Skip to content

Fix bug where -backend-config could not override attributes that weren't at the top level in the backend schema #36919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

Fix bug where -backend-config could not override attributes that weren't at the top level in the backend schema #36919

wants to merge 11 commits into from

Conversation

SarahFrench
Copy link
Member

@SarahFrench SarahFrench commented Apr 23, 2025
edited
Loading

Fixes #36911

The bug reported in that issue is due to how the code that processes -backend-config flags assumes that any key=value pairs passed in are setting values for a top-level attribute in the backend's schema. The error shared in the fixed GH issue arises due to the code looking for a top-level field with the name assume_role.role_arn instead of looking for role_arn nested within assume_role.

terraform/internal/command/init.go

Lines 1036 to 1044 in 474fe47

attrS := schema.Attributes[name]
if attrS == nil {
diags = diags.Append(tfdiags.Sourceless(
tfdiags.Error,
"Invalid backend configuration argument",
fmt.Sprintf("The backend configuration argument %q given on the command line is not expected for the selected backend type.", name),
))
continue
}

To enable testing of this update I needed access to a backend with a schema that matches the s3 backend's use of single nesting. Instead of adding a test that uses the s3 backend and needing to supply credentials, I've updated the inmem backend to optionally have an expanded backend for testing purposes. This is controlled by an environment variable specific to that backend. This could be a first step towards considering making the whole inmem backend not user facing and used 100% for tests.

Target Release

1.13.x

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@SarahFrench SarahFrench marked this pull request as ready for review April 23, 2025 16:08
@SarahFrench SarahFrench requested a review from a team as a code owner April 23, 2025 16:08
dsa0x
dsa0x previously approved these changes Apr 24, 2025
View reviewed changes
internal/command/init.go Outdated
case isNested:
// The flag item is overriding a nested attribute
// e.g. assume_role.role_arn in the s3 backend
// We assume a max nesting-depth of 1 as s3 is the only
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we somehow bake this assumption in the code validation?

An input like "test_nesting_single.child.grand" was allowed to pass with no error, and the child value ended up being set.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've addressed this by swapping to a solution that allows any level of nesting, and that change also addresses issues related to missing parent fields. I figured this was a better approach, as the alternative was to add an error asking users to report issues with overriding fields at a greater level of nesting, and why kick that issue down the road?

@dsa0x dsa0x dismissed their stale review April 24, 2025 06:17

Mistakenly approved

@SarahFrench
Copy link
Member Author

Thanks for the review @dsa0x! I think I'll pivot to a different approach so that this doesn't have that assumption about how many levels of nesting are present. But I'm learning more about navigating cty.Values in the process so it'll take a little time

@SarahFrench SarahFrench requested review from dsa0x and removed request for dsa0x April 25, 2025 15:46
@SarahFrench SarahFrench marked this pull request as draft April 25, 2025 16:04
@SarahFrench
Copy link
Member Author

SarahFrench commented Apr 25, 2025
edited
Loading

Doing a pivot into investigating #36911 (comment)

Edit: see my comment - I hit an issue with attributes that contain nested attributes that blocks using that project directly. I did like how using that project would reduce the code by a lot though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dsa0x dsa0x dsa0x left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@SarahFrench @dsa0x