Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix broken scheduler pool config validation #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix broken scheduler pool config validation #10

wants to merge 1 commit into from

Conversation

TheVovchenskiy
Copy link

When configuring acl for scheduler pools with variables:

variable "acl_mrcat_full_access" {
  type = list(object({
    action      = string
    subjects    = list(string)
    permissions = list(string)
  }))
  default = [
    {
      action      = "allow"
      subjects    = ["mrcat"]
      permissions = ["read", "write", "remove", "mount", "administer"]
    },
  ]
}

resource "ytsaurus_scheduler_pool" "mrcat_pool" {
  name      = "mrcat_pool"
  pool_tree = "default"
  acl = var.acl_mrcat_full_access
  max_running_operation_count = 256
  max_operation_count         = 1024
  strong_guarantee_resources = {
    cpu    = 128
    memory = 256 * var.GBi
  }
}

or with output in other modules, after running tf plan following error occurs:

│ Error: Value Conversion Error
│ 
│   with ytsaurus_scheduler_pool.mrcat_pool,
│   on main.tf line 134, in resource "ytsaurus_scheduler_pool" "mrcat_pool":
│  134:   acl = var.acl_mrcat_full_access
│ 
│ An unexpected error was encountered trying to build a value. This is always an error in the provider. Please report the following to the provider developer:
│ 
│ Received unknown value, however the target type cannot handle unknown values. Use the corresponding `types` package type or a custom type that handles unknown values.
│ 
│ Path: acl
│ Target Type: acl.ACLModel
│ Suggested Type: basetypes.ListValue

This happens in schedulerPoolResourceConfigValidator when trying to map an incoming config into SchedulerPoolModel. Instead, only the max_running_operation_count and max_operation_count attributes can be retrieved from this config avoiding building acl value.

@savnadya savnadya requested a review from kmalov August 19, 2024 08:16
@kmalov
Copy link
Collaborator

kmalov commented Sep 5, 2024

When configuring acl for scheduler pools with variables:

variable "acl_mrcat_full_access" {
  type = list(object({
    action      = string
    subjects    = list(string)
    permissions = list(string)
  }))
  default = [
    {
      action      = "allow"
      subjects    = ["mrcat"]
      permissions = ["read", "write", "remove", "mount", "administer"]
    },
  ]
}

resource "ytsaurus_scheduler_pool" "mrcat_pool" {
  name      = "mrcat_pool"
  pool_tree = "default"
  acl = var.acl_mrcat_full_access
  max_running_operation_count = 256
  max_operation_count         = 1024
  strong_guarantee_resources = {
    cpu    = 128
    memory = 256 * var.GBi
  }
}

or with output in other modules, after running tf plan following error occurs:

│ Error: Value Conversion Error
│ 
│   with ytsaurus_scheduler_pool.mrcat_pool,
│   on main.tf line 134, in resource "ytsaurus_scheduler_pool" "mrcat_pool":
│  134:   acl = var.acl_mrcat_full_access
│ 
│ An unexpected error was encountered trying to build a value. This is always an error in the provider. Please report the following to the provider developer:
│ 
│ Received unknown value, however the target type cannot handle unknown values. Use the corresponding `types` package type or a custom type that handles unknown values.
│ 
│ Path: acl
│ Target Type: acl.ACLModel
│ Suggested Type: basetypes.ListValue

This happens in schedulerPoolResourceConfigValidator when trying to map an incoming config into SchedulerPoolModel. Instead, only the max_running_operation_count and max_operation_count attributes can be retrieved from this config avoiding building acl value.

I looked at the ValidateResource function more closely. Interestingly, terraform fills in variables somewhere later on the execution stack, so it turns out that at the time of execution of ValidateResource rec.Config.Get returns something half-assembled. Hence the mistake.

That is, indeed, when using variables, checking in this place loses its meaning. I'll rewrite this check more carefully. Until then, I suggest using locals instead of variables - there will be no problems with them.

locals {
  mrcat_name = "mrcat"
  MBi = 1024 * 1024
  GBi = 1024 * 1024 * 1024
}

locals {
  acl_mrcat_full_access = [{
    action = "allow"
    subjects = [local.mrcat_name]
    permissions = ["read", "write", "remove", "mount", "administer"]
  }]
}

resource "ytsaurus_scheduler_pool" "mrcat_pool" {
  name      = "mrcat_pool"
  pool_tree = "physical"
  acl = local.acl_mrcat_full_access
...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmalov kmalov Awaiting requested review from kmalov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TheVovchenskiy @kmalov