feat(providers_mirror.go): providers mirror command should honor depe…

[rkhaled0]

Following up #28274 ,

As suggested, this proposal aims to honor the dependency lock file if and only if exists while executing terraform providers mirror command.

[crw]

Hi @rkhaled0, thanks for this submission! Although I cannot commit to having this PR reviewed at this time, we acknowledge your contribution and appreciate it!

Typically before accepting a PR, we require a proposed solution on the original issue that has been discussed and vetted with the core development team. For this specific solution, the primary concern is that there may be a specific historical reason why this command ignores the lock file. We would need to verify that this implementation would not inadvertently break existing implementations.

Thanks again for the submission!

[tamirkamara]

Hi @crw,
We also came across this very issue. Any chance it will be reviewed soon?

[crw]

Hi @tamirkamara, thanks for the feedback. It is unlikely to get reviewed in the near future as we are locked down for the 1.3 release. The PR would probably need more support from the community to raise to the level where it would be worth figuring out why it is implemented they way it is, however it is always possible we would consider it. For background, the intended users of this feature are other internal teams, so we would need to make sure any changes do not break a downstream product's expectations. Thanks again for your comment.

[tamirkamara]

@crw thank you for the response.
As the linked issues explain the current behavior will likely cause errors if one uses an approximate version (~>1.2.3) in a required providers block and also had a lock file. Usually this error will manifest itself in the future after the definitions were written like after a new version has been released. so from that perspective the behavior is already "not right".
I understand the focus around 1.3 and would like to understand if some progress could be made after that is done. For example, adding an option to the mirror command so that it will take the lock file into account. That way this will be an opt-in approach not breaking other processes anyone might have.
WDYT?

[rkhaled0]

Hi @crw ,
any update about this issue ?

[crw]

Thanks! I found the notes on this PR. There was a concern that would need to be addressed by the development team, that may not get prioritized due to mirror being an interface designed primarily for Terraform Enterprise (TFE). Specifically, there is concern that there may be some edge-case reason why mirror does not use the lockfile that could cause downstream problems with TFE. That would need to be investigated before we could accept this change.

That said, I'll bring this up in triage again and see what it would take to do such an investigation. Thanks for continued commitment to this PR.

[rkhaled0]

thanks for clarifying @crw ,
could we consider an opt-in approach suggested by @tamirkamara to prevent any downstream issues w/ TFE ?
I let you consider this change w/ TFE experts.

looking forward to hear TFE experts suggestion.

[alisdair]

Hi @rkhaled0, thanks for working on this.

This PR is a little early, as we don't yet have an agreed way forward in the linked issue, and the fix here is likely overly simple. The original report describes some unanswered questions about conflicts between configuration and lockfile, which this PR doesn't address.

As a result I'm going to close this PR for now. I'd welcome a followup once we have a more comprehensive design for the solution. I'll discuss the problem with the core team and report back on the linked issue. Thanks again!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.