-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Data source based on OSS backend doesn't support nested parameters .assume_role["role_arn"]: an object is required. #29305
Comments
Thx, @jbardin. @xiaozhu36 could you please take a look? |
Hello, any news here? |
@jbardin it seems that the component maintainer is not available. I've tried all available channels, including Alibaba corporate email and internal Alibaba representatives. What can be next? Any ideas on how to contribute? I'm extremely open to any options. ping @xiaozhu36 |
Pr is updated and review is pending #29307 |
HI @hayorov There is an incompatible update and please have a check. |
Hello, it's now fully backward compatible and I've resolved all your comments, please take a look. |
Hi all, I'm ultimately happy to let the maintainers of the backend decide what's the best thing to do here, but I did want to note that the error message here seems correct, despite being confusingly-worded, because terraform/internal/backend/remote-state/oss/backend.go Lines 172 to 176 in ded4f1a
Because of this, I think the correct syntax to write a value for that argument in this data source context where we're providing a direct value conforming to the schema, rather than a configuration body that decodes into the schema, would be like this: data "terraform_remote_state" "level1" {
backend = "oss"
config = {
# (other arguments as in the original example)
assume_role = [
{
role_arn = "acs:ram::XXX:role/resourcedirectoryaccountaccessrole"
session_name = null
policy = null
session_expiration = null
},
]
}
} What I've written above is an expression to produce the same value that the configuration decoder would normally produce in order to conform to the schema. Because It is unfortunate that the It might still be preferable to flatten the configuration in order to retain more consistency between this situation and the |
Many thanks @apparentlymart it's a good explanation and tbh I guessed during the implementation of #29307. It seems that the same problem/question was asked before in #23755 and structures I've supported a flattened variant with backward compatibility for the existing format and got maintainer approval here I'm sure that generalization across backends is a positive thing and will make the OSS backend more homogenous. Once again, many thanks @apparentlymart @jbardin and @xiaozhu36. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Version
Terraform Configuration Files
Debug Output
Expected Behavior
Data source works as described in documentation with parameters defined in nested configuration block.
Actual Behavior
A Validation error raises on any parameter used nested
assume_role
block. For example.assume_role["role_arn"]: an object is required.
Steps to Reproduce
terraform init
Additional Context
Official documentation https://www.terraform.io/docs/language/settings/backends/oss.html#data-source-configuration
Remote backend (OSS) works fine.
Meanwhile,
data source
has its own schema mapping/validation, and based on my research the problem happens in thedata_source_state
during config to schema mapping.Also, there is no other backend that declares nested block under configuration. A good example is the
s3 backend
, which has similar functionality with assume_role and has a flat parameters design. Ref https://www.terraform.io/docs/language/settings/backends/s3.html#assume-role-configurationSo it seems that this feature has never worked since the initial implementation. Based on other backend designs, the validation/schema mapping doesn't support nested blocks under the configuration section of the backrnd.
References
#23755 closed as "This issue doesn't seem to be following one of the standard-issue templates..."
The text was updated successfully, but these errors were encountered: