.JustAttributes() | |||
| if diags.HasErrors() { | |||
There was a problem hiding this comment.
i bet whoever forgot to check that is feeling pretty silly right about now 🤦
| @@ -434,69 +434,6 @@ func TestProviderConfigTransformer_grandparentProviders(t *testing.T) { | |||
| } | |||
| } | |||
|
|
|||
| // pass a specific provider into a module using it implicitly | |||
| func TestProviderConfigTransformer_implicitModule(t *testing.T) { | |||
There was a problem hiding this comment.
I presume these have been removed because it's caught during the earlier configload validate now?
There was a problem hiding this comment.
Yes, these fail while loading the config, so there's no transformation to test.
| @@ -605,6 +605,43 @@ func (t *ProviderConfigTransformer) transformSingle(g *Graph, c *configs.Config) | |||
| t.proxiable[key] = !diags.HasErrors() | |||
| } | |||
|
|
|||
| if mod.ProviderRequirements != nil { | |||
There was a problem hiding this comment.
Is this covered in a test, and if not, can it be? (I know the answer to that isn't always straightforward).
There was a problem hiding this comment.
Yes, there's a context test added which covers this, and I'll be adding more as I re-validate the overall behavior within the terraform package itself. This PR was getting big, and I wanted to get the parser and validation in ASAP.
Add validation which was removed from the configload package, along with additional validation checks. The output is slightly different, as instead of validating whether the modules are allowed to have provider configurations, we validate the various combinations of provider structures themselves.
These cases are now caught early in the configuration loading process, and do not make it to the point of graph transformation.
jbardin
force-pushed
the
jbardin/provider-aliases
branch
from
e6d394a
to
00730ae
Compare
| // TODO: these are strings until the parsing code is refactored to allow | ||
| // raw references | ||
| configuration_aliases = [foo-test.a, foo-test.b] |
|
|
||
| if isAlias && !isConfigAlias { | ||
| localName := strings.Split(name, ".")[0] | ||
| detail = fmt.Sprintf("Remove the %s provider block from %s. Add %s to the list of configuration_aliases for %s in required_providers to define the provider configuration name.", name, cfg.Path, name, localName) |
There was a problem hiding this comment.
I worry a bit that users might not find this easy to understand, given that we're introducing configuration_aliases in the same release we're adding these warnings.
Assuming that we're not going to provide an auto-upgrade command, could it make sense to make this warning even more explicit about what to do? Maybe with sample configuration?
There was a problem hiding this comment.
Yes, I was thinking the same thing! I'm going to see how this gets formatted with config in the detail section. My hesitation was that I can't always generate the complete required_providers attribute, and it could cause more confusion than if they just look up the docs 🤔
There was a problem hiding this comment.
ok, adding config examples is turning into a much larger task. I'll fix the dandling comment, and get this merged. Other improvements can come later.
|
A post-merge 🐘 nudge for user-facing documentation for this feature! |
|
@pselle, sorry, I should have mentioned it in the PR body, docs will be coming next in a separate PR! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Here we have the initial implementation of
configuration_aliasesfor providers within modules. The idea here is to replace the need for empty configuration blocks within modules as a "proxy" to receive provider configuration passed in from a parent module. So instead of writingthe
foo.barname is declared along with thefooprovider local name withinrequired_providers.Adding the new field to the
required_providersattributes required rewriting the parser forrequired_providersin order to allow the aliases to be bare references, matching their usage in other locations within configuration. The overall behavior of the parser should be the same, with the only noticeable changes in tests being some more precise diagnostic locations. Thehclandterraform-config-instpectpackages were updated to work with the new config loader. We can update thehclpackage to a tagged version before releasing 0.15.All validation was moved out of the
configloadpackage, since that package should only be concerned with the loading of configuration, not the interpretation thereof. The output is slightly different from the previous validation, as instead of validating whether the modules are allowed to have provider configurations, we validate all the various combinations of provider structures themselves. Configurations which were working correctly previously should generate no more than diagnostic warnings in the new validation scheme. Configurations which were incorrect, or could produce unpredictable behavior now generate errors.The most notable of these new warnings will be advice to remove empty configuration blocks from the module config. Each diagnostic produces a contextual message, with the intent of directing users to a supported configuration. For example, an empty configuration with an alias would present the warning:
Additional checks, like verifying the provider type have also been added. This prevents hard to decipher evaluation time errors like "unknown provider provider["example.com/vendor/name"].foo" when a correct provider config has not been supplied in a child module. Instead the user will receive a message during init like:
Closes #27539
Closes #27409
Closes #26617
Closes #26448
Closes #26354