-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nginx
: fix nginx configuration acc test
#27734
Conversation
lifecycle { | ||
ignore_changes = [protected_file] | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is indicative of a bug. is the entire block or just the contents not returned?
either way the correct fix is to pull the value over from config/state on read via d.get so this is not required
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just an FYI: We have updated the protect files swagger to return some contents (I think just the hash but have to double check) and might be why the block is returning something which you are trying to ignore vi ignore_changes
?
Instead of doing this, can I please request that you disable the test or the specific portion of the protected files test to avoid losing full coverage and we revisit it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is indicative of a bug. is the entire block or just the contents not returned?
either way the correct fix is to pull the value over from config/state on read via d.get so this is not required
The value was retrieved from the state in
terraform-provider-azurerm/internal/services/nginx/nginx_configuration_resource.go
Line 241 in 8bd154f
if err := meta.Decode(&output); err != nil { |
No employee profile was found in Jarvis for xxx with GTM azure subscription xxxx
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @wuxu92 Can you elaborate what the error is that you shared in this message?
Also what is the issue that you are seeing that you have to use ignore_changes
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I see the problem. The service provider API has moved forward. Earlier on, protected files, once submitted, were not returned but now they are returned without its contents.
That's probably why you see a diff where TF is trying to remove the block as it is not expecting to see it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given this is an additive change, I think we can safely handle it in terraform.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@puneetsarna that's it.I updated the read logic and I'll test it later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@katbyte @puneetsarna The tests have passed.
Content: pointer.ToString(file.Content), | ||
VirtualPath: pointer.ToString(file.VirtualPath), | ||
}) | ||
if pointer.From(file.Content) != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wuxu92 I am curious to know why this issue is occurring. I tried looking into the provider code and here's what I have:
- We are using API version 2024-06-01.
- A while back, the service never returned
protectedFiles
and so we used to get the information in theRead()
method by decoding the information from the state and that avoided issues with diffs on repeated plans. - Now the service is returning
protectedFiles
but withoutcontent
. - The comment and logic behind
// GET does not return protected files
is no longer valid. - If I use
curl
to access the configuration while specifying the API version, I get the following back:
"protectedFiles": [
{
"content": null,
"virtualPath": "/var/www/index.html"
}
],
Keeping this information in mind, I built a custom provider with content
of the protected file not marked as a Sensitive
field to observe the diffs on repeated plans and I get the following:
I applied the configuration resource with the provider and then re-ran terraform plan
Terraform will perform the following actions:
# azurerm_nginx_configuration.example will be updated in-place
~ resource "azurerm_nginx_configuration" "example" {
id = "assume-the-correct-resourceID
# (2 unchanged attributes hidden)
- protected_file {
- virtual_path = "/etc/nginx/site/api.conf" -> null
}
# (2 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you know why the provider is trying to nullify the virtualPath
? This seems a little odd.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tagging @katbyte as well on the question^
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@puneetsarna The old code has a logic error, here:
output.ProtectedFile = append(output.ProtectedFile, ProtectedFile{
Content: pointer.ToString(file.Content),
VirtualPath: pointer.ToString(file.VirtualPath),
})
The output.ProtectedFile
was decoded with meta.Decode(&output)
, so it contains the content defined in the configuration and appends blocks that contain the virtual_path but no content from the above code. Consequently, subsequent terraform apply will try to remove these blocks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
got it. thanks for explaining.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @wuxu92 LGTM 👍
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Fix failure of: