[Terraform] New Terraform Provider generator #22949
Open
+7,628
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a new experimental code generator that produces HashiCorp Terraform providers from OpenAPI specifications using the Plugin Framework SDK. The generator (terraform-provider) supports: - CRUD operation detection from REST patterns and vendor extensions - Resource, data source, and model generation per API tag - HTTP client with API key, bearer token, and basic auth - Type mapping from OpenAPI/Go types to Terraform schema types - Import state support - Configurable provider name, registry address, and version Includes mustache templates for: provider, resources, data sources, models, client, go.mod, GNUmakefile, README, and example configs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add sample generation config and generated Terraform provider for the petstore OpenAPI spec, along with Go acceptance tests that exercise the provider lifecycle (create, read, update, delete, import). Generated output includes: - Provider with auth configuration (API key, bearer, basic) - Pet, User, and Store resources and data sources - Client package with HTTP client and model structs - Go acceptance tests using terraform-plugin-testing - Example Terraform configurations for each resource/data source Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Member
|
@jasondamour thank you 🙏 Would it be possible to add a github work to test the output to ensure it works? e.g. https://github.com/OpenAPITools/openapi-generator/blob/master/.github/workflows/samples-go.yaml |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
16 issues found across 51 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="modules/openapi-generator/src/main/resources/terraform-provider/resource.mustache">
<violation number="1" location="modules/openapi-generator/src/main/resources/terraform-provider/resource.mustache:109">
P2: Read treats all non-2xx responses as fatal errors, so a 404 from the API will produce a diagnostic instead of removing the resource from state, preventing drift reconciliation when the resource is deleted externally.</violation>
</file>
<file name="samples/client/petstore/terraform/internal/provider/pet_data_source.go">
<violation number="1" location="samples/client/petstore/terraform/internal/provider/pet_data_source.go:34">
P2: Data source schema marks `id` as computed-only, but Read uses `config.Id` to fetch `/pet/{id}`. This prevents users from supplying the lookup ID and leads to invalid requests; `name`/`photo_urls` are required but ignored. The data source should accept an ID input and compute the rest.</violation>
</file>
<file name="samples/client/petstore/terraform/internal/provider/user_resource_test.go">
<violation number="1" location="samples/client/petstore/terraform/internal/provider/user_resource_test.go:16">
P2: Acceptance tests hardcode usernames/emails, which can collide across parallel runs or leftover resources; Terraform testing patterns recommend randomized identifiers for resource names.</violation>
</file>
<file name="modules/openapi-generator/src/main/resources/terraform-provider/data_source.mustache">
<violation number="1" location="modules/openapi-generator/src/main/resources/terraform-provider/data_source.mustache:40">
P2: Data source schema treats every OpenAPI `isRequired` field as a Required input, and all others as Computed. OpenAPI required fields describe response shape, not user configuration; this forces users to provide response fields and breaks data source lookups. Data sources should only mark lookup inputs as Required/Optional and mark response fields as Computed.</violation>
</file>
<file name="samples/client/petstore/terraform/internal/provider/pet_resource.go">
<violation number="1" location="samples/client/petstore/terraform/internal/provider/pet_resource.go:49">
P2: Update is explicitly unsupported, but schema attributes lack RequiresReplace plan modifiers, so any config change plans an in-place update that will fail at apply. Mark configurable attributes (or use ModifyPlan) to force replacement.</violation>
</file>
<file name="modules/openapi-generator/src/main/java/org/openapitools/codegen/languages/TerraformProviderCodegen.java">
<violation number="1" location="modules/openapi-generator/src/main/java/org/openapitools/codegen/languages/TerraformProviderCodegen.java:346">
P2: Terraform schema attributes are derived only from the response (read/create) model, so write-only fields that exist only in Create/Update request bodies never appear in `tfAttributes`. This makes those fields impossible to configure in the generated provider.</violation>
</file>
<file name="samples/client/petstore/terraform/examples/data-sources/pet/data-source.tf">
<violation number="1" location="samples/client/petstore/terraform/examples/data-sources/pet/data-source.tf:2">
P2: The data source example passes `name` and `photo_urls`, but the provider implementation reads pets by `id` only. Since `id` is computed and not set from config, this example cannot work and will query `/pet/0`.</violation>
