[FIX] Terraform provider version inconsistency within stages #2862
Conversation
smokestacklightnin
requested review from
marcelovilla and
viniciusdc
and removed request for
marcelovilla and
viniciusdc
…etes-ingress` stage
…etes-keycloak` stage
…oak_configuration` stage
smokestacklightnin
force-pushed
the
opentofu/stages/sync-versions
branch
from
fdddddb to
dd64020
Compare
smokestacklightnin
force-pushed
the
opentofu/stages/sync-versions
branch
from
5c422da to
8923dda
Compare
…rnetes_keycloak`, and `nebari_extensions`
smokestacklightnin
force-pushed
the
opentofu/stages/sync-versions
branch
from
d8f1409 to
1c0be1e
Compare
|
I've executed the changes I intended to make, however, when running Nebari, submodules are not inheriting required providers from the parent module. In particular, this is happening in some of the following modules: Just to see if it would work, I tried adding the correct required providers to those locations. It worked, so this suggest that it might be a good option to be able to dynamically inject required providers from @viniciusdc Do you have any input? CC: @marcelovilla |
…c-versions-inject-from-parent
…opentofu/stages/sync-versions
|
My honest opinion is that it is easier to inject submodule required providers manually now and change to using inherited required providers from parent modules in the future if/when OpenTofu supports this, rather than waiting for another project to merge our changes. I also don't know Go, but am activetly trying to learn. The code I have written would be easy to remove for the injection process in submodules if OpenTofu started supporting version requirement inheritance in the future. This is because it requires minimal additional machinery, just We need this feature soon because other issues depend on updating versions (#2806, #2870, #2872). Ideas? @marcelovilla @viniciusdc @dcmcand |
smokestacklightnin
requested review from
marcelovilla,
dcmcand and
viniciusdc
and removed request for
marcelovilla
|
I will have a look, we need to make the issues with the double version we noticed before are not happening anymore. Thanks for all the fantastic work so far @smokestacklightnin |
Pinging @viniciusdc |
|
To be included in |
smokestacklightnin
force-pushed
the
opentofu/stages/sync-versions
branch
from
17ca662 to
0e82a79
Compare
smokestacklightnin
force-pushed
the
opentofu/stages/sync-versions
branch
from
991114e to
469d45e
Compare
|
I am reviewing this now |
viniciusdc
added
the
status: in review 👀
There was a problem hiding this comment.
I am encountering an error runing this localyly
[tofu]: Providers are signed by their developers.
[tofu]: If you'd like to know more about provider signing, you can read about it here:
[tofu]: https://opentofu.org/docs/cli/plugins/signing/
[tofu]: ╷
[tofu]: │ Error: Failed to query available provider packages
[tofu]: │
[tofu]: │ Could not retrieve the list of available versions for provider
[tofu]: │ hashicorp/keycloak: provider registry registry.opentofu.org does not have a
[tofu]: │ provider named registry.opentofu.org/hashicorp/keycloak
[tofu]: │
[tofu]: │ Did you intend to use mrparkers/keycloak? If so, you must specify that
[tofu]: │ source address in each module which requires that provider. To see which
[tofu]: │ modules are currently depending on hashicorp/keycloak, run the following
[tofu]: │ command:
[tofu]: │ tofu providers
[tofu]: │
[tofu]: │ If you believe this provider is missing from the registry, please submit a
[tofu]: │ issue on the OpenTofu Registry
[tofu]: │ https://github.com/opentofu/registry/issues/new/choosebut I remember this been addressed on another PR a while ago, so maybe the same fix needs to be moved here as well. It might be related to how versions were handled currently. Overall all constraints are there.
Also, there are no tests to make sure we are actually getting the correct versions and this code is doing what's supposed to do, so I will include then later this week -- since CI runs a local deployment with local terraform state, we can parse the state files when they exists and compare the installed version with it's expected constraints.
| root_path = pathlib.Path(root) | ||
| if any(filename.endswith(".tf") for filename in filenames) and ( | ||
| pathlib.PosixPath("modules") | ||
| in root_path.relative_to(self.template_directory).parents | ||
| ): | ||
| contents[ | ||
| pathlib.Path( | ||
| self.stage_prefix, | ||
| pathlib.Path.relative_to( | ||
| root_path, | ||
| self.template_directory, | ||
| ), | ||
| ) | ||
| / "_nebari.tf.json" | ||
| ] = opentofu.tf_render_objects(self._tf_objects_required_providers()) | ||
|
|
There was a problem hiding this comment.
If I understood correctly, this was included since we also wanted to render the _tf.json files for the module versions right? I've been testing this locally so far today, and even without this the actual versions have been correctly used by each stage and its underlying modules. I will follow on what we discussed back then to refresh my head around why we went this route, but we might not need ti anymore :)
| elif self.config.provider == schema.ProviderEnum.local: | ||
| return [ | ||
| *resources, | ||
| NebariOpentofuRequiredProvider("kind", self.config), |
There was a problem hiding this comment.
I think originally, I had in mind a *RequiredProviders class for accommodating all providers for each stage in a single sweep, but this also does the job.
Reference Issues or PRs
Fixes #2614
What does this implement/fix?
Put a
xin the boxes that applyTesting
How to test this PR?
Any other comments?
The main change in this PR is that Terraform/OpenTofu versions and required providers are removed from the stage templates and instead injected via
stages.tf_objectswith version data fromconstants.py.stages.tf_objects.NebariOpentofuRequiredVersionandstages.tf_objects.NebariOpentofuRequiredProviderwere added.Now all subclasses of
NebariTerraformStagepresent with atf_objectsmethod exceptterraform_statewill call include the result ofsuper().tf_objectsin their return value:This way we can also inject
NebariOpentofuRequiredVersionintoNebariTerraformStageand have subclasses inherit it.