Skip to content

Update backendbase to use empty strings from configuration, instead of looking for fallback or ENV values #37877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Update backendbase to use empty strings from configuration, instead of looking for fallback or ENV values #37877

wants to merge 4 commits into from
+63 −2

Conversation

@SarahFrench
Copy link
Member

@SarahFrench SarahFrench commented Nov 5, 2025
edited
Loading

Fixes #37846

In #37225 (a rebased version of #34990) the azure backend was updated to use the new backendbase package instead of the legacy SDK. This was the last backend migrated over.

Now, the structs representing remote-state backend implementations embed backendbase.Base (example in azure). If the remote-state backend doesn't implement methods like PrepareConfig then the implementation of that method in backendbase.Base is used instead.

In the case of the original issue reported about the Azure backend, the azure backend doesn't implement PrepareConfig itself and instead uses the implementation in backendbase.Base. In that method there is logic that didn't accurately mimic how the legacy SDK handled attributes that were explicitly set to an empty string in the configuration:

backend "foobar" {
   value = ""
}

Instead of using the empty string value like the legacy SDK, the new backendbase package looks for any fallback values defined for that attribute in backend's SDKLikeDefaults values; default values defined in the schema or names of environment variables to use. The PrepareConfig method returns data about how the backend should be configured, a combo of config, schema defaults, and ENV values, and then Terraform Core then uses that value to configure the backend.

This PR

  • Updates the backendbase package to detect non-null, string attributes that are set to "" and uses that value, reverting behaviour back to match the legacy SDK.
    • This means the data received by Terraform Core from PrepareConfig still includes the empty string, and that'll be used to configure the backend.
  • Adds a test that asserts neither fallback default values or ENVs are used when an attribute is set to an empty string.
  • Updates existing test.

Target Release

1.15.x

Rollback Plan

  • If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@SarahFrench
fix: Update backendbase to use empty strings from configuration, in…
594d24b 
…stead of ignoring them and looking for ENVs or fallback values. Add test coverage.
@SarahFrench
Add change file
91f0204
@SarahFrench
test: Update test to cover both default values and use of ENVs
efd2f4a 
Previously the test assumed if the default wasn't used then no ENV would be used either.
@SarahFrench
Copy link
Member Author

SarahFrench commented Nov 5, 2025
edited
Loading

FYI @hashicorp/terraform-azure :

The reported error is not specific to the Azure backend, but I explored adding a test that shows empty strings are used specifically in the azure backend. I've made a PR here (#37878) that contains a test but I don't expect to/want to merge it as there was a small change needed in the remote-state/azure Backend struct needed to enable the test.

@SarahFrench SarahFrench marked this pull request as ready for review November 5, 2025 13:32
@SarahFrench SarahFrench requested a review from a team as a code owner November 5, 2025 13:32
@SarahFrench SarahFrench marked this pull request as draft November 5, 2025 13:38
SarahFrench
SarahFrench commented Nov 5, 2025
View reviewed changes
internal/backend/backendbase/base_test.go
})
}

func TestBase_emptyStringsUsed(t *testing.T) {
Copy link
Member Author

@SarahFrench SarahFrench Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've realised this overlaps somewhat with TestSDKLikeApplyEnvDefaults, but maybe it's useful to have this as a more explicit regression test?

@SarahFrench SarahFrench marked this pull request as ready for review November 5, 2025 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Azurerm Backend Configuration Behaviour Change

1 participant

@SarahFrench