Originally posted by **bdalpe** June 24, 2024
### What would you like help with?
I think I found a bug
### How are you running Renovate?
Mend Renovate hosted app on github.com
### If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.
GitHub
### Please tell us more about your question or problem
This is a re-open of #17402.
Renovate does not correctly update version constraints in `.terraform.lock.hcl` files in root modules that contain child modules when constraints are not explicitly provided in the root module.
Renovate only changes the version constraints and hashes if the root module contains `required_providers` or `providers` blocks. This is not ideal behavior because TF does not require these to be specified at the root level. When running `terraform init`, these dependencies are written into the lock file from recursively extracting the `required_providers` from all child and sub-child modules.
It would be awesome if Renovate could update this automatically.
Reproduction: https://github.com/renovate-reproductions/29944
This is only possible with local modules ATM, as we decided against running an initialization of Terraform/OpenTofu before running the manager. The reason has been that Renovate would need access to all modules and backend states, which include secrets like access tokens and such.
Therefore IMO not a bug, but rather a feature request to support module constraints at all.
Discussed in https://github.com/renovatebot/renovate/discussions/29821
This is only possible with local modules ATM, as we decided against running an initialization of Terraform/OpenTofu before running the manager. The reason has been that Renovate would need access to all modules and backend states, which include secrets like access tokens and such.
Therefore IMO not a bug, but rather a feature request to support module constraints at all.