Skip to content

Validate identity in import response #36893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 29, 2025
Merged

Validate identity in import response #36893

merged 1 commit into from
Apr 29, 2025

Conversation

@dbanck
Copy link
Member

@dbanck dbanck commented Apr 16, 2025

This PR adds a check to ensure that the import RPC returns an identity when Terraform is doing an import by identity.

Target Release

1.12.x

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@dbanck dbanck added no-changelog-needed Add this to your PR if the change does not require a changelog entry 1.12-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged labels Apr 16, 2025
@dbanck dbanck requested a review from a team as a code owner April 16, 2025 10:33
SarahFrench
SarahFrench reviewed Apr 16, 2025
View reviewed changes
internal/terraform/node_resource_plan_instance.go
}

// Providers are supposed to return an identity when importing by identity
if importTarget.Type().IsObjectType() && imported[0].Identity.IsNull() {
Copy link
Member

@SarahFrench SarahFrench Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👋🏻 I'm dipping my toe into Resource Identity stuff as this PR looked manageable for a newbie.

At this point could the importType still be either "ID" or "Identity"? If Terraform was trying to import by ID, would the identity being null still be a problem here?

Copy link
Member

@SarahFrench SarahFrench Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically I'm wondering if the condition also needs importType == "Identity" in it

Copy link
Member Author

@dbanck dbanck Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're doing the same check (importTarget.Type().IsObjectType()) further up to set the value of importType.

So checking importType == "Identity" is equal to checking importTarget.Type().IsObjectType()

Copy link
Member

@SarahFrench SarahFrench Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes I understand now, thanks! 😅

Copy link
Member Author

@dbanck dbanck Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think changing importTarget.Type().IsObjectType() to importType == "Identity" would make it more readable in this case?

The sprinkled .IsObjectType() checks trough the codebase feel a bit odd to me

Copy link
Member

@SarahFrench SarahFrench Apr 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As someone less familiar with the code I think it'd be clearer if there was something more explicit like importType used in conditional logic, versus the implicit meaning of having object-type or string data as the target.

Maybe the strings "ID" and "Identity" could be made into constants to help with any comparison expressions

Copy link
Member

@jbardin jbardin Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what would be more descriptive if you're unfamiliar with the code. The prior knowledge of knowing the difference in usage of a string vs an object isn't far from knowing the difference between ID and Identity. I'd rather not have multiple fields that need to be updated in concert, since that invites them to end up out of sync, so the other option would probably be a struct containing an enum of the possible types, providing a type declaration with appropriate comments. We already have an ImportTarget type which could be used, though that might have been dropped because it makes some other part of the expansion code simpler.

@dbanck dbanck force-pushed the dbanck/validate-import-response branch from 7d71ed5 to 3427d3c Compare April 29, 2025 12:51
@dbanck dbanck merged commit 2c12602 into main Apr 29, 2025
12 of 14 checks passed
@dbanck dbanck deleted the dbanck/validate-import-response branch April 29, 2025 13:01
@github-actions github-actions bot mentioned this pull request Apr 29, 2025
Merged
2 tasks
@github-actions
Copy link
Contributor

github-actions bot commented May 30, 2025

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 30, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jbardin jbardin jbardin left review comments

@SarahFrench SarahFrench SarahFrench approved these changes

Assignees

No one assigned

Labels

1.12-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged no-changelog-needed Add this to your PR if the change does not require a changelog entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dbanck @jbardin @SarahFrench