Provider Actions

1---2name: provider-actions3description: Implement Terraform Provider actions using the Plugin Framework. Use when developing imperative operations that execute at lifecycle events (before/after create, update, destroy).4metadata:5  copyright: Copyright IBM Corp. 20266  version: "0.0.1"7---8 9# Terraform Provider Actions Implementation Guide10 11## Overview12 13Terraform Actions enable imperative operations during the Terraform lifecycle. Actions are experimental features that allow performing provider operations at specific lifecycle events (before/after create, update, destroy).14 15**References:**16- [Terraform Plugin Framework](https://developer.hashicorp.com/terraform/plugin/framework)17- [Terraform Actions RFC](https://github.com/hashicorp/terraform/blob/main/docs/plugin-protocol/actions.md)18 19## File Structure20 21Actions follow the standard service package structure:22 23```24internal/service/<service>/25├── <action_name>_action.go       # Action implementation26├── <action_name>_action_test.go  # Action tests27└── service_package_gen.go        # Auto-generated service registration28```29 30Documentation structure:31```32website/docs/actions/33└── <service>_<action_name>.html.markdown  # User-facing documentation34```35 36Changelog entry:37```38.changelog/39└── <pr_number_or_description>.txt  # Release note entry40```41 42## Action Schema Definition43 44Actions use the Terraform Plugin Framework with a standard schema pattern:45 46```go47func (a *actionType) Schema(ctx context.Context, req action.SchemaRequest, resp *action.SchemaResponse) {48    resp.Schema = schema.Schema{49        Attributes: map[string]schema.Attribute{50            // Required configuration parameters51            "resource_id": schema.StringAttribute{52                Required:    true,53                Description: "ID of the resource to operate on",54            },55            // Optional parameters with defaults56            "timeout": schema.Int64Attribute{57                Optional:    true,58                Description: "Operation timeout in seconds",59                Default:     int64default.StaticInt64(1800),60                Computed:    true,61            },62        },63    }64}65```66 67### Common Schema Issues68 69**Pay special attention to the schema definition** - common issues after a first draft:70 711. **Type Mismatches**72   - Using `types.String` instead of `fwtypes.String` in model structs73   - Using `types.StringType` instead of `fwtypes.StringType` in schema74   - Mixing framework types with plugin-framework types75 762. **List/Map Element Types**77   ```go78   // WRONG - missing ElementType79   "items": schema.ListAttribute{80       Optional: true,81   }82 83   // CORRECT84   "items": schema.ListAttribute{85       Optional:    true,86       ElementType: fwtypes.StringType,87   }88   ```89 903. **Computed vs Optional**91   - Attributes with defaults must be both `Optional: true` and `Computed: true`92   - Don't mark action inputs as `Computed` unless they have defaults93 944. **Validator Imports**95   ```go96   // Ensure proper imports97   "github.com/hashicorp/terraform-plugin-framework-validators/int64validator"98   "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"99   ```100 1015. **Region/Provider Attribute**102   - Use framework-provided region handling when available103   - Don't manually define provider-specific config in schema if framework handles it104 1056. **Nested Attributes**106   - Use appropriate nested object types for complex structures107   - Ensure nested types are properly defined108 109### Schema Validation Checklist110 111Before submitting, verify:112- [ ] All attributes have descriptions113- [ ] List/Map attributes have ElementType defined114- [ ] Validators are imported and applied correctly115- [