search

PaloAltoNetworks / terraform-aws-vmseries-modules

Terraform Reusable Modules for VM-Series on AWS
https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/aws
MIT License
40 stars 49 forks source link

Fix provider version #373

Closed David7660 closed 12 months ago

David7660 commented 1 year ago

Is your feature request related to a problem?

The PR #369 will cause issue for me. I'm using terragrunt with many modules which have different version constraints. This changewon't allow me to use the next realease because ~>5.17 is too restrictive.

Describe the solution you'd like

Is it possible to have something like this instead ?

version = "=> 4.67"

Describe alternatives you've considered.

No response

Additional context

No response

sebastianczech commented 12 months ago

@David7660 can you use 1.0.6 of terraform-aws-vmseries-modules , if you prefer AWS provider in version 4.* ? In AWS provider 5.* there are breaking changes (in comparision to 4.*), so we cannot just use version = ">= 4.67".

David7660 commented 12 months ago

Hello @sebastianczech I cannot because I'm using a Terragrunt environement with multiple module with their own constraint.

So if you put 5.* my modules which need 4.x version will not be usable.

That's why I proposed something like >=4.67 in order to keep the initial version but allow 5.x version for those who want to use it.

sebastianczech commented 12 months ago

@David7660 I was thinking if you could specify exact release of VM-Series modules in version 1.0.6 (that version contains AWS provider in 4.* version):

  source   = "PaloAltoNetworks/vmseries-modules/aws//modules/vmseries"
  version  = "1.0.6"

Unfortunately if somebody is using provider 4.67 and we have constraint >= 4.67.0 like here:

$ cd examples/combined_design
$ head -6 .terraform.lock.hcl

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/hashicorp/aws" {
  version     = "4.67.0"
  constraints = ">= 4.67.0"

Then we have problem with breaking change between 4.* and 5.* version of AWS provider and resource aws_eip:

$ terraform validate
╷
│ Error: Value for unconfigurable attribute
│ 
│   with module.natgw_set.aws_eip.this,
│   on ../../modules/nat_gateway_set/main.tf line 12, in resource "aws_eip" "this":
│   12:   domain = var.eip_domain
│ 
│ Can't configure a value for "domain": its value will be decided automatically based on the result of applying this
│ configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│ 
│   with module.vmseries.aws_eip.this,
│   on ../../modules/vmseries/main.tf line 47, in resource "aws_eip" "this":
│   47:   domain            = var.eip_domain
│ 
│ Can't configure a value for "domain": its value will be decided automatically based on the result of applying this
│ configuration.

That's why I don't think putting constraints = ">= 4.67.0" in versions.tf is appropriate approach as domain cannot be set for resource aws_eip in provider 4.*

David7660 commented 12 months ago

@sebastianczech , my bad I though the last security_group feature was added in 1.0.7 but it was in 1.0.6.

So you are right 1.0.6 should be nice.

Thank you very much, sorry for my mistake :)

sebastianczech commented 12 months ago

Great, no problem :) In that case I'm closing that issue. In case of new requests, please open new one.