Adding support for null BoolOption values to TF provider
#52430
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
requested review from
hugoShaka,
marcoandredinis and
tigrato
eriktate
commented
Feb 24, 2025
hugoShaka
reviewed
Feb 24, 2025
There was a problem hiding this comment.
This is a heavily breaking change and should not be backported. If the option was not set at all, we applied the defaults. However if one of the role topion fields was set, we defaulted all the others to false.
Doing this change will turn them back to their teleport default value, potentially changing the user's roles and allowing things like X11 forwarding. I think this is worth fixing, but we should do it in a major version, with the apropriate warnings and explanations in the changelog.
As I lacked the time to do it in v17, I only fixed the token bools. If we do fix the role bools as well, we should merge the token tfschema back into the main one.
See #40283 for more details
eriktate
force-pushed
the
eriktate/fix-tf-role-port-forwarding
branch
3 times, most recently
from
67d74eb to
ca07f50
Compare
hugoShaka
approved these changes
Mar 6, 2025
marcoandredinis
approved these changes
Mar 7, 2025
public-teleport-github-review-bot
bot
removed the request for review
from tigrato
…n schema back into the main tfschema, and marking flags with default values as computed
… state value The previous commits from Erik are fixing the role options default computation. This is great but surfaces a new issue: our TF provider doers not behave properly when default logic changes as it keeps using the value from its state. This commit makes Terraform re-compute the role.spec.options from the original user config instead of the state. This makes sure that TF options are the same regardless of which TF provider version created the resource initially.
eriktate
force-pushed
the
eriktate/fix-tf-role-port-forwarding
branch
from
be83200 to
c52c7ea
Compare
eriktate
force-pushed
the
eriktate/fix-tf-role-port-forwarding
branch
from
c52c7ea to
92794b5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The terraform provider coerces
BoolOptionvalues into eithertrueorfalserather than allowing for fields to benull. This PR adds an alias calledNullBoolOptionthat can be specified for fields wherenullandfalseare semantically different. I believe this was the original intended behavior forBoolOptionvalues, but I opted to add the alias to avoid changing existing behavior in a way that might not be backwards compatible.changelog: Fixed an issue preventing the use of the
ssh_port_forwardingrole option when using the terraform provider.