explicit provider block non-default only

[erbalaji]

we only need to pass the non-default provider(s) to a child module, while the default too is passed, current statement states all providers need to be passed explicitly which is bit confusing as there is no clarity on the default provider also being passed.

[hashicorp-cla]

All committers have signed the CLA.

[codecov]

Codecov Report

Merging #25317 into master will increase coverage by 0.00%.
The diff coverage is n/a.

Impacted Files	Coverage Δ
dag/walk.go	93.16% <0.00%> (+0.62%)	⬆️
dag/marshal.go	54.44% <0.00%> (+1.11%)	⬆️
terraform/node_resource_plan.go	93.44% <0.00%> (+1.63%)	⬆️
communicator/communicator.go	83.33% <0.00%> (+3.70%)	⬆️

[apparentlymart]

Hi @erbalaji! Thanks for working on this.

This paragraph is intending to say that if you set providers then it overrides the usual automatic inheritance of default providers into child modules. Considering the following configuration, for example:

provider "aws" {
  # ...
}

provider "aws" {
  alias = "example"

  # ...
}

module "example" {
  source = "./modules/example"
}

With the above, the example module automatically has access to the default (unaliased) aws provider from the root, so it can just declare AWS provider resources and not say anything about the provider configuration.

However, the situation changes if we explicitly pass the aliased configuration:

module "example" {
  source = "./modules/example"

  providers = {
    aws.other = aws.example
  }
}

This means that there would now be no default aws provider in module example, so any resource block using a resource type from the AWS provider would need to be explicitly bound to the non-default configuration "other":

# The child module must have a "proxy provider configuration" to declare
# that it is expecting to be passed an aliased configuration called "other".
provider "aws" {
  alias = "other"
}

resource "aws_instance" "example" {
  # All AWS provider resources must be bound to the "other" aliased
  # configuration, because there is no default configuration defined
  # in this module.
  provider = aws.other
}

If the module needs both a default and an aliased provider configuration then the call must specify both, and that is what the paragraph you updated here was intending to say:

module "example" {
  source = "./modules/example"

  providers = {
    aws       = aws
    aws.other = aws.example
  }
}

With the above, it's once again possible to have resources in the module that bind automatically to the default (unaliased) provider configuration, because the aws = aws entry states explicitly what would normally be implicit if the providers argument were not set at all.

I've written all this out here because your opening this PR tells me that the current documentation isn't clear about something, but the change you've proposed here doesn't seem to me to describe the intended behavior of Terraform and so I'd like to learn more about what situation you encountered that led you to see this statement as incorrect, and then we can see about either clarifying the documentation or possibly correcting a bug in Terraform, depending on what exactly you saw.

[laurapacilio]

Hi All - checking in on the status of this as it's about a year old now. Is it still relevant, or should we close it out?

Thank you!

[ravron]

@apparentlymart, thank you for the explanation. It matches up with the behavior I would expect given this quote from the documentation:

Once the providers argument is used in a module block, it overrides all of the default inheritance behavior, so it is necessary to enumerate mappings for all of the required providers.

The problem is, it doesn't seem to be true! I set up the following two files, mirroring your example:

main.tf

provider "aws" {
  region = "us-west-2"
}

provider "aws" {
  alias = "other"
  region = "us-east-2"
}

module "example" {
  source = "./example"

  providers = {
    aws.other = aws.other
  }
}

In this main.tf, we have two AWS providers: aws and aws.other. We pass only aws.other to the example module.

example/main.tf

terraform {
  required_providers {
    aws = {
      source                = "hashicorp/aws"
      configuration_aliases = [aws.other]
    }
  }
}

resource "aws_sns_topic" "default" {
  name = "example-default"
}

resource "aws_sns_topic" "other" {
  provider = aws.other
  name = "example-other"
}

In the example/main.tf file, we create two SNS topics: one using the default aws provider, and one using the aws.other AWS alias. Based on the quote from the documentation, I would expect that the first of the two SNS topics would fail in some way, since it is using a default provider that was not passed to the module. As you said:

This means that there would now be no default aws provider in module example, so any resource block using a resource type from the AWS provider would need to be explicitly bound to the non-default configuration "other"

But this works just fine, creating two topics in two different regions.

The upshot is that I believe the default inheritance behavior does continue to operate, even when the providers argument is used in a module block, contrary to the documentation I quoted. I think this is fundamentally the same issue as reported in #21923.

Of course, it's been a few years since this PR was opened, and things have changed (for example, "proxy provider configurations" are no longer used). I'm happy to open a new issue rather than revive this stale PR if that would be preferable.

[crw]

@ravron Can you please open a new PR? I am going to close this one due to it being fairly old, we can at least triage your new PR. Thanks!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.