</file>
<file name="modules/openapi-generator/src/main/resources/terraform-provider/resource_model.mustache">
<violation number="1" location="modules/openapi-generator/src/main/resources/terraform-provider/resource_model.mustache:25">
P2: Conversion template omits handling for list/map/object attributes, so complex fields in tfAttributes will be ignored during ToClientModel/FromClientModel, causing data loss for such resources.</violation>
</file>
<file name="samples/client/petstore/terraform/internal/provider/store_data_source.go">
<violation number="1" location="samples/client/petstore/terraform/internal/provider/store_data_source.go:53">
P2: The generated store data source is registered but non-functional: it defines no schema attributes and Read always returns a "Not Supported" error, so any user configuration will fail at runtime.</violation>
</file>
<file name="samples/client/petstore/terraform/internal/provider/pet_model.go">
<violation number="1" location="samples/client/petstore/terraform/internal/provider/pet_model.go:21">
P2: PetModel’s conversion methods ignore Category, PhotoUrls, and Tags, so these fields are never sent to the API or stored in Terraform state, causing data loss for key pet attributes.</violation>
</file>
<file name="modules/openapi-generator/src/main/resources/terraform-provider/README.mustache">
<violation number="1" location="modules/openapi-generator/src/main/resources/terraform-provider/README.mustache:26">
P2: README omits required Terraform CLI configuration (dev_overrides or filesystem mirror) for using a locally built provider binary, so the documented `go install` + `required_providers` workflow will try to download from the registry and fail for an unpublished provider.</violation>
</file>
<file name="samples/client/petstore/terraform/internal/provider/user_data_source.go">
<violation number="1" location="samples/client/petstore/terraform/internal/provider/user_data_source.go:38">
P2: `username` is computed-only but used as the lookup key in Read, so users cannot set it and the data source will call `/user/` with an empty username. Make `username` a required (or at least optional) input attribute.</violation>
<violation number="2" location="samples/client/petstore/terraform/internal/provider/user_data_source.go:54">
P2: Password attribute is computed but not marked Sensitive, so Terraform will expose it in plan/apply output. Mark it Sensitive to prevent credential leakage.</violation>
</file>
<file name="samples/client/petstore/terraform/examples/data-sources/user/data-source.tf">
<violation number="1" location="samples/client/petstore/terraform/examples/data-sources/user/data-source.tf:1">
P2: Example directory name does not match the data source type name (`petstore_user`), which breaks terraform-plugin-docs conventions for example discovery.</violation>
</file>
<file name="samples/client/petstore/terraform/internal/provider/user_resource.go">
<violation number="1" location="samples/client/petstore/terraform/internal/provider/user_resource.go:41">
P2: `username` is used as the resource identifier in CRUD and import but is marked Optional, allowing configurations without a username and resulting in empty/invalid API paths. Make it Required.</violation>
<violation number="2" location="samples/client/petstore/terraform/internal/provider/user_resource.go:60">
P2: The password attribute is not marked Sensitive in the schema, so its value can be displayed in Terraform plan/apply output. Mark password fields as sensitive to prevent accidental exposure.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
modules/openapi-generator/src/main/resources/terraform-provider/resource.mustache
Show resolved
Hide resolved
| resp.Schema = schema.Schema{ | ||
| Description: "Fetches a pet data source.", | ||
| Attributes: map[string]schema.Attribute{ | ||
| "id": schema.Int64Attribute{ |
Contributor
There was a problem hiding this comment.
P2: Data source schema marks id as computed-only, but Read uses config.Id to fetch /pet/{id}. This prevents users from supplying the lookup ID and leads to invalid requests; name/photo_urls are required but ignored. The data source should accept an ID input and compute the rest.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/internal/provider/pet_data_source.go, line 34:
<comment>Data source schema marks `id` as computed-only, but Read uses `config.Id` to fetch `/pet/{id}`. This prevents users from supplying the lookup ID and leads to invalid requests; `name`/`photo_urls` are required but ignored. The data source should accept an ID input and compute the rest.</comment>
<file context>
@@ -0,0 +1,103 @@
+ resp.Schema = schema.Schema{
+ Description: "Fetches a pet data source.",
+ Attributes: map[string]schema.Attribute{
+ "id": schema.Int64Attribute{
+ Computed: true,
+ Description: "",
</file context>
| @@ -0,0 +1,93 @@ | |||
| package provider | |||
Contributor
There was a problem hiding this comment.
P2: Acceptance tests hardcode usernames/emails, which can collide across parallel runs or leftover resources; Terraform testing patterns recommend randomized identifiers for resource names.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/internal/provider/user_resource_test.go, line 16:
<comment>Acceptance tests hardcode usernames/emails, which can collide across parallel runs or leftover resources; Terraform testing patterns recommend randomized identifiers for resource names.</comment>
<file context>
@@ -0,0 +1,93 @@
+ Steps: []resource.TestStep{
+ // Create and Read testing
+ {
+ Config: testAccUserResourceConfig("johndoe", "John", "Doe", "john@example.com"),
+ Check: resource.ComposeAggregateTestCheckFunc(
+ resource.TestCheckResourceAttr("petstore_user.test", "username", "johndoe"),
</file context>
| Description: "Fetches a {{resourceName}} data source.", | ||
| Attributes: map[string]schema.Attribute{ | ||
| {{#tfAttributes}} | ||
| "{{terraformName}}": schema.{{#isString}}String{{/isString}}{{#isInt64}}Int64{{/isInt64}}{{#isFloat64}}Float64{{/isFloat64}}{{#isBool}}Bool{{/isBool}}{{^isString}}{{^isInt64}}{{^isFloat64}}{{^isBool}}String{{/isBool}}{{/isFloat64}}{{/isInt64}}{{/isString}}Attribute{ |
Contributor
There was a problem hiding this comment.
P2: Data source schema treats every OpenAPI isRequired field as a Required input, and all others as Computed. OpenAPI required fields describe response shape, not user configuration; this forces users to provide response fields and breaks data source lookups. Data sources should only mark lookup inputs as Required/Optional and mark response fields as Computed.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At modules/openapi-generator/src/main/resources/terraform-provider/data_source.mustache, line 40:
<comment>Data source schema treats every OpenAPI `isRequired` field as a Required input, and all others as Computed. OpenAPI required fields describe response shape, not user configuration; this forces users to provide response fields and breaks data source lookups. Data sources should only mark lookup inputs as Required/Optional and mark response fields as Computed.</comment>
<file context>
@@ -0,0 +1,108 @@
+ Description: "Fetches a {{resourceName}} data source.",
+ Attributes: map[string]schema.Attribute{
+{{#tfAttributes}}
+ "{{terraformName}}": schema.{{#isString}}String{{/isString}}{{#isInt64}}Int64{{/isInt64}}{{#isFloat64}}Float64{{/isFloat64}}{{#isBool}}Bool{{/isBool}}{{^isString}}{{^isInt64}}{{^isFloat64}}{{^isBool}}String{{/isBool}}{{/isFloat64}}{{/isInt64}}{{/isString}}Attribute{
+{{#isRequired}}
+ Required: true,
</file context>
| Optional: true, | ||
| Description: "", | ||
| }, | ||
| "name": schema.StringAttribute{ |
Contributor
There was a problem hiding this comment.
P2: Update is explicitly unsupported, but schema attributes lack RequiresReplace plan modifiers, so any config change plans an in-place update that will fail at apply. Mark configurable attributes (or use ModifyPlan) to force replacement.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/internal/provider/pet_resource.go, line 49:
<comment>Update is explicitly unsupported, but schema attributes lack RequiresReplace plan modifiers, so any config change plans an in-place update that will fail at apply. Mark configurable attributes (or use ModifyPlan) to force replacement.</comment>
<file context>
@@ -0,0 +1,164 @@
+ Optional: true,
+ Description: "",
+ },
+ "name": schema.StringAttribute{
+ Required: true,
+ Description: "",
</file context>
| Computed: true, | ||
| Description: "", | ||
| }, | ||
| "password": schema.StringAttribute{ |
Contributor
There was a problem hiding this comment.
P2: Password attribute is computed but not marked Sensitive, so Terraform will expose it in plan/apply output. Mark it Sensitive to prevent credential leakage.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/internal/provider/user_data_source.go, line 54:
<comment>Password attribute is computed but not marked Sensitive, so Terraform will expose it in plan/apply output. Mark it Sensitive to prevent credential leakage.</comment>
<file context>
@@ -0,0 +1,111 @@
+ Computed: true,
+ Description: "",
+ },
+ "password": schema.StringAttribute{
+ Computed: true,
+ Description: "",
</file context>
| Computed: true, | ||
| Description: "", | ||
| }, | ||
| "username": schema.StringAttribute{ |
Contributor
There was a problem hiding this comment.
P2: username is computed-only but used as the lookup key in Read, so users cannot set it and the data source will call /user/ with an empty username. Make username a required (or at least optional) input attribute.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/internal/provider/user_data_source.go, line 38:
<comment>`username` is computed-only but used as the lookup key in Read, so users cannot set it and the data source will call `/user/` with an empty username. Make `username` a required (or at least optional) input attribute.</comment>
<file context>
@@ -0,0 +1,111 @@
+ Computed: true,
+ Description: "",
+ },
+ "username": schema.StringAttribute{
+ Computed: true,
+ Description: "",
</file context>
| @@ -0,0 +1,7 @@ | |||
| data "petstore_user" "example" { | |||
Contributor
There was a problem hiding this comment.
P2: Example directory name does not match the data source type name (petstore_user), which breaks terraform-plugin-docs conventions for example discovery.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/examples/data-sources/user/data-source.tf, line 1:
<comment>Example directory name does not match the data source type name (`petstore_user`), which breaks terraform-plugin-docs conventions for example discovery.</comment>
<file context>
@@ -0,0 +1,7 @@
+data "petstore_user" "example" {
+ username = "johndoe"
+}
</file context>
| Description: "Manages a user resource.", | ||
| Attributes: map[string]schema.Attribute{ | ||
| "id": schema.Int64Attribute{ | ||
| Optional: true, |
Contributor
There was a problem hiding this comment.
P2: username is used as the resource identifier in CRUD and import but is marked Optional, allowing configurations without a username and resulting in empty/invalid API paths. Make it Required.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/internal/provider/user_resource.go, line 41:
<comment>`username` is used as the resource identifier in CRUD and import but is marked Optional, allowing configurations without a username and resulting in empty/invalid API paths. Make it Required.</comment>
<file context>
@@ -0,0 +1,193 @@
+ Description: "Manages a user resource.",
+ Attributes: map[string]schema.Attribute{
+ "id": schema.Int64Attribute{
+ Optional: true,
+ Description: "",
+ },
</file context>
| Optional: true, | ||
| Description: "", | ||
| }, | ||
| "password": schema.StringAttribute{ |
Contributor
There was a problem hiding this comment.
P2: The password attribute is not marked Sensitive in the schema, so its value can be displayed in Terraform plan/apply output. Mark password fields as sensitive to prevent accidental exposure.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/internal/provider/user_resource.go, line 60:
<comment>The password attribute is not marked Sensitive in the schema, so its value can be displayed in Terraform plan/apply output. Mark password fields as sensitive to prevent accidental exposure.</comment>
<file context>
@@ -0,0 +1,193 @@
+ Optional: true,
+ Description: "",
+ },
+ "password": schema.StringAttribute{
+ Optional: true,
+ Description: "",
</file context>
Contributor
There was a problem hiding this comment.
8 issues found across 107 files (changes from recent commits).
Note: This PR contains a large number of files. cubic only reviews up to 75 files per PR, so some files may not have been reviewed.
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="samples/client/petstore/terraform-server/README.md">
<violation number="1" location="samples/client/petstore/terraform-server/README.md:8">
P2: README states Go >= 1.21, but the module’s go.mod requires Go 1.22. This mismatch can mislead users about the required toolchain version.</violation>
</file>
<file name="samples/client/others/terraform/oneof-discriminator-lookup/internal/provider/provider.go">
<violation number="1" location="samples/client/others/terraform/oneof-discriminator-lookup/internal/provider/provider.go:84">
P2: Unknown endpoint values are treated as empty and overwritten with localhost, which can misconfigure the provider during plan when the endpoint is computed.</violation>
</file>
<file name="samples/client/others/terraform/oneof-discriminator-lookup/internal/client/model_object.go">
<violation number="1" location="samples/client/others/terraform/oneof-discriminator-lookup/internal/client/model_object.go:7">
P2: Object struct fields lack json tags, so JSON encoding will use Go field names ("Field1"/"Type") instead of the lower-case keys used by other generated models, likely breaking API serialization.</violation>
</file>
<file name="samples/client/others/terraform/allof-discriminator/README.md">
<violation number="1" location="samples/client/others/terraform/allof-discriminator/README.md:8">
P3: Go version requirement in README is outdated relative to go.mod (1.22).</violation>
</file>
<file name="samples/client/petstore/terraform-addpet/internal/provider/pet_resource.go">
<violation number="1" location="samples/client/petstore/terraform-addpet/internal/provider/pet_resource.go:117">
P2: Read/Update/Delete are required lifecycle operations for a Terraform resource; returning errors unconditionally makes refresh, import, update, and destroy fail, so the resource cannot be managed after creation.</violation>
</file>
<file name="samples/client/petstore/terraform-addpet/.gitignore">
<violation number="1" location="samples/client/petstore/terraform-addpet/.gitignore:11">
P2: The generated .gitignore only ignores terraform.tfvars, leaving named .tfvars files (e.g., prod.tfvars, secrets.tfvars) unignored. Terraform documentation and common templates recommend ignoring *.tfvars to avoid committing sensitive values, so this omission creates a security risk in generated projects.</violation>
</file>
<file name="samples/client/others/terraform/oneof-discriminator-lookup/README.md">
<violation number="1" location="samples/client/others/terraform/oneof-discriminator-lookup/README.md:8">
P2: README states Go >= 1.21, but the provider’s go.mod requires Go 1.22, so the documented minimum version is incorrect and can mislead users.</violation>
<violation number="2" location="samples/client/others/terraform/oneof-discriminator-lookup/README.md:26">
P2: README local usage is incomplete: it builds a local provider with `go install` but configures `required_providers` to fetch from the public registry, which Terraform will do unless `dev_overrides` or a filesystem mirror is configured. This makes local builds fail at `terraform init`.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
samples/client/others/terraform/oneof-discriminator-lookup/internal/provider/provider.go
Outdated
Show resolved
Hide resolved
samples/client/others/terraform/oneof-discriminator-lookup/internal/client/model_object.go
Outdated
Show resolved
Hide resolved
samples/client/petstore/terraform-addpet/internal/provider/pet_resource.go
Outdated
Show resolved
Hide resolved
samples/client/others/terraform/oneof-discriminator-lookup/README.md
Outdated
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment.
1 issue found across 7 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="modules/openapi-generator/src/main/resources/terraform-provider/provider.mustache">
<violation number="1" location="modules/openapi-generator/src/main/resources/terraform-provider/provider.mustache:90">
P2: Explicit empty endpoint values no longer fall back to the base path. An explicitly configured empty string will now be used as the client endpoint, which can lead to invalid client initialization. Restore the empty-string fallback to preserve prior behavior.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
|
|
||
| endpoint := "{{{basePath}}}" | ||
| if !config.Endpoint.IsNull() && !config.Endpoint.IsUnknown() { | ||
| endpoint = config.Endpoint.ValueString() |
Contributor
There was a problem hiding this comment.
P2: Explicit empty endpoint values no longer fall back to the base path. An explicitly configured empty string will now be used as the client endpoint, which can lead to invalid client initialization. Restore the empty-string fallback to preserve prior behavior.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At modules/openapi-generator/src/main/resources/terraform-provider/provider.mustache, line 90:
<comment>Explicit empty endpoint values no longer fall back to the base path. An explicitly configured empty string will now be used as the client endpoint, which can lead to invalid client initialization. Restore the empty-string fallback to preserve prior behavior.</comment>
<file context>
@@ -78,9 +78,16 @@ func (p *{{providerName}}Provider) Configure(ctx context.Context, req provider.C
+
+ endpoint := "{{{basePath}}}"
+ if !config.Endpoint.IsNull() && !config.Endpoint.IsUnknown() {
+ endpoint = config.Endpoint.ValueString()
}
</file context>
Suggested change
| endpoint = config.Endpoint.ValueString() | |
| endpoint = config.Endpoint.ValueString() | |
| if endpoint == "" { | |
| endpoint = "{{{basePath}}}" | |
| } |
Contributor
There was a problem hiding this comment.
6 issues found across 34 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="samples/client/others/terraform/oneof-anyof-required/go.mod">
<violation number="1" location="samples/client/others/terraform/oneof-anyof-required/go.mod:3">
P2: The sample README still documents Go >= 1.22, but go.mod now requires Go 1.24.0. This inconsistency can mislead users and break builds for environments following the documented minimum; align the go.mod version (and toolchain) or update the README accordingly.</violation>
</file>
<file name=".github/workflows/samples-terraform.yaml">
<violation number="1" location=".github/workflows/samples-terraform.yaml:46">
P2: Removing TF_ACC disables Terraform acceptance tests (`resource.Test`), so the CI test step will skip these tests and pass without running them.</violation>
</file>
<file name="samples/client/others/terraform/allof-discriminator/go.mod">
<violation number="1" location="samples/client/others/terraform/allof-discriminator/go.mod:3">
P2: The sample README states Go >= 1.22, but go.mod now requires Go 1.24.0, so users following the documented requirement will fail to build. Align the go.mod version with the documented minimum (or update the documentation).</violation>
</file>
<file name="samples/client/petstore/terraform-server/go.mod">
<violation number="1" location="samples/client/petstore/terraform-server/go.mod:3">
P2: go.mod now requires Go 1.24.0, but the sample README still documents Go >= 1.22. This mismatch can mislead users setting up the sample and should be aligned.</violation>
</file>
<file name="samples/client/petstore/terraform/go.mod">
<violation number="1" location="samples/client/petstore/terraform/go.mod:3">
P2: The go.mod now requires Go 1.24.0, but the sample README still documents Go >= 1.22. This mismatch will cause users following the docs to fail building with Go 1.22/1.23; update either the go.mod version or the README requirement so they match.</violation>
</file>
<file name="samples/client/petstore/terraform-addpet/internal/provider/pet_resource.go">
<violation number="1" location="samples/client/petstore/terraform-addpet/internal/provider/pet_resource.go:121">
P2: Update silently writes the plan into state without any API call. For a resource backed by a remote API, this causes permanent state drift because Terraform records the change even though the remote pet was never updated. If updates are unsupported, return an error or force replacement instead of mutating state.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| @@ -0,0 +1,11 @@ | |||
| module github.com/example/terraform-provider-oneof-anyof | |||
|
|
|||
| go 1.24.0 | |||
Contributor
There was a problem hiding this comment.
P2: The sample README still documents Go >= 1.22, but go.mod now requires Go 1.24.0. This inconsistency can mislead users and break builds for environments following the documented minimum; align the go.mod version (and toolchain) or update the README accordingly.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/others/terraform/oneof-anyof-required/go.mod, line 3:
<comment>The sample README still documents Go >= 1.22, but go.mod now requires Go 1.24.0. This inconsistency can mislead users and break builds for environments following the documented minimum; align the go.mod version (and toolchain) or update the README accordingly.</comment>
<file context>
@@ -1,6 +1,6 @@
module github.com/example/terraform-provider-oneof-anyof
-go 1.22
+go 1.24.0
toolchain go1.24.4
</file context>
| run: go build -v ./... | ||
| - name: Run tests | ||
| working-directory: ${{ matrix.sample }} | ||
| run: go test ./... -v -timeout 120m |
Contributor
There was a problem hiding this comment.
P2: Removing TF_ACC disables Terraform acceptance tests (resource.Test), so the CI test step will skip these tests and pass without running them.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/samples-terraform.yaml, line 46:
<comment>Removing TF_ACC disables Terraform acceptance tests (`resource.Test`), so the CI test step will skip these tests and pass without running them.</comment>
<file context>
@@ -41,6 +41,6 @@ jobs:
+ - name: Run tests
working-directory: ${{ matrix.sample }}
- run: TF_ACC=1 go test ./... -v -timeout 120m
+ run: go test ./... -v -timeout 120m
</file context>
Suggested change
| run: go test ./... -v -timeout 120m | |
| run: TF_ACC=1 go test ./... -v -timeout 120m |
| @@ -0,0 +1,11 @@ | |||
| module github.com/example/terraform-provider-allof | |||
|
|
|||
| go 1.24.0 | |||
Contributor
There was a problem hiding this comment.
P2: The sample README states Go >= 1.22, but go.mod now requires Go 1.24.0, so users following the documented requirement will fail to build. Align the go.mod version with the documented minimum (or update the documentation).
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/others/terraform/allof-discriminator/go.mod, line 3:
<comment>The sample README states Go >= 1.22, but go.mod now requires Go 1.24.0, so users following the documented requirement will fail to build. Align the go.mod version with the documented minimum (or update the documentation).</comment>
<file context>
@@ -1,6 +1,6 @@
module github.com/example/terraform-provider-allof
-go 1.22
+go 1.24.0
toolchain go1.24.4
</file context>
| @@ -0,0 +1,11 @@ | |||
| module github.com/example/terraform-provider-petstore-server | |||
|
|
|||
| go 1.24.0 | |||
Contributor
There was a problem hiding this comment.
P2: go.mod now requires Go 1.24.0, but the sample README still documents Go >= 1.22. This mismatch can mislead users setting up the sample and should be aligned.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform-server/go.mod, line 3:
<comment>go.mod now requires Go 1.24.0, but the sample README still documents Go >= 1.22. This mismatch can mislead users setting up the sample and should be aligned.</comment>
<file context>
@@ -1,6 +1,6 @@
module github.com/example/terraform-provider-petstore-server
-go 1.22
+go 1.24.0
toolchain go1.24.4
</file context>
| @@ -0,0 +1,11 @@ | |||
| module github.com/example/terraform-provider-petstore | |||
|
|
|||
| go 1.24.0 | |||
Contributor
There was a problem hiding this comment.
P2: The go.mod now requires Go 1.24.0, but the sample README still documents Go >= 1.22. This mismatch will cause users following the docs to fail building with Go 1.22/1.23; update either the go.mod version or the README requirement so they match.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform/go.mod, line 3:
<comment>The go.mod now requires Go 1.24.0, but the sample README still documents Go >= 1.22. This mismatch will cause users following the docs to fail building with Go 1.22/1.23; update either the go.mod version or the README requirement so they match.</comment>
<file context>
@@ -1,6 +1,6 @@
module github.com/example/terraform-provider-petstore
-go 1.22
+go 1.24.0
toolchain go1.24.4
</file context>
| } | ||
|
|
||
| func (r *PetResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { | ||
| // No update endpoint available; persist the planned values into state. |
Contributor
There was a problem hiding this comment.
P2: Update silently writes the plan into state without any API call. For a resource backed by a remote API, this causes permanent state drift because Terraform records the change even though the remote pet was never updated. If updates are unsupported, return an error or force replacement instead of mutating state.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/terraform-addpet/internal/provider/pet_resource.go, line 121:
<comment>Update silently writes the plan into state without any API call. For a resource backed by a remote API, this causes permanent state drift because Terraform records the change even though the remote pet was never updated. If updates are unsupported, return an error or force replacement instead of mutating state.</comment>
<file context>
@@ -114,15 +114,21 @@ func (r *PetResource) Create(ctx context.Context, req resource.CreateRequest, re
func (r *PetResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
- resp.Diagnostics.AddError("Not Supported", "Update is not supported for pet")
+ // No update endpoint available; persist the planned values into state.
+ var plan PetModel
+ resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
</file context>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New client generator for Terraform Provider. Fixes #15889
PR checklist
Commit all changed files.
This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
These must match the expectations made by your contribution.
You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example
./bin/generate-samples.sh bin/configs/java*.IMPORTANT: Do NOT purge/delete any folders/files (e.g. tests) when regenerating the samples as manually written tests may be removed.
master(upcoming7.x.0minor release - breaking changes with fallbacks),8.0.x(breaking changes without fallbacks)"fixes #123"present in the PR description)Summary by cubic
Adds an experimental Terraform provider generator that turns an OpenAPI spec into a HashiCorp Plugin Framework provider, plus docs, samples, and a CI workflow that builds sample providers. Fixes #15889.
New Features
Migration
Written for commit f570e8b. Summary will update on new commits.