-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FIX] Terraform provider version inconsistency within stages #2862
base: main
Are you sure you want to change the base?
[FIX] Terraform provider version inconsistency within stages #2862
Conversation
…etes-ingress` stage
…etes-keycloak` stage
…oak_configuration` stage
fdddddb
to
dd64020
Compare
5c422da
to
8923dda
Compare
…rnetes_keycloak`, and `nebari_extensions`
d8f1409
to
1c0be1e
Compare
I've executed the changes I intended to make, however, when running Nebari, submodules are not inheriting required providers from the parent module. In particular, this is happening in some of the following modules:
Just to see if it would work, I tried adding the correct required providers to those locations. It worked, so this suggest that it might be a good option to be able to dynamically inject required providers from @viniciusdc Do you have any input? CC: @marcelovilla |
Interesting. Based on the openTofu docs for the child module requirements (https://opentofu.org/docs/language/providers/requirements/), you are indeed right. We would need to inject the provider object into the modules as well. @smokestacklightnin Good catch! |
I have a proof of concept (base class, method override). The interface is up for discussion; I'd like others' opinions. If someone doesn't like my To be honest, I don't love the idea of putting root module required Terraform providers in I could conceive of some method in |
Hi @smokestacklightnin thanks for the work so far!
I also don't like this. I will play around with these changes this afternoon and some opentofu/terraform configurations to see if we can make this more concise. |
Maybe in a future PR we can have the provider settings in a separate json file, not a strong requirement though and only if viable enough |
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/hashicorp/helm" {
version = "2.16.1"
hashes = [
"redacted"
]
}
provider "registry.opentofu.org/hashicorp/kubernetes" {
version = "2.35.0"
hashes = [
"redacted"
]
}
provider "registry.opentofu.org/opentofu/helm" {
version = "2.1.2"
constraints = "2.1.2"
hashes = [
"redacted"
]
}
provider "registry.opentofu.org/opentofu/kubernetes" {
version = "2.35.0"
constraints = ">= 2.20.0"
hashes = [
"redacted"
]
} |
To give more insight, the PR as is looks great! though, during a recent deep dive with @smokestacklightnin I noticed that the warning of misconfiguration terraform spits out when not passing the direct provider blocks into the child modules might be coming due to a possible internal error with how terraform interacts with opentofu. Based on their docs https://opentofu.org/docs/internals/provider-registry-protocol/ the CLI should be able to import both available aliases for the providers nebari uses, though for many cases both There might be a configuration we missed when we migrated. |
I have simple examples of using hashicorp and terraform providers with and without injecting providers in submodules. I also included the output of
|
Moving forward, @viniciusdc and I discussed two options:
|
…c-versions-inject-from-parent
…opentofu/stages/sync-versions
My honest opinion is that it is easier to inject submodule required providers manually now and change to using inherited required providers from parent modules in the future if/when OpenTofu supports this, rather than waiting for another project to merge our changes. I also don't know Go, but am activetly trying to learn. The code I have written would be easy to remove for the injection process in submodules if OpenTofu started supporting version requirement inheritance in the future. This is because it requires minimal additional machinery, just We need this feature soon because other issues depend on updating versions (#2806, #2870, #2872). Ideas? @marcelovilla @viniciusdc @dcmcand |
I will have a look, we need to make the issues with the double version we noticed before are not happening anymore. Thanks for all the fantastic work so far @smokestacklightnin |
Pinging @viniciusdc |
To be included in |
Reference Issues or PRs
Fixes #2614
What does this implement/fix?
Put a
x
in the boxes that applyTesting
How to test this PR?
Any other comments?
The main change in this PR is that Terraform/OpenTofu versions and required providers are removed from the stage templates and instead injected via
stages.tf_objects
with version data fromconstants.py
.stages.tf_objects.NebariOpentofuRequiredVersion
andstages.tf_objects.NebariOpentofuRequiredProvider
were added.Now all subclasses of
NebariTerraformStage
present with atf_objects
method exceptterraform_state
will call include the result ofsuper().tf_objects
in their return value:This way we can also inject
NebariOpentofuRequiredVersion
intoNebariTerraformStage
and have subclasses inherit it.