Bug: terraform plan fails after provider upgrade with state upgrade and marshal errors #3
Description
Description
After upgrading the files provider to version 0.1.325, Terraform plans are failing due to two related issues stemming from a schema change in commit 7bbe9c4.
The core of the problem is that the provider's API is returning a value for a write-only attribute which is a violation of the Terraform provider contract. This is causing an Invalid resource state upgrade error. Additionally, a schema change has made pre-existing attributes that are in state files and now write-only unsupported, leading to a Failed JSON marshal plan error when reading the prior state.
Terraform and Provider Versions
Terraform Version: v1.6.5
Affected Provider: files
Provider Version: The issue occurs when upgrading to 0.1.325 with a constraint of ~> 0.1. The last known working version was 0.1.324.
Affected Resource(s): files_remote_server.direct_mail_s3
Reproduction Steps
Start with a configuration using a working version of the files provider (e.g., 0.1.324).
Run terraform init and terraform apply to create the resource.
Update the provider version constraint in versions.tf to ~> 0.1 and run terraform init -upgrade to automatically install the latest patch version.
Run terraform plan.
Terraform Configuration
Terraform
// versions.tf
terraform {
required_providers {
files = {
source = "Files-com/files"
version = "~> 0.1" // This will pull the version 0.1.325
}
}
}
// files-com.tf
resource "files_remote_server" "direct_mail_s3" {
name = "direct_mail_s3"
aws_access_key = "..."
aws_secret_key = var.aws_secret_key_from_aws_module
server_type = "s3"
}
Expected Behavior
The terraform plan should succeed without errors. The provider should not return the value for the aws_secret_key attribute, as it is write-only. The provider should also correctly handle the state upgrade to the new schema without throwing a marshaling error for old, unsupported attributes.
Actual Behavior
The terraform plan fails, and the log output shows two distinct errors:
╷
│ Error: Invalid resource state upgrade
│
│ While attempting to upgrade state of resource
│ module.files-com.files_remote_server.direct_mail_s3, the provider "files"
│ returned a value for the write-only attribute
│ "module.files-com.files_remote_server.direct_mail_s3.aws_secret_key".
│ Write-only attributes cannot be read back from the provider. This is a bug
│ in the provider, which should be reported in the provider's own issue
│ tracker.
╵
Failed generating plan JSON
Exit code: 1
Failed to marshal plan to json: error marshaling prior state: unsupported attribute "rackspace_api_key"
Operation failed: 2 errors occurred:
* failed running terraform plan (exit 1)
* failed generating plan JSON: failed running command (exit 1)
Current workaround plan
To avoid this bug, we have downgraded the provider. The last known working version is 0.1.324