Support of deprecation warnings for parameters with unknown values in terraform validate

[patrickcping]

Terraform Version

Terraform v1.5.7
on darwin_amd64

Use Cases

Detect and alert programmatically on use of deprecated provider parameters in HCL code stored in Github/Gitlab using CI actions.

HCL code may drift over time as >= or ~> notation is used in the provider/module version constraints. The action would alert to the use of a deprecated provider parameter if a provider version is upgraded

Attempted Solutions

• terraform validate --json - Cannot be used as deprecated parameters in the configuration HCL with unknown values (values determined after terraform apply) are not returned as warnings. E.g., a value that comes from a data source, used as a reference to a deprecated parameter on a resource will not show as a warning here
• terraform plan - Same as above, unless previously applied.
• terraform apply - Warnings are aggregated and limited and there doesn't appear to be a way to extract them as a full list in JSON. Also, infrastructure shouldn't need to be provisioned to warn about the use of deprecated attributes in the HCL.

Note that because of the above, the warnings returned by terraform validate are a subset of warnings returned from terraform apply

Proposal

Without knowing details of the Terraform architecture, the ideal situation would be for terraform validate --json to return use of deprecated attributes declared in the HCL, even if the values are unknown

References

No response

[jbardin]

Hi @patrickcping,

Terraform core does not handle the validation of deprecated attributes, or any attributes, other than what's required for decoding the configuration; the validation is done entirely by the provider where specialized logic and deprecation messages are stored.

I believe this was considered in the past, but because many configurations could conditionally set values, which may end up being unset during the actual plan and apply process, the deprecation warnings were seen more of a nuisance than helpful. Now that the framework offers more control for provider behavior however, it may be something to reconsider. It's also possible which can be done when implementing the provider protocol more directly through terraform-plugin-go.

Thanks!

[jbardin]

Since this is not an issue which can be directly transferred to another project, I'm going to close it here. It should be filed under https://github.com/hashicorp/terraform-plugin-framework/issues for future provider developers.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.