Invalid Provider Server Combination #293
Comments
bflad
added a commit
that referenced
this issue
Apr 21, 2023
…rovider environment variables to descriptions Reference: #293 Using terraform-plugin-mux requires the provider schemas of all underlying provider implementations to exactly match to prevent confusing behavior. One legacy quirk of terraform-plugin-sdk was that it allows an attribute to be marked in a schema as required, but also support optional configuration via a default. This confusing definition of configuration requirement is no longer supported in terraform-plugin-framework. This changeset includes the following: - Adjusts the provider acceptance testing to always use mux server (except for the two remaining sdk resources), similar to the production binary. - Adjusts the provider schema definitions to always use optional when the configuration value may be sourced from environment variable. - Adjusts the provider schema descriptions to call out the associated environment variable name for configuration. Using hashicorp/terraform-plugin-mux#153 to workaround an upstream terraform-plugin-mux issue, the following acceptance test failure was observable: ``` === RUN TestAccProvider_Update_Server_Env provider_test.go:166: Step 1/1 error: Error running pre-apply refresh: exit status 1 Error: failed to read schema for data.dns_a_record_set.test in registry.terraform.io/hashicorp/dns: failed to retrieve schema from provider "registry.terraform.io/hashicorp/dns": Invalid Provider Server Combination: The combined provider has differing provider schema implementations across providers. Provider schemas must be identical across providers. This is always an issue in the provider implementation and should be reported to the provider developers. Provider schema difference: &tfprotov5.Schema{ Version: 0, Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: nil, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "update", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: []*tfprotov5.SchemaAttribute{ ... // 3 identical elements &{Name: "port", Type: s"tftypes.Number", Description: "The target UDP port on the server where updates are sent to. Def"..., Optional: true, ...}, &{Name: "retries", Type: s"tftypes.Number", Description: "How many times to retry on connection timeout. Defaults to `3`.", Optional: true, ...}, &{ Name: "server", Type: s"tftypes.String", Description: "The hostname or IP address of the DNS server to send updates to.", - Required: false, + Required: true, - Optional: true, + Optional: false, Computed: false, Sensitive: false, ... // 2 identical fields }, &{Name: "timeout", Type: s"tftypes.String", Description: "Timeout for DNS queries. Valid values are durations expressed as"..., Optional: true, ...}, &{Name: "transport", Type: s"tftypes.String", Description: "Transport to use for DNS queries. Valid values are `udp`, `udp4`"..., Optional: true, ...}, }, BlockTypes: {&{TypeName: "gssapi", Block: &{Attributes: {&{Name: "keytab", Type: s"tftypes.String", Description: "This or `password` is required if `username` is set, not support"..., Optional: true, ...}, &{Name: "password", Type: s"tftypes.String", Description: "This or `keytab` is required if `username` is set. The matching "..., Optional: true, ...}, &{Name: "realm", Type: s"tftypes.String", Description: "The Kerberos realm or Active Directory domain.", Required: true, ...}, &{Name: "username", Type: s"tftypes.String", Description: "The name of the user to authenticate as. If not set the current "..., Optional: true, ...}}, Description: "A `gssapi` block. Only one `gssapi` block may be in the configur"...}, Nesting: s"LIST"}}, Description: "When the provider is used for DNS updates, this block is required.", ... // 2 identical fields }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "", DescriptionKind: s"PLAIN", Deprecated: false, }, } --- FAIL: TestAccProvider_Update_Server_Env (0.38s) ``` Similarly, the same issue could occur with the realm: ``` === RUN TestAccProvider_Update_Server_Env provider_test.go:166: Step 1/1 error: Error running pre-apply refresh: exit status 1 Error: failed to read schema for data.dns_a_record_set.test in registry.terraform.io/hashicorp/dns: failed to retrieve schema from provider "registry.terraform.io/hashicorp/dns": Invalid Provider Server Combination: The combined provider has differing provider schema implementations across providers. Provider schemas must be identical across providers. This is always an issue in the provider implementation and should be reported to the provider developers. Provider schema difference: &tfprotov5.Schema{ Version: 0, Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: nil, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "update", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: {&{Name: "key_algorithm", Type: s"tftypes.String", Description: "Required if `key_name` is set. When using TSIG authentication, t"..., Optional: true, ...}, &{Name: "key_name", Type: s"tftypes.String", Description: "The name of the TSIG key used to sign the DNS update messages.", Optional: true, ...}, &{Name: "key_secret", Type: s"tftypes.String", Description: "Required if `key_name` is set\nA Base64-encoded string containing"..., Optional: true, ...}, &{Name: "port", Type: s"tftypes.Number", Description: "The target UDP port on the server where updates are sent to. Def"..., Optional: true, ...}, ...}, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "gssapi", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: []*tfprotov5.SchemaAttribute{ &{Name: "keytab", Type: s"tftypes.String", Description: "This or `password` is required if `username` is set, not support"..., Optional: true, ...}, &{Name: "password", Type: s"tftypes.String", Description: "This or `keytab` is required if `username` is set. The matching "..., Optional: true, ...}, &{ Name: "realm", Type: s"tftypes.String", Description: "The Kerberos realm or Active Directory domain.", - Required: false, + Required: true, - Optional: true, + Optional: false, Computed: false, Sensitive: false, ... // 2 identical fields }, &{Name: "username", Type: s"tftypes.String", Description: "The name of the user to authenticate as. If not set the current "..., Optional: true, ...}, }, BlockTypes: nil, Description: "A `gssapi` block. Only one `gssapi` block may be in the configur"..., ... // 2 identical fields }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "When the provider is used for DNS updates, this block is required.", DescriptionKind: s"PLAIN", Deprecated: false, }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "", DescriptionKind: s"PLAIN", Deprecated: false, }, } --- FAIL: TestAccProvider_Update_Server_Env (0.12s) ```
bflad
added a commit
that referenced
this issue
Apr 21, 2023
…rovider environment variables to descriptions Reference: #293 Using terraform-plugin-mux requires the provider schemas of all underlying provider implementations to exactly match to prevent confusing behavior. One legacy quirk of terraform-plugin-sdk was that it allows an attribute to be marked in a schema as required, but also support optional configuration via a default. This confusing definition of configuration requirement is no longer supported in terraform-plugin-framework. This changeset includes the following: - Adjusts the provider acceptance testing to always use mux server (except for the two remaining sdk resources), similar to the production binary. - Adjusts the provider schema definitions to always use optional when the configuration value may be sourced from environment variable. - Adjusts the provider schema descriptions to call out the associated environment variable name for configuration. - Adjusts the provider schema validations to only be handled by terraform-plugin-framework to prevent confusing or duplicate diagnostics Using hashicorp/terraform-plugin-mux#153 to workaround an upstream terraform-plugin-mux issue, the following acceptance test failure was observable: ``` === RUN TestAccProvider_Update_Server_Env provider_test.go:166: Step 1/1 error: Error running pre-apply refresh: exit status 1 Error: failed to read schema for data.dns_a_record_set.test in registry.terraform.io/hashicorp/dns: failed to retrieve schema from provider "registry.terraform.io/hashicorp/dns": Invalid Provider Server Combination: The combined provider has differing provider schema implementations across providers. Provider schemas must be identical across providers. This is always an issue in the provider implementation and should be reported to the provider developers. Provider schema difference: &tfprotov5.Schema{ Version: 0, Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: nil, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "update", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: []*tfprotov5.SchemaAttribute{ ... // 3 identical elements &{Name: "port", Type: s"tftypes.Number", Description: "The target UDP port on the server where updates are sent to. Def"..., Optional: true, ...}, &{Name: "retries", Type: s"tftypes.Number", Description: "How many times to retry on connection timeout. Defaults to `3`.", Optional: true, ...}, &{ Name: "server", Type: s"tftypes.String", Description: "The hostname or IP address of the DNS server to send updates to.", - Required: false, + Required: true, - Optional: true, + Optional: false, Computed: false, Sensitive: false, ... // 2 identical fields }, &{Name: "timeout", Type: s"tftypes.String", Description: "Timeout for DNS queries. Valid values are durations expressed as"..., Optional: true, ...}, &{Name: "transport", Type: s"tftypes.String", Description: "Transport to use for DNS queries. Valid values are `udp`, `udp4`"..., Optional: true, ...}, }, BlockTypes: {&{TypeName: "gssapi", Block: &{Attributes: {&{Name: "keytab", Type: s"tftypes.String", Description: "This or `password` is required if `username` is set, not support"..., Optional: true, ...}, &{Name: "password", Type: s"tftypes.String", Description: "This or `keytab` is required if `username` is set. The matching "..., Optional: true, ...}, &{Name: "realm", Type: s"tftypes.String", Description: "The Kerberos realm or Active Directory domain.", Required: true, ...}, &{Name: "username", Type: s"tftypes.String", Description: "The name of the user to authenticate as. If not set the current "..., Optional: true, ...}}, Description: "A `gssapi` block. Only one `gssapi` block may be in the configur"...}, Nesting: s"LIST"}}, Description: "When the provider is used for DNS updates, this block is required.", ... // 2 identical fields }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "", DescriptionKind: s"PLAIN", Deprecated: false, }, } --- FAIL: TestAccProvider_Update_Server_Env (0.38s) ``` Similarly, the same issue could occur with the realm: ``` === RUN TestAccProvider_Update_Server_Env provider_test.go:166: Step 1/1 error: Error running pre-apply refresh: exit status 1 Error: failed to read schema for data.dns_a_record_set.test in registry.terraform.io/hashicorp/dns: failed to retrieve schema from provider "registry.terraform.io/hashicorp/dns": Invalid Provider Server Combination: The combined provider has differing provider schema implementations across providers. Provider schemas must be identical across providers. This is always an issue in the provider implementation and should be reported to the provider developers. Provider schema difference: &tfprotov5.Schema{ Version: 0, Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: nil, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "update", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: {&{Name: "key_algorithm", Type: s"tftypes.String", Description: "Required if `key_name` is set. When using TSIG authentication, t"..., Optional: true, ...}, &{Name: "key_name", Type: s"tftypes.String", Description: "The name of the TSIG key used to sign the DNS update messages.", Optional: true, ...}, &{Name: "key_secret", Type: s"tftypes.String", Description: "Required if `key_name` is set\nA Base64-encoded string containing"..., Optional: true, ...}, &{Name: "port", Type: s"tftypes.Number", Description: "The target UDP port on the server where updates are sent to. Def"..., Optional: true, ...}, ...}, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "gssapi", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: []*tfprotov5.SchemaAttribute{ &{Name: "keytab", Type: s"tftypes.String", Description: "This or `password` is required if `username` is set, not support"..., Optional: true, ...}, &{Name: "password", Type: s"tftypes.String", Description: "This or `keytab` is required if `username` is set. The matching "..., Optional: true, ...}, &{ Name: "realm", Type: s"tftypes.String", Description: "The Kerberos realm or Active Directory domain.", - Required: false, + Required: true, - Optional: true, + Optional: false, Computed: false, Sensitive: false, ... // 2 identical fields }, &{Name: "username", Type: s"tftypes.String", Description: "The name of the user to authenticate as. If not set the current "..., Optional: true, ...}, }, BlockTypes: nil, Description: "A `gssapi` block. Only one `gssapi` block may be in the configur"..., ... // 2 identical fields }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "When the provider is used for DNS updates, this block is required.", DescriptionKind: s"PLAIN", Deprecated: false, }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "", DescriptionKind: s"PLAIN", Deprecated: false, }, } --- FAIL: TestAccProvider_Update_Server_Env (0.12s) ```
bflad
added a commit
that referenced
this issue
Apr 21, 2023
…rovider environment variables to descriptions (#294) Reference: #293 Using terraform-plugin-mux requires the provider schemas of all underlying provider implementations to exactly match to prevent confusing behavior. One legacy quirk of terraform-plugin-sdk was that it allows an attribute to be marked in a schema as required, but also support optional configuration via a default. This confusing definition of configuration requirement is no longer supported in terraform-plugin-framework. This changeset includes the following: - Adjusts the provider acceptance testing to always use mux server (except for the two remaining sdk resources), similar to the production binary. - Adjusts the provider schema definitions to always use optional when the configuration value may be sourced from environment variable. - Adjusts the provider schema descriptions to call out the associated environment variable name for configuration. - Adjusts the provider schema validations to only be handled by terraform-plugin-framework to prevent confusing or duplicate diagnostics Using hashicorp/terraform-plugin-mux#153 to workaround an upstream terraform-plugin-mux issue, the following acceptance test failure was observable: ``` === RUN TestAccProvider_Update_Server_Env provider_test.go:166: Step 1/1 error: Error running pre-apply refresh: exit status 1 Error: failed to read schema for data.dns_a_record_set.test in registry.terraform.io/hashicorp/dns: failed to retrieve schema from provider "registry.terraform.io/hashicorp/dns": Invalid Provider Server Combination: The combined provider has differing provider schema implementations across providers. Provider schemas must be identical across providers. This is always an issue in the provider implementation and should be reported to the provider developers. Provider schema difference: &tfprotov5.Schema{ Version: 0, Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: nil, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "update", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: []*tfprotov5.SchemaAttribute{ ... // 3 identical elements &{Name: "port", Type: s"tftypes.Number", Description: "The target UDP port on the server where updates are sent to. Def"..., Optional: true, ...}, &{Name: "retries", Type: s"tftypes.Number", Description: "How many times to retry on connection timeout. Defaults to `3`.", Optional: true, ...}, &{ Name: "server", Type: s"tftypes.String", Description: "The hostname or IP address of the DNS server to send updates to.", - Required: false, + Required: true, - Optional: true, + Optional: false, Computed: false, Sensitive: false, ... // 2 identical fields }, &{Name: "timeout", Type: s"tftypes.String", Description: "Timeout for DNS queries. Valid values are durations expressed as"..., Optional: true, ...}, &{Name: "transport", Type: s"tftypes.String", Description: "Transport to use for DNS queries. Valid values are `udp`, `udp4`"..., Optional: true, ...}, }, BlockTypes: {&{TypeName: "gssapi", Block: &{Attributes: {&{Name: "keytab", Type: s"tftypes.String", Description: "This or `password` is required if `username` is set, not support"..., Optional: true, ...}, &{Name: "password", Type: s"tftypes.String", Description: "This or `keytab` is required if `username` is set. The matching "..., Optional: true, ...}, &{Name: "realm", Type: s"tftypes.String", Description: "The Kerberos realm or Active Directory domain.", Required: true, ...}, &{Name: "username", Type: s"tftypes.String", Description: "The name of the user to authenticate as. If not set the current "..., Optional: true, ...}}, Description: "A `gssapi` block. Only one `gssapi` block may be in the configur"...}, Nesting: s"LIST"}}, Description: "When the provider is used for DNS updates, this block is required.", ... // 2 identical fields }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "", DescriptionKind: s"PLAIN", Deprecated: false, }, } --- FAIL: TestAccProvider_Update_Server_Env (0.38s) ``` Similarly, the same issue could occur with the realm: ``` === RUN TestAccProvider_Update_Server_Env provider_test.go:166: Step 1/1 error: Error running pre-apply refresh: exit status 1 Error: failed to read schema for data.dns_a_record_set.test in registry.terraform.io/hashicorp/dns: failed to retrieve schema from provider "registry.terraform.io/hashicorp/dns": Invalid Provider Server Combination: The combined provider has differing provider schema implementations across providers. Provider schemas must be identical across providers. This is always an issue in the provider implementation and should be reported to the provider developers. Provider schema difference: &tfprotov5.Schema{ Version: 0, Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: nil, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "update", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: {&{Name: "key_algorithm", Type: s"tftypes.String", Description: "Required if `key_name` is set. When using TSIG authentication, t"..., Optional: true, ...}, &{Name: "key_name", Type: s"tftypes.String", Description: "The name of the TSIG key used to sign the DNS update messages.", Optional: true, ...}, &{Name: "key_secret", Type: s"tftypes.String", Description: "Required if `key_name` is set\nA Base64-encoded string containing"..., Optional: true, ...}, &{Name: "port", Type: s"tftypes.Number", Description: "The target UDP port on the server where updates are sent to. Def"..., Optional: true, ...}, ...}, BlockTypes: []*tfprotov5.SchemaNestedBlock{ &{ TypeName: "gssapi", Block: &tfprotov5.SchemaBlock{ Version: 0, Attributes: []*tfprotov5.SchemaAttribute{ &{Name: "keytab", Type: s"tftypes.String", Description: "This or `password` is required if `username` is set, not support"..., Optional: true, ...}, &{Name: "password", Type: s"tftypes.String", Description: "This or `keytab` is required if `username` is set. The matching "..., Optional: true, ...}, &{ Name: "realm", Type: s"tftypes.String", Description: "The Kerberos realm or Active Directory domain.", - Required: false, + Required: true, - Optional: true, + Optional: false, Computed: false, Sensitive: false, ... // 2 identical fields }, &{Name: "username", Type: s"tftypes.String", Description: "The name of the user to authenticate as. If not set the current "..., Optional: true, ...}, }, BlockTypes: nil, Description: "A `gssapi` block. Only one `gssapi` block may be in the configur"..., ... // 2 identical fields }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "When the provider is used for DNS updates, this block is required.", DescriptionKind: s"PLAIN", Deprecated: false, }, Nesting: s"LIST", ... // 2 ignored fields }, }, Description: "", DescriptionKind: s"PLAIN", Deprecated: false, }, } --- FAIL: TestAccProvider_Update_Server_Env (0.12s) ```
|
The fix for this has been merged and will release in version 3.3.2 of the provider, early next week. Thanks for the report and apologies for the provider upgrade trouble, @nick-oconnor. |
|
Np! I appreciate the quick fix. The DNS provider is nice to have. |
|
Version 3.3.2 has been released and is available in the public Terraform Registry. I was able to verify this setup which was previously failing with 3.3.1: terraform {
required_providers {
dns = {
source = "hashicorp/dns"
version = "3.3.1"
}
}
required_version = "1.4.5"
}
data "dns_a_record_set" "test" {
host = "hashicorp.com"
}
output "records" {
value = data.dns_a_record_set.test.addrs
}$ DNS_UPDATE_SERVER=example.com terraform plan
data.dns_a_record_set.test: Reading...
data.dns_a_record_set.test: Read complete after 0s [id=hashicorp.com]
Changes to Outputs:
+ records = [
+ "76.76.21.21",
]
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
Invalid Provider Server Combination
with provider["registry.terraform.io/hashicorp/dns"],
on <empty> line 0:
(source code not available)
The combined provider has differing provider schema implementations across providers. Provider schemas must be identical across providers. This is always an issue in the provider implementation and should be
reported to the provider developers.
...Is now passing (after adjusting version to 3.3.2 😄 ): $ DNS_UPDATE_SERVER=example.com terraform plan
data.dns_a_record_set.test: Reading...
data.dns_a_record_set.test: Read complete after 0s [id=hashicorp.com]
Changes to Outputs:
+ records = [
+ "76.76.21.21",
]
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
$ |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Terraform CLI and Provider Versions
terraform: v1.4.5
terraform-provider-dns: v3.3.1
Terraform Configuration
No provider config outside of the following env vars:
Expected Behavior
Terraform does not complain about the DNS provider.
Actual Behavior
Terraform complains about the provider after successfully applying changes.
Steps to Reproduce
terraform applyHow much impact is this issue causing?
Low
Logs
Additional Information
This didn't use to be an issue.
Code of Conduct
The text was updated successfully, but these errors were encountered: