Skip to content

SingleNestedAttribute does not prevent unknown additional keys in data sources #1121

Closed as duplicate of#805
@jacobbednarz

Description

@jacobbednarz

Module version

v1.14.1

Relevant provider source code

Entire schema: https://github.com/cloudflare/terraform-provider-cloudflare/blob/9843ee1a144aabf62a2a1afdc91e21f2485034af/internal/services/zero_trust_access_identity_provider/data_source_schema.go#L20-L262

Specific part in question: https://github.com/cloudflare/terraform-provider-cloudflare/blob/9843ee1a144aabf62a2a1afdc91e21f2485034af/internal/services/zero_trust_access_identity_provider/data_source_schema.go#L251-L260

Terraform Configuration Files

terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
      version = "~> 5.0"
    }
  }
}

provider "cloudflare" {
  # credentials here or in environment variables
}

variable "account_id" {
  # be sure to use your own account ID or this will throw an auth error
  default = "f037e56e89293a057740de681ac9abbe" 
}

data "cloudflare_zero_trust_access_identity_provider" "example" {
  account_id = var.account_id
  filter = {
    foo = "bar"
  }
}

Debug Output

https://gist.github.com/jacobbednarz/cb659bf915a7398002cb327a6f9a8dea

Expected Behavior

filter = { foo = "bar" } is not permitted to be defined and should throw a warning in both the schema validation and terraform-ls.

Actual Behavior

filter = { foo = "bar" } value is ignored when it comes to the struct/HTTP payload/etc however, the schema is considered valid.

Steps to Reproduce

For terraform-ls:

  1. Paste file into editor that is configured using terraform-ls
  2. Notice that foo = "bar" does not show an error. However, if you put foo = "bar" outside of the filter nested attribute, it correctly identifies the invalid schema.
Image

For terraform operations:

  1. Paste reproduction file into editor
  2. Ensure you have correctly defined your Cloudflare credentials either in the provider or environment variables.
  3. terraform apply
  4. The operation will succeed but with a diagnostic that will vary on your account setup (which is irrelevant for the purposes here)
  5. Put an unknown attribute outside of the filter nested attribute.
  6. terraform apply
  7. Schema validation stops before operation is performed identifying an invalid schema attribute being present.

References

cloudflare/terraform-provider-cloudflare#5297

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions