Consider Generic Read/Write Support for Private State Data

[bflad]

SDK version

v2.10.1

Use-cases

This issue is a placeholder until more investigation and details can be added.

Providers may wish to use the available private state storage that is available for resources, which is outside Terraform CLI's drift detection handling. These values may not be significant to use as configuration elsewhere or to output for practitioner consumption.

Example use cases (if you are reading this and have others, please comment):

• Required ETag for next API request
• Prevent update/destroy configuration
• Ignore/demote to warning validation configuration

This framework already has this storage plumbed through to helper/schema.ResourceData.meta, which is a map[string]interface{}, it is just not exposed for providers to read or write.

There are some things that must be accounted for:

• Providers must not be able to overwrite the schema_version or helper/schema.TimeoutKey keys.
• Providers must not be able to write non-UTF-8 data.
• Providers must not be able to write more data than the gRPC limit.
• Provider developers will need to be able to troubleshoot this data handling, since it is outside Terraform's user interface.

Attempted Solutions

Using Computed attributes, for which there is no mechanism to hide value drift detection.

Proposal

To be filled in more, but a quick sketch may be to add two methods to ResourceData:

func (d *ResourceData) GetPrivate(ctx context.Context, key string) (interface{}, diag.Diagnostics) {}

func (d *ResourceData) SetPrivate(ctx context.Context, key string, value interface{}) diag.Diagnostics {}

References

• Framework equivalent issue