Ability to test for unknown string values during CustomizeDiff

[manicminer]

SDK version

github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0

Use-cases

In a CustomizeDiff function, it would be nice to be able to reliably test for a value that is unknown at plan time. Oftentimes it doesn't matter so much if an unknown value is encountered, but there are some validation scenarios which break down.

One example would be when checking for duplicate values. Typically you'd achieve this with a ValidateFunc but we have a case where the uniqueness falls across two properties and so this can only be implemented with CustomizeDiff (I believe?).

Example here - in this case the id and value properties across two blocks (here and here) are intrinsically linked by the upstream API and must be correspondingly unique, e.g. an id in an app_role block cannot have the same value as an id in the oauth2_permission_scope block. Each of these blocks is also plural - nor can they share values between blocks of the same name.

Attempted Solutions

We've implemented this by copying the value of the hcl2shim.UnknownVariableValue constant into the provider and testing values against that - if it matches then consider it unknown and essentially skip validation for that value.

Proposal

Assuming our workaround is the right way to do this, possibly just exporting the above constant would improve things so that we're not having to keep track of this value per each SDK upgrade.

References

• https://github.com/hashicorp/terraform-provider-azuread/pull/528