Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Framework allows top-level schema attributes that conflict with Terraform meta-arguments #548

Merged
merged 4 commits into from
Dec 12, 2022
Merged

Fix Framework allows top-level schema attributes that conflict with Terraform meta-arguments #548

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b13eb0b
Adding Validate() function to provider, resource and data source sche…
bendbennett Dec 1, 2022
fa17494
Merge branch 'main' into bendbennett/issues-136
bendbennett Dec 1, 2022
3b6ca6a
Apply suggestions from code review
bendbennett Dec 12, 2022
492e756
Merge branch 'main' into bendbennett/issues-136
bendbennett Dec 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .changelog/548.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
```release-note:bug
provider: Add `Validate` function to `Schema` to prevent usage of reserved and invalid names for attributes and blocks
```

```release-note:bug
provider: Add `Validate` function to `MetaSchema` to prevent usage of reserved and invalid names for attributes and blocks
```

```release-note:bug
resource: Add `Validate` function to `Schema` to prevent usage of reserved and invalid names for attributes and blocks
```

```release-note:bug
datasource: Add `Validate` function to `Schema` to prevent usage of reserved and invalid names for attributes and blocks
```
129 changes: 128 additions & 1 deletion datasource/schema/schema.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,15 @@ package schema

import (
"context"
"fmt"
"regexp"

"github.com/hashicorp/terraform-plugin-go/tftypes"

"github.com/hashicorp/terraform-plugin-framework/attr"
"github.com/hashicorp/terraform-plugin-framework/diag"
"github.com/hashicorp/terraform-plugin-framework/internal/fwschema"
"github.com/hashicorp/terraform-plugin-framework/path"
"github.com/hashicorp/terraform-plugin-go/tftypes"
)

// Schema must satify the fwschema.Schema interface.
Expand Down Expand Up @@ -122,6 +125,130 @@ func (s Schema) TypeAtTerraformPath(ctx context.Context, p *tftypes.AttributePat
return fwschema.SchemaTypeAtTerraformPath(ctx, s, p)
}

// Validate verifies that the schema is not using a reserved field name for a top-level attribute.
func (s Schema) Validate() diag.Diagnostics {
var diags diag.Diagnostics

// Raise error diagnostics when data source configuration uses reserved
// field names for root-level attributes.
reservedFieldNames := map[string]struct{}{
"connection": {},
"count": {},
"depends_on": {},
"lifecycle": {},
"provider": {},
"provisioner": {},
}

attributes := s.GetAttributes()

for k, v := range attributes {
if _, ok := reservedFieldNames[k]; ok {
diags.AddAttributeError(
path.Root(k),
"Schema Using Reserved Field Name",
fmt.Sprintf("%q is a reserved field name", k),
)
}

d := validateAttributeFieldName(path.Root(k), k, v)

diags.Append(d...)
}

blocks := s.GetBlocks()

for k, v := range blocks {
if _, ok := reservedFieldNames[k]; ok {
diags.AddAttributeError(
path.Root(k),
"Schema Using Reserved Field Name",
fmt.Sprintf("%q is a reserved field name", k),
)
}

d := validateBlockFieldName(path.Root(k), k, v)

diags.Append(d...)
}

return diags
}

// validFieldNameRegex is used to verify that name used for attributes and blocks
// comply with the defined regular expression.
var validFieldNameRegex = regexp.MustCompile("^[a-z0-9_]+$")

// validateAttributeFieldName verifies that the name used for an attribute complies with the regular
// expression defined in validFieldNameRegex.
func validateAttributeFieldName(path path.Path, name string, attr fwschema.Attribute) diag.Diagnostics {
var diags diag.Diagnostics

if !validFieldNameRegex.MatchString(name) {
diags.AddAttributeError(
path,
"Invalid Schema Field Name",
fmt.Sprintf("Field name %q is invalid, the only allowed characters are a-z, 0-9 and _. This is always a problem with the provider and should be reported to the provider developer.", name),
)
}

if na, ok := attr.(fwschema.NestedAttribute); ok {
nestedObject := na.GetNestedObject()

if nestedObject == nil {
return diags
}

attributes := nestedObject.GetAttributes()

for k, v := range attributes {
d := validateAttributeFieldName(path.AtName(k), k, v)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the nested attributes might be done using list, map, or set mode, we'll also need to account for adding those intermediate steps (AtListIndex, AtMapKey, AtSetValue) to the path. We're not looking at a real configuration though, so it's a little awkward to make it "correct", although Terraform likely won't show the source configuration matching the path information when it is returned by the GetProviderSchema RPC.

Let's create a followup issue, but we should likely try to fix up this path information and consider including it in the diagnostic details in case it is not in Terraform's output. Maybe we can use something like the zero-value (e.g. AtListIndex(0), AtMapKey(""), AtSetValue(/* ? */)) for describing those intermediate path steps for static validation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#574


diags.Append(d...)
}
}

return diags
}

// validateBlockFieldName verifies that the name used for a block complies with the regular
// expression defined in validFieldNameRegex.
func validateBlockFieldName(path path.Path, name string, b fwschema.Block) diag.Diagnostics {
var diags diag.Diagnostics

if !validFieldNameRegex.MatchString(name) {
diags.AddAttributeError(
path,
"Invalid Schema Field Name",
fmt.Sprintf("Field name %q is invalid, the only allowed characters are a-z, 0-9 and _. This is always a problem with the provider and should be reported to the provider developer.", name),
)
}

nestedObject := b.GetNestedObject()

if nestedObject == nil {
return diags
}

blocks := nestedObject.GetBlocks()

for k, v := range blocks {
d := validateBlockFieldName(path.AtName(k), k, v)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similarly for block pathing and block nesting modes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#574


diags.Append(d...)
}

attributes := nestedObject.GetAttributes()

for k, v := range attributes {
d := validateAttributeFieldName(path.AtName(k), k, v)

diags.Append(d...)
}

return diags
}

// schemaAttributes is a datasource to fwschema type conversion function.
func schemaAttributes(attributes map[string]Attribute) map[string]fwschema.Attribute {
result := make(map[string]fwschema.Attribute, len(attributes))
Expand Down
Loading