search

pingidentity / terraform-provider-davinci

PingOne DaVinci Terraform Provider
https://registry.terraform.io/providers/pingidentity/davinci/latest
Mozilla Public License 2.0
4 stars 1 forks source link

`davinci_flow` resource: "Unmapped flow connector subflow" warning #273

Open patrickcping opened 8 months ago

patrickcping commented 8 months ago

Observed Warning

The provider may respond to terraform validate, terraform plan and terraform apply commands with warnings similar to the following:

 Warning: Unmapped flow connector subflow
│ 
│   with davinci_flow.test-flow-1,
│   on ad-hoc-davinci.tf line 2, in resource "davinci_flow" "test-flow-1":
│    2: resource "davinci_flow" "test-flow-1" {
│ 
│ The flow JSON to import (provided in the `flow_json` parameter) contains a subflow referenced in a flow connector that does
│ not have a `subflow_link` mapping.  This behaviour is deprecated - going forward all subflows defined in a flow must have a
│ `subflow_link` block parameter defined.
│ 
│ Consider using the `davinci_flow` resource (to create the subflow) with the `davinci_flow.subflow_link` parameter (to map
│ the Terraform managed subflow with the main flow).
│ 
│ Connection ID: 3332************************1ea3
│ Connector ID: flowConnector
│ Connection Name: Flow Conductor
│ Node Type: CONNECTION
│ Node ID: xb74p6rkd8
│ Subflow Name: subflow 1
│ Subflow ID: 0750************************54b2
│ 
│ (and one more similar warning elsewhere)

Applicable DaVinci Provider Versions

>= 0.3.0

Explanation

Flows, when exported from the DaVinci service, can contain "flow connector" nodes in the designer UI that directly reference subflows. These subflow links are included in the flow export, and must be re-mapped to new admin defined subflows when migrating configuration through environments using Terraform.

Leaving subflows unmapped in the davinci_flow resource is now considered deprecated, and all subflows referenced in "flow connector" nodes must be mapped using the davinci_flow.subflow_link parameter.

Resolution

In the above warning, the davinci_flow.test-flow-1 definition in HCL must be updated:

HCL that produces the warning

resource "davinci_connection" "test-flow" {
  environment_id = pingone_environment.my_environment.id
  connector_id   = "flowConnector"
  name           = "my-awesome-flow"
}

resource "davinci_flow" "test-flow-1" {
  environment_id = pingone_environment.my_environment.id

  flow_json = file("./flows/full-minimal.json")

  // Flow connector
  connection_link {
    id                           = davinci_connection.test-flow.id
    name                         = davinci_connection.test-flow.name
    replace_import_connection_id = "3332************************1ea3"
  }
}

Notice that while the flow connector connection has been remapped using the connection_link parameter, the subflow that it references has not.

HCL that resolves the warning

resource "davinci_connection" "test-flow" {
  environment_id = pingone_environment.my_environment.id
  connector_id   = "flowConnector"
  name           = "my-awesome-flow"
}

resource "davinci_flow" "test-subflow-1" {
  environment_id = pingone_environment.my_environment.id

  name = "abcd123-subflow-1"

  flow_json = file("./flows/full-basic-subflow-1.json")

  # ... other properties, including defined `connection_link` parameters needed for the subflow
}

resource "davinci_flow" "test-flow-1" {
  environment_id = pingone_environment.my_environment.id

  flow_json = file("./flows/full-minimal.json")

  connection_link {
    id                           = davinci_connection.test-flow.id
    name                         = davinci_connection.test-flow.name
    replace_import_connection_id = "3332************************1ea3"
  }

  subflow_link {
    id                           = davinci_flow.test-subflow-1.id
    name                         = davinci_flow.test-subflow-1.name
    replace_import_subflow_id       = "00f6************************314a"
  }
}

Notice that:

FAQ

malenze commented 8 months ago

Hi @patrickcping, I don't know, but I assume, that either the sub-flow or the main flow has got the problem, that it might reference a flowConnector that does no longer exists?

In our environment, we have exactly one instance of the flowConnector defined, which is referenced / used by all flows. I have imported that existing one into my terraform state and defined it with the same parameters in my terraform file. I then define all sub-flows, before I try to apply the main flow using depends_on to clarify the dependencies between the flows, i. e. that the main flow depends on the sub-flows first. Thus, I never saw your warning yet.

data "davinci_connections" "read_all" {
  environment_id = var.environment_id
}

resource "davinci_connection" "flow_connector" {
  connector_id   = "flowConnector"
  name           = "Flow Connector"
  environment_id = var.environment_id
  depends_on     = [data.davinci_connections.read_all]
}

resource "davinci_flow" "login_subflow" {
  environment_id = var.environment_id
  flow_json      = file("flows/login-subflow.json")
  connection_link {
    id   = davinci_connection.flow_connector.id
    name = davinci_connection.flow_connector.name
  }
  depends_on = [davinci_connection.flow_connector]
}

resource "davinci_flow" "login_mainflow" {
  environment_id = var.environment_id
  flow_json      = file("flows/login-mainflow.json")
  deploy         = true
  connection_link {
    id   = davinci_connection.flow_connector.id
    name = davinci_connection.flow_connector.name
  }
  subflow_link {
    id   = davinci_flow.login_subflow.id
    name = davinci_flow.login_subflow.name
  }
  depends_on = [davinci_connection.flow_connector, davinci_flow.login_subflow]
}

Hope using depends_on solves your issue. Kind regards