Provider: Support module-scoped user-agents via provider_meta

[drewmullen]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request
• The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Description

This change enables the AWSCC provider to support the provider_meta block. Specifically, modules can use this block to append additional details to the user agent sent in all CRUD operations.

For example, the configuration for a module with a provider block already declared in the root might look like the following:

terraform {
  required_providers {
    awscc = {
      source  = "hashicorp/awscc"
      version = "~> 1.0"
    }
  }

  # custom provider_meta which will appear appended to user agent
  provider_meta "awscc" {
    user_agent = [
      {
        product_name    = "jb-demo"
        product_version = "0.0.1"
        comment         = "a demo module"
      },
    ]
  }
}

resource "awscc_iam_role" "module" {
  role_name = "jb-test-ua-module"

  assume_role_policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = ["sts:AssumeRole"]
        Effect = "Allow"
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      }
    ]
  })
}

All API calls invoked during CRUD operations will have a user agent string with the custom details from provider_meta appended at the end. This can be observed in debug level Terraform logs or in the CloudTrail event history in the AWS console.

http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.14.0-beta1 (+https://www.terraform.io) terraform-provider-awscc/dev (+https://registry.terraform.io/providers/hashicorp/awscc) aws-sdk-go-v2/1.39.0 ua/2.1 os/macos lang/go#1.24.6 md/GOOS#darwin md/GOARCH#arm64 api/cloudcontrol#1.28.4 m/n jb-demo/0.0.1 (a demo module)"

Relations

Closes #473
Relates #466

[drewmullen]

$ make build && cp $GOPATH/bin/terraform-provider-awscc ~/.terraform.d/plugins/providermeta/hashicorp/awscc/0.0.1/darwin_amd64/
go install
# github.com/hashicorp/terraform-provider-awscc
./main.go:11:32: cannot use provider.New (type func() tfsdk.ProviderWithProviderMeta) as type func() tfsdk.Provider in argument to tfsdk.Serve
make: *** [build] Error 2

[drewmullen]

Unable to figure out how to extract the hcl provider_meta set in test TestAccAWSEC2VPC_metadata. I believe there is something going on here:

https://github.com/hashicorp/terraform-plugin-framework/blob/5c07e076830a6e13f46b356c4a11439382760a85/internal/proto6server/serve.go#L1236-L1239

I'm pretty sure the function applyResourceChange should be able to see the ProviderMeta content from the req *tfprotov6.ApplyResourceChangeRequest but its not populating there, despite the schema getting there.

Once the data is there, i think we have the functionality in place to unpack and add to the new ctx key for user-agent additions

[jar-b]

Test results from the latest batch of commits.

% make testacc PKG_NAME=internal/aws/ec2 TESTARGS='-run=TestAccAWSEC2VPC_providerMeta'
TF_ACC=1 go test ./internal/aws/ec2 -v -count 1 -parallel 20 -run=TestAccAWSEC2VPC_providerMeta -timeout 180m

--- PASS: TestAccAWSEC2VPC_providerMeta (36.16s)
PASS
ok      github.com/hashicorp/terraform-provider-awscc/internal/aws/ec2  37.026s

% make testacc PKG_NAME=internal/aws/logs TESTARGS='-run=TestAccAWSLogsLogGroup_providerMeta'
TF_ACC=1 go test ./internal/aws/logs -v -count 1 -parallel 20 -run=TestAccAWSLogsLogGroup_providerMeta -timeout 180m
=== RUN   TestAccAWSLogsLogGroup_providerMetaWithModule
    log_group_resource_test.go:90: The ConfigDirectory field does not currently support copying modules to the working directory
--- SKIP: TestAccAWSLogsLogGroup_providerMetaWithModule (0.00s)
--- PASS: TestAccAWSLogsLogGroup_providerMeta (25.31s)
PASS
ok      github.com/hashicorp/terraform-provider-awscc/internal/aws/logs 26.313s

I've validated the behavior using modules locally. I was unable to replicate this in an acceptance test due to limitations on what is copied to the working directory when using ConfigDirectory (hashicorp/terraform-plugin-testing#277). I'll continue to investigate other potential avenues to test this, but don't consider it blocking at this time.