bug with required provider attributes w/ env variables

[ryanking]

I have been trying to make use of this project with terraform-provider-snowflake and am very excited for it, since it means I could delete my half-baked code that did similar work.

We have run into one limitation – required provider configuration which accepts environment variables.

When using this configuration, running terraform providers schema -json will vary its configuration for these inputs based on whether or not the environment variables are present. For the linked example, if the SNOWFLAKE_USER environment variable is set, then username will be marked as "optional". If the env variable is not preset, it will be set as "required".

For purposes of documentation, it seems like it should always be marked as "required".

[paultyng]

This is a tough one and I agree its confusing. In terms of how Terraform views this flag (ie. if someone were to run terraform validate) it would allow no env var to be set and also for the value to be missing from configuration, as it treats it as fully optional. The presences of a value is only asserted at different phases of the Terraform lifecycle, so while its "required" at runtime, its not "required" in the schema sense.

Typically how I solve this now though is to just indicate in the description if there is some defaulting mechanism or an environment variable read for a value. For example see this: https://github.com/paultyng/terraform-provider-unifi/blob/464f55255fafedf62fd3edcd7df678aa9d61e517/internal/provider/provider.go#L38-L39

You can override how the description text is generated in the SDK as well if you want to further customize those strings, see this example: https://github.com/hashicorp/terraform-provider-scaffolding/blob/bec212504f3fc7ad42e5f3a80425cb95872dda28/internal/provider/provider.go#L15-L23