-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check dynamic block contents during "terraform validate" even when the for_each expression is unknown #35173
Comments
Hi @anilkumarmyla! Thanks for reporting this. Input variable values are specified as part of the planning options, and so input variables do not have known values during the validation phase. When a
Terraform could, in principle, make a different tradeoff here: it could decide that if the However, we'd need to check first if that change would violate backward compatibility. The key question is: if your I believe Terraform is currently working as designed as long as this error is still being detected in ether the plan or apply phases when there is at least one generated block. We can consider also detecting the error when the number of generated blocks is unknown, but that is a new capability that requires design work to make sure it doesn't break any existing configurations already considered valid and so I'm going to relabel this as an enhancement to represent that design work is required. (We use "bug" only for situations where Terraform's behavior doesn't match what it was designed to do and therefore it's obvious that the required work is to change the implementation to better match the design.) Thanks again! |
@apparentlymart one other observation is that the dynamic code block is somewhat validated, I cannot have a random foo="bar" inside the dynamic block and it fails the validation as below % terraform validate
╷
│ Error: Unsupported argument
│
│ on cluster.tf line 18, in resource "google_container_cluster" "primary":
│ 18: foo = "bar"
│
│ An argument named "foo" is not expected here. The only case it doesn't catch is usage of undeclared variables |
Hi @anilkumarmyla, Indeed, this is a quirk of static vs. dynamic configuration constructs. Terraform typically treats arguments inside blocks as a "static" concern, because their presence cannot possibly vary based on anything else in the configuration. But evaluating expressions is trickier because their evaluation behavior can vary considerably depending on context and depending on what else is in the expression, and because evaluation can encounter unknown values that are placeholders for information Terraform won't know until a later phase. When Terraform encounters an unknown value in a location that would normally decide whether or not something else would be evaluated, it typically skips evaluating that other thing because that is what allows progressing to the next phase where more information might be available. It remains to be seen whether this is a situation where Terraform can proactively validate. The main thing we need to check is whether you'd be able to plan and apply something like this (assuming nothing else in your configuration has changed): resource "google_container_cluster" "primary" {
provider = google-beta
name = var.name
dynamic "dns_config" {
for_each = [] # NOTE: No instances at all!
content {
additive_vpc_scope_dns_domain = var.enable_additive_vpc_scope_dns ? "${var.invalid}.vpc.private" : ""
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}
} In this case there would be no If you're able to quickly test this with the configuration you were using to prepare this issue -- making sure to test both |
Terraform Version
Terraform Configuration Files
Debug Output
.
Expected Behavior
terraform validate
should failActual Behavior
terraform validate
is successfulSteps to Reproduce
Following 3 files are needed for reproduction, one change in cluster.tf triggers the correct behavior, other does not
Run as-is with above files
Change cluster.tf and uncomment
//for_each = [1]
and commentfor_each = var.cluster_dns_provid...
Additional Context
No response
References
No response
The text was updated successfully, but these errors were encountered: