CDKTF: Validate referenced objects when generating imports

[bmendric]

Description

Not quite sure which component is/would be responsible for this, so apologies if this is being opened in the incorrect place.

I am working on converting some of our Terraform over to Go CDKTF and came across a Terraform crash. Poking at this a bit more, it appears CDKTF is validating the to field during synthesis, but not the id field when generating import blocks.

For example, doing the following produces an error during synthesis:

package main

import (
  "github.com/cdktf/cdktf-provider-vault-go/vault/v13/ldapauthbackend"
  vaultprovider "github.com/cdktf/cdktf-provider-vault-go/vault/v13/provider"
  "github.com/hashicorp/terraform-cdk-go/cdktf"
)

func Ptr[T any](v T) *T {
  return &v
}

func main() {
  app := cdktf.NewApp(nil)
  stack := cdktf.NewTerraformStack(app, Ptr("test"))

  // backend and provider setup

  ldap := ldapauthbackend.NewLdapAuthBackend(stack, Ptr("ldap"), &ldapauthbackend.LdapAuthBackendConfig{
    // config values
  })

  _ = ldapauthbackend.LdapAuthBackend_GenerateConfigForImport(
    stack,
    ldap.Id(),
    ldap.PathtInput(),
    nil,
  )

  app.Synth()
}

The error output is along the lines of: You cannot use a token (e.g., a reference to an attribute) as the id of a construct. Ids of constructs must be known at synthesis time, and token values are only known when Terraform runs.

However, doing the opposite (see below) does not cause an error during synthesis, instead it will cause Terraform to crash prior to 1.9.2 (per the related issue).

  _ = ldapauthbackend.LdapAuthBackend_GenerateConfigForImport(
    stack,
    ldap.FriendlyUniqueId(),
    ldap.Path(),
    nil,
  )

Since this is known bad behavior (i.e. not supported) it would be nice for that to be validated during synthesis.

References

https://github.com/hashicorp/terraform/issues/35416

Help Wanted

• [ ] I'm interested in contributing a fix myself

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment