stacks: include plan and state providers when validating external providers (#35877)

liamcervante · DanielMSchmidt · web-flow · commit c7ef162721ca · 2024-10-22T11:23:34.000+02:00
Co-authored-by: Daniel Schmidt &lt;danielmschmidt92@gmail.com&gt;
diff --git a/internal/terraform/context_apply.go b/internal/terraform/context_apply.go
@@ -162,7 +162,7 @@ func (c *Context) ApplyAndEval(plan *plans.Plan, config *configs.Config, opts *A
 		return nil, nil, diags
 	}
 
-	moreDiags = checkExternalProviders(config, opts.ExternalProviders)
+	moreDiags = checkExternalProviders(config, plan, nil, opts.ExternalProviders)
 	diags = diags.Append(moreDiags)
 	if moreDiags.HasErrors() {
 		return nil, nil, diags
diff --git a/internal/terraform/context_plan.go b/internal/terraform/context_plan.go
@@ -197,7 +197,7 @@ func (c *Context) PlanAndEval(config *configs.Config, prevRunState *states.State
 		return nil, nil, diags
 	}
 
-	providerCfgDiags := checkExternalProviders(config, opts.ExternalProviders)
+	providerCfgDiags := checkExternalProviders(config, nil, prevRunState, opts.ExternalProviders)
 	diags = diags.Append(providerCfgDiags)
 	if providerCfgDiags.HasErrors() {
 		return nil, nil, diags
diff --git a/internal/terraform/context_plan2_test.go b/internal/terraform/context_plan2_test.go
@@ -4579,6 +4579,62 @@ resource "test_object" "a" {
 	}
 }
 
+func TestContext2Plan_externalProvidersWithState(t *testing.T) {
+	// In this test we're going to use an external provider for a resource
+	// that is already in the state. Terraform should allow this, even though
+	// the provider isn't defined in the configuration.
+
+	m := testModuleInline(t, map[string]string{
+		"main.tf": ``, // no resources
+	})
+
+	state := states.BuildState(func(state *states.SyncState) {
+		state.SetResourceInstanceCurrent(mustResourceInstanceAddr("foo.a"), &states.ResourceInstanceObjectSrc{
+			AttrsJSON: []byte(`{}`),
+			Status:    states.ObjectReady,
+		}, mustProviderConfig(`provider["hashicorp/foo"]`))
+	})
+
+	fooProvider := &testing_provider.MockProvider{
+		GetProviderSchemaResponse: &providers.GetProviderSchemaResponse{
+			ResourceTypes: map[string]providers.Schema{
+				"foo": {
+					Block: &configschema.Block{},
+				},
+			},
+		},
+		ConfigureProviderFn: func(providers.ConfigureProviderRequest) providers.ConfigureProviderResponse {
+			return providers.ConfigureProviderResponse{
+				Diagnostics: tfdiags.Diagnostics{
+					tfdiags.Sourceless(
+						tfdiags.Error,
+						"Pre-configured provider was reconfigured by the modules runtime",
+						"An externally-configured provider should not have its ConfigureProvider function called during planning.",
+					),
+				},
+			}
+		},
+	}
+
+	ctx, diags := NewContext(&ContextOpts{
+		PreloadedProviderSchemas: map[addrs.Provider]providers.GetProviderSchemaResponse{
+			addrs.MustParseProviderSourceString("hashicorp/foo"): *fooProvider.GetProviderSchemaResponse,
+		},
+	})
+	assertNoDiagnostics(t, diags)
+
+	fooProvider.ConfigureProviderCalled = true
+	_, diags = ctx.Plan(m, state, &PlanOpts{
+		Mode: plans.NormalMode,
+		ExternalProviders: map[addrs.RootProviderConfig]providers.Interface{
+			addrs.RootProviderConfig{
+				Provider: addrs.MustParseProviderSourceString("hashicorp/foo"),
+			}: fooProvider,
+		},
+	})
+	assertNoDiagnostics(t, diags)
+}
+
 func TestContext2Plan_externalProviders(t *testing.T) {
 	// This test exercises the option for callers to pass in their own
 	// already-configured provider instances, instead of the modules runtime
diff --git a/internal/terraform/providers.go b/internal/terraform/providers.go
@@ -8,7 +8,9 @@ import (
 
 	"github.com/hashicorp/terraform/internal/addrs"
 	"github.com/hashicorp/terraform/internal/configs"
+	"github.com/hashicorp/terraform/internal/plans"
 	"github.com/hashicorp/terraform/internal/providers"
+	"github.com/hashicorp/terraform/internal/states"
 	"github.com/hashicorp/terraform/internal/tfdiags"
 )
 
@@ -24,12 +26,22 @@ import (
 // here are somewhat vague to accommodate being used both to describe
 // an invalid component configuration and the problem of trying to plan and
 // apply a module that wasn't intended to be a root module.
-func checkExternalProviders(rootCfg *configs.Config, got map[addrs.RootProviderConfig]providers.Interface) tfdiags.Diagnostics {
+func checkExternalProviders(rootCfg *configs.Config, plan *plans.Plan, state *states.State, got map[addrs.RootProviderConfig]providers.Interface) tfdiags.Diagnostics {
 	var diags tfdiags.Diagnostics
 
-	allowedProviders := map[addrs.Provider]struct{}{}
+	allowedProviders := make(map[addrs.Provider]bool)
 	for _, addr := range rootCfg.ProviderTypes() {
-		allowedProviders[addr] = struct{}{}
+		allowedProviders[addr] = true
+	}
+	if state != nil {
+		for _, addr := range state.ProviderAddrs() {
+			allowedProviders[addr.Provider] = true
+		}
+	}
+	if plan != nil {
+		for _, addr := range plan.ProviderAddrs() {
+			allowedProviders[addr.Provider] = true
+		}
 	}
 	requiredConfigs := rootCfg.EffectiveRequiredProviderConfigs().Keys()
 
@@ -39,7 +51,7 @@ func checkExternalProviders(rootCfg *configs.Config, got map[addrs.RootProviderC
 	// we can't be precise because Terraform permits implicit default provider
 	// configurations.)
 	for cfgAddr := range got {
-		if _, allowed := allowedProviders[cfgAddr.Provider]; !allowed {
+		if !allowedProviders[cfgAddr.Provider] {
 			diags = diags.Append(tfdiags.Sourceless(
 				tfdiags.Error,
 				"Unexpected provider configuration",

Original file line number	Diff line number	Diff line change
`@@ -162,7 +162,7 @@ func (c Context) ApplyAndEval(plan plans.Plan, config configs.Config, opts A`
`162`	`162`	`return nil, nil, diags`
`163`	`163`	`}`
`164`	`164`
`165`		`- moreDiags = checkExternalProviders(config, opts.ExternalProviders)`
	`165`	`+ moreDiags = checkExternalProviders(config, plan, nil, opts.ExternalProviders)`
`166`	`166`	`diags = diags.Append(moreDiags)`
`167`	`167`	`if moreDiags.HasErrors() {`
`168`	`168`	`return nil, nil, diags`
Original file line number	Diff line number	Diff line change
`@@ -197,7 +197,7 @@ func (c Context) PlanAndEval(config configs.Config, prevRunState *states.State`
`197`	`197`	`return nil, nil, diags`
`198`	`198`	`}`
`199`	`199`
`200`		`- providerCfgDiags := checkExternalProviders(config, opts.ExternalProviders)`
	`200`	`+ providerCfgDiags := checkExternalProviders(config, nil, prevRunState, opts.ExternalProviders)`
`201`	`201`	`diags = diags.Append(providerCfgDiags)`
`202`	`202`	`if providerCfgDiags.HasErrors() {`
`203`	`203`	`return nil, nil, diags`