Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDKTF: Validate referenced objects when generating imports #3665

Open
1 task
bmendric opened this issue Jul 3, 2024 · 0 comments
Open
1 task

CDKTF: Validate referenced objects when generating imports #3665

bmendric opened this issue Jul 3, 2024 · 0 comments
Labels
enhancement New feature or request new Un-triaged issue

Comments

@bmendric
Copy link

bmendric commented Jul 3, 2024
edited
Loading

Description

Not quite sure which component is/would be responsible for this, so apologies if this is being opened in the incorrect place.

I am working on converting some of our Terraform over to Go CDKTF and came across a Terraform crash. Poking at this a bit more, it appears CDKTF is validating the to field during synthesis, but not the id field when generating import blocks.

For example, doing the following produces an error during synthesis:

package main

import (
  "github.com/cdktf/cdktf-provider-vault-go/vault/v13/ldapauthbackend"
  vaultprovider "github.com/cdktf/cdktf-provider-vault-go/vault/v13/provider"
  "github.com/hashicorp/terraform-cdk-go/cdktf"
)

func Ptr[T any](v T) *T {
  return &v
}

func main() {
  app := cdktf.NewApp(nil)
  stack := cdktf.NewTerraformStack(app, Ptr("test"))

  // backend and provider setup

  ldap := ldapauthbackend.NewLdapAuthBackend(stack, Ptr("ldap"), &ldapauthbackend.LdapAuthBackendConfig{
    // config values
  })

  _ = ldapauthbackend.LdapAuthBackend_GenerateConfigForImport(
    stack,
    ldap.Id(),
    ldap.PathtInput(),
    nil,
  )

  app.Synth()
}

The error output is along the lines of: You cannot use a token (e.g., a reference to an attribute) as the id of a construct. Ids of constructs must be known at synthesis time, and token values are only known when Terraform runs.

However, doing the opposite (see below) does not cause an error during synthesis, instead it will cause Terraform to crash prior to 1.9.2 (per the related issue).

  _ = ldapauthbackend.LdapAuthBackend_GenerateConfigForImport(
    stack,
    ldap.FriendlyUniqueId(),
    ldap.Path(),
    nil,
  )

Since this is known bad behavior (i.e. not supported) it would be nice for that to be validated during synthesis.

References

hashicorp/terraform#35416

Help Wanted

  • I'm interested in contributing a fix myself

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@bmendric bmendric added enhancement New feature or request new Un-triaged issue labels Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request new Un-triaged issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bmendric