Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nginx: fix nginx configuration acc test #27734

Merged
merged 4 commits into from
Nov 19, 2024
Merged

Conversation

wuxu92
Copy link
Contributor

@wuxu92 wuxu92 commented Oct 23, 2024

image

Fix failure of:

=== CONT  TestAccConfiguration_basic
    testcase.go:173: Step 1/3 error: After applying this test step, the refresh plan was not empty.
        stdout
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        Terraform will perform the following actions:
          # azurerm_nginx_configuration.test will be updated in-place
          ~ resource "azurerm_nginx_configuration" "test" {
                id                  = "/subscriptions/*******/resourceGroups/acctestRG-auto-241022231204351629/providers/Nginx.NginxPlus/nginxDeployments/acctest-241022231204351629/configurations/default"
                # (2 unchanged attributes hidden)
              - protected_file {
                  # At least one attribute in this block is (or was) sensitive,
                  # so its contents will not be displayed.
                }
                # (2 unchanged blocks hidden)
            }
        Plan: 0 to add, 1 to change, 0 to destroy.
--- FAIL: TestAccConfiguration_basic (522.30s)

Comment on lines 115 to 117
lifecycle {
ignore_changes = [protected_file]
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is indicative of a bug. is the entire block or just the contents not returned?

either way the correct fix is to pull the value over from config/state on read via d.get so this is not required

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just an FYI: We have updated the protect files swagger to return some contents (I think just the hash but have to double check) and might be why the block is returning something which you are trying to ignore vi ignore_changes?

Instead of doing this, can I please request that you disable the test or the specific portion of the protected files test to avoid losing full coverage and we revisit it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is indicative of a bug. is the entire block or just the contents not returned?

either way the correct fix is to pull the value over from config/state on read via d.get so this is not required

The value was retrieved from the state in

if err := meta.Decode(&output); err != nil {
. It worked until October 15th, after which the error appeared. @puneetsarna it would be greate if you could take a look at the nginx configuration acceptance tests. I cannot test them locally because of the error: No employee profile was found in Jarvis for xxx with GTM azure subscription xxxx

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @wuxu92 Can you elaborate what the error is that you shared in this message?

Also what is the issue that you are seeing that you have to use ignore_changes?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I see the problem. The service provider API has moved forward. Earlier on, protected files, once submitted, were not returned but now they are returned without its contents.

That's probably why you see a diff where TF is trying to remove the block as it is not expecting to see it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given this is an additive change, I think we can safely handle it in terraform.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@puneetsarna that's it.I updated the read logic and I'll test it later.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@katbyte @puneetsarna The tests have passed.

image

@wuxu92 wuxu92 marked this pull request as ready for review November 11, 2024 14:14
@wuxu92 wuxu92 requested a review from a team as a code owner November 11, 2024 14:14
Content: pointer.ToString(file.Content),
VirtualPath: pointer.ToString(file.VirtualPath),
})
if pointer.From(file.Content) != "" {
Copy link
Contributor

@puneetsarna puneetsarna Nov 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wuxu92 I am curious to know why this issue is occurring. I tried looking into the provider code and here's what I have:

  • We are using API version 2024-06-01.
  • A while back, the service never returned protectedFiles and so we used to get the information in the Read() method by decoding the information from the state and that avoided issues with diffs on repeated plans.
  • Now the service is returning protectedFiles but without content.
  • The comment and logic behind // GET does not return protected files is no longer valid.
  • If I use curl to access the configuration while specifying the API version, I get the following back:
    "protectedFiles": [
      {
        "content": null,
        "virtualPath": "/var/www/index.html"
      }
    ],

Keeping this information in mind, I built a custom provider with content of the protected file not marked as a Sensitive field to observe the diffs on repeated plans and I get the following:

I applied the configuration resource with the provider and then re-ran terraform plan

Terraform will perform the following actions:

  # azurerm_nginx_configuration.example will be updated in-place
  ~ resource "azurerm_nginx_configuration" "example" {
        id                  = "assume-the-correct-resourceID
        # (2 unchanged attributes hidden)

      - protected_file {
          - virtual_path = "/etc/nginx/site/api.conf" -> null
        }

        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you know why the provider is trying to nullify the virtualPath? This seems a little odd.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tagging @katbyte as well on the question^

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@puneetsarna The old code has a logic error, here:

output.ProtectedFile = append(output.ProtectedFile, ProtectedFile{
		Content:     pointer.ToString(file.Content),
		VirtualPath: pointer.ToString(file.VirtualPath),
})

The output.ProtectedFile was decoded with meta.Decode(&output), so it contains the content defined in the configuration and appends blocks that contain the virtual_path but no content from the above code. Consequently, subsequent terraform apply will try to remove these blocks.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it. thanks for explaining.

Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @wuxu92 LGTM 👍

@stephybun stephybun merged commit 17cf4d7 into hashicorp:main Nov 19, 2024
33 checks passed
@github-actions github-actions bot added this to the v4.11.0 milestone Nov 19, 2024
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants