-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attributes inside nested block are not validated #805
Comments
Hi there @mkuzmin 👋🏻 ! The
Can you share the schema and terraform config of your code that you're expecting to produce a validation error? Thanks! |
Drive-by note to leave some additional breadcrumbs/linking/context: on the Terraform core side of things, https://developer.hashicorp.com/terraform/language/expressions/types#maps-objects is the relevant documentation here. It could potentially use some more verbiage about maps having arbitrary key names while objects have defined attribute names. That change would need to occur upstream. On the provider side of things, https://developer.hashicorp.com/terraform/plugin/framework/handling-data/attributes#map is potentially missing a word like "arbitrary" in front of "string keys". We do have plans to expand the framework type documentation via #695 so its not all colocated on one page and maybe that separation via navigation could help. |
I think I've seen the behavior described by @mkuzmin. In my case, it happens in an object that's nested within a map. The following terraform config validates okay in spite of terraform {
required_providers {
apstra = {
source = "Juniper/apstra"
version = "0.21.0"
}
}
}
resource "apstra_rack_type" "r" {
name = "test"
fabric_connectivity_design = "l3clos"
leaf_switches = { # this is a map
foo = { # foo is the key, but the value at "foo" is an object
logical_device_id = "ld_id"
spine_link_speed = "10G"
spine_link_count = 1
bogus_attribute = "you betcha" # <= I'd have expected a validation error here
}
}
} |
One thing we could confirm in @chrismarget-j's case is whether or not those extra keys/attribute names are actually passed across the protocol. They likely are not since Terraform core should be using the provider schema information to build the configuration, proposed new state, and prior state data values that get sent across the protocol. We can try to get this information by setting the My hunch though is that this is all behavior on the core side and the issue would need to be filed over there since the provider side likely never even receives those extra keys/attribute names. For the original case though, @austinvalle's comment above should apply about maps always accepting arbitrary keys. |
This type of validation is also failing to fail for me with a
|
I spent a few minutes doing the investigative work mentioned above to check that the extraneous information is not something that is sent across the protocol and it seems to confirm that this is not something we can handle on the provider side of the protocol. Please feel free to double check in your own cases. Given the following configuration: resource "framework_schema" "test" {
single_nested_attribute = {
single_nested_attribute_attribute = "value1"
non_existent = "oops" # not in the schema
}
} Terraform core is sending only the known schema attribute information across the protocol during the {
"key": {
"length": 23,
"type": "fixstr",
"value": "single_nested_attribute"
},
"value": {
"length": 1,
"pairs": [
{
"key": {
"length": 33,
"type": "str8",
"value": "single_nested_attribute_attribute"
},
"value": {
"length": 6,
"type": "fixstr",
"value": "value1"
}
}
],
"type": "fixmap"
}
}, Therefore, it would require an enhancement in Terraform core (which parses the configuration and reads provider schemas) for Terraform to raise any sort of configuration error in these cases. My suggestion would be to file an issue in their issue tracker: https://github.com/hashicorp/terraform/issues Please find some similar issue references (but nothing that is configuration and provider schema specific) since Terraform's configuration handling behavior of allowing extra object attribute names may be more of a configuration design choice:
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Module version
Terraform Configuration Files
This is an example with official provider to reproduce the issue easier. I get the same behavior with my custom code.
Expected Behavior
Validation should fail:
Actual Behavior
Error is ignored:
The text was updated successfully, but these errors were encountered: