Closed appilon closed 2 years ago
Hey @appilon 👋 Thank you for raising this and sorry you ran into trouble here.
To a certain degree, this might be expected behavior with Terraform CLI, where an attribute must either be wholly known (at least all map keys, potentially with unknown values) or marked as wholly unknown. This is markedly one of the biggest differences between Terraform Plugin SDK and any other frameworks, such as this one, where there are no special rules to allow any changes between the proposed plan and returned state during update except unknown values.
There are potentially a few paths forward:
You may also be able to find some inspiration with the Kubernetes provider (at least the parts based off the lower level terraform-plugin-go) since Kubernetes annotations have similar dynamic behaviors based on other runtime and configuration of the system. Hope this helps.
Generally, the way I've seen this handled is to have two attributes: one, an optional attribute, is the "managed keys" attribute, which contains only the keys/values the user defines in their configuration. The other, a computed attribute, is the "all keys" attribute, which reflects all the keys and their values regardless of whether they're in the configuration or not.
As Brian noted, you'll lose some drift detection here, because any keys added out of band are (by design) not managed until the user puts them in the "managed keys" attribute.
@paddycarver @bflad Thank you for the information, yes specifically Paddy I was leaning towards what you describe as the endgame solution, for now I'm going to just allow for the "managed keys" on the assumption that interpolating all the other keys is not valuable at this time, and upgrade to an additional Computed map for the ability to "read the rest" if desired. Should I close this issue as it seems like this is just a known limitation of what Terraform can do?
Works for me, if you're okay with that resolution. :)
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Module version
Relevant provider source code
This is a very unique situation, the upstream API has a set of permissions that are dynamic based on the license of the resource. The entries in the map are dynamic and the default value for them are ALSO dynamic, hence the need for computed here. I am giving the user the ability to concretely set the permissions so it's also optional. I may be asking too much of the Framework/Terraform.
Terraform Configuration Files
Expected Behavior
Successful apply, with the dynamic set of permissions set in state
Actual Behavior
Oddly enough the state does seem to have been set properly, so it's almost as if everything is fine but Terraform is just making a stink
Steps to Reproduce
References