terraform-provider-ibm icon indicating copy to clipboard operation
terraform-provider-ibm copied to clipboard

Published 20 hours ago verified publisher icon IBM-Cloud

Conflict between COS locking / versioning / retention

Open shemau opened this issue 10 months ago • 4 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

Affected Resource(s)

  • ibm_cos_bucket
  object_lock = var.object_locking_enabled

  # Add exactly 1 dynamic version block IF versioning is enabled, otherwise skip
  dynamic "object_versioning" {
    for_each = var.object_versioning_enabled ? [1] : []
    content {
      enable = var.object_versioning_enabled
    }
  }

When both variables are false, leads to this error.

│ Error: Missing required argument
│ 
│   with module.cos.ibm_cos_bucket.cos_bucket1[0],
│   on ../../main.tf line 221, in resource "ibm_cos_bucket" "cos_bucket1":
│  221:   object_lock           = var.object_locking_enabled
│ 
│ "object_lock": all of `object_lock,object_versioning` must be specified

The error is unexpected because locking is a false and versioning is NOT required.

Yes, this could be solved by changing the dynamic block, making it static.

Now versioning is false (implies locking is false) and retention is enabled.

  object_versioning {
    enable = var.object_versioning_enabled
  }

  # Add exactly 1 dynamic retention rule block IF retention rule is enabled, otherwise skip
  dynamic "retention_rule" {
    for_each = var.retention_enabled ? [1] : []
    content {
      default   = var.retention_default
      maximum   = var.retention_maximum
      minimum   = var.retention_minimum
      permanent = var.retention_permanent
    }
  }

results in

│ Error: Conflicting configuration arguments
│ 
│   with module.cos.ibm_cos_bucket.cos_bucket1[0],
│   on ../../main.tf line 209, in resource "ibm_cos_bucket" "cos_bucket1":
│  209: resource "ibm_cos_bucket" "cos_bucket1" {
│ 
│ "object_versioning": conflicts with retention_rule

The error is unexpected because object versioning false does not conflict with the retention rule.

Yes, this could be resolved by making the versioning block dynamic.

So the versioning block needs to be both static and dynamic.

The provider validation is being overly restrictive, it needs to consider the value passed during validation; not just that a value was passed. IFF object_lock is true, then a versioning block need to exist. IFF object_versioning.enable is true AND a retention_rule is set, then a conflict occurs.

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

Reference: https://github.com/terraform-ibm-modules/terraform-ibm-cos/blob/v8.2.0/main.tf#L126

Expected Behavior

There should be no errors in these situations, because the value of the flags is already known at plan time.

Actual Behavior

Requiring a block to be both static and dynamic means this can not coded. The code has to be duplicated. This duplicate escalates quickly, to two, then four, then eight resources.

Steps to Reproduce

  1. terraform plan

Important Factoids

References

  • #0000

shemau avatar May 01 '24 15:05 shemau