Flink: attributes should be set or not set in the provider block at the same time

[pwmcintyre]

For context - I'm using Azure DevOps (but this applies for any CI I think) and I use Variable Groups to hold various details about the environment, including the Confluent org ID, environment ID, etc

These are exposed to the pipeline via environment variables

I keep these in variables like CONFLUENT_ENVIRONMENT_ID

Since patching to https://github.com/confluentinc/terraform-provider-confluent/releases/tag/v1.66.0 I not get the following error:

╷
│ Error: All 7 flink_api_key, flink_api_secret, flink_rest_endpoint, organization_id, environment_id, flink_compute_pool_id, flink_principal_id attributes should be set or not set in the provider block at the same time
│ 
│   with provider["registry.terraform.io/confluentinc/confluent"],
│   on main.tf line 34, in provider "confluent":
│   34: provider "confluent" {}
│ 
╵

I'm not even using Flink, yet it validates the values.

It seems silly that I have to purge a few variables to get this working, just wondering if there's a better way?

Here's how I have resolve the issue:

  - script: |
      unset CONFLUENT_ENVIRONMENT_ID
      terraform apply -auto-approve -input=false -var-file="variables/topics.tfvars"

I guess another option would be to rename all my variables so they don't accidentally collide with your env vars?

[linouk23]

Thanks for creating the issue @pwmcintyre!

Could you share a little bit more details about

I keep these in variables like CONFLUENT_ENVIRONMENT_ID

I'm not sure whether it's helpful, but alternatively, you could have TF variable

# variables.tf
variable "confluent_environment_id" {
  description = "Confluent Environment ID"
  type          = string
}

and then use export TF_VAR_confluent_environment_id="env-foo123". See this note for more details.

[pwmcintyre]

I keep these in variables like CONFLUENT_ENVIRONMENT_ID

as in: we use environment variables to pass these values into our CI system (see snippet below)

I'm not sure whether it's helpful, but alternatively, you could have TF variable

yes we use this method to pass variables into terraform, since we need those values accessible.

We also use env vars to authenticate, you can see in the below snippet ... but since this issue, we have to unset some env vars because they cause this provider to fail.

# In Azure DevOps Pipelines, you can include config values like so
variables:
  - group: confluent-cloud-prod

...

  # NOTE: CONFLUENT_ENVIRONMENT_ID must be unset to avoid a validation errors
  # This is because it collides with an env var which it uses (even though we don't use Flink!)
  # https://github.com/confluentinc/terraform-provider-confluent/blob/a8d64935d062f6ea580d1000615c6f694e343597/internal/provider/provider.go#L447
  - script: |
      unset CONFLUENT_ENVIRONMENT_ID
      terraform apply -auto-approve -input=false
    env:

      # Authenticate Confluent provider via env vars
      # https://registry.terraform.io/providers/confluentinc/confluent/latest/docs#environment-variables
      CONFLUENT_CLOUD_API_KEY: $(CONFLUENT_CLOUD_API_KEY)
      CONFLUENT_CLOUD_API_SECRET: $(CONFLUENT_CLOUD_API_SECRET)

      # inject Terraform variables through from env vars: 
      # https://developer.hashicorp.com/terraform/language/values/variables#environment-variables
      TF_VAR_confluent_environment_id: $(CONFLUENT_ENVIRONMENT_ID)
      TF_VAR_confluent_kafka_cluster_id: $(CONFLUENT_KAFKA_CLUSTER_ID)
      TF_VAR_confluent_organisation_id: $(CONFLUENT_ORGANISATION_ID)
      TF_VAR_confluent_schema_registry_id: $(CONFLUENT_SCHEMA_REGISTRY_ID)

...

I guess from my perspective, it is frustrating that the provider validates values for Flink even though I don't use Flink ... could it instead validate those values exist only if they are required? it seems to validate all possible things up-front