Hi, I am trying to create a unit test for a resouce that has a read-only attribute in its configuration. The test errors due to the read-only attribute, and the suggested solution is to remove the configuration line setting the value. However, this is not possible as it would change the underlying behaviour of the resource. How do I handle read-only attributes in the terraform test framework?
Below is the resource that I am creating:
resource "dbtcloud_global_connection" "this" {
name = "snowflake-conn"
oauth_configuration_id = data.azurerm_key_vault_secret.oauth_configuration_id.value
snowflake = {
account = "XXXXXX"
database = var.snowflake_database
role = var.snowflake_role
warehouse = var.snowflake_warehouse
client_session_keep_alive = true
}
}
The test is:
mock_provider "dbtcloud" {}
mock_provider "azurerm" {
mock_data "azurerm_key_vault" {
defaults = {
id = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/my-rg/providers/Microsoft.KeyVault/vaults/key"
}
}
mock_data "azurerm_key_vault_secret" {
defaults = {
value = "123"
}
}
}
variables {
snowflake_account = "XXXXXX"
snowflake_database = "my-db"
snowflake_role = "my-role"
snowflake_warehouse = "my-wh"
}
run "valid_configuration_of_dbtcloud_global_connection" {
command = plan
assert {
condition = startswith(dbtcloud_global_connection.this.snowflake.account, "XXXXXX") == true
error_message = "The dbt cloud global connection must be connected to the right Snowflake account"
}
}
And it fails with the error
tests\main.tftest.hcl... in progress
run "valid_configuration_of_dbtcloud_global_connection"... fail
╷
│ Error: Invalid Configuration for Read-Only Attribute
│
│ with dbtcloud_global_connection.this,
│ on main.tf line 19, in resource "dbtcloud_global_connection" "this":
│ 19: oauth_configuration_id = data.azurerm_key_vault_secret.oauth_configuration_id.value
│
│ Cannot set value for this attribute as the provider has marked it as read-only. Remove the configuration
│ line setting the value.
│
│ Refer to the provider documentation or contact the provider developers for additional information about
│ configurable and read-only attributes that are supported.
╵
tests\main.tftest.hcl... tearing down
tests\main.tftest.hcl... fail
Failure! 0 passed, 1 failed.
If I remove the oauth_configuration_id
attribute, the resource is created with oauth_configuration_id: null
in the state, so oauth_configuration_id
is both an optional parameter and a read-only parameter associated with the resource. Is this a bug from the provider, or is it a valid configuration of a terraform resource? If its the former, I can create an issue with the dbtcloud provider, or else I would highly appreciate any help on this case.
Cheers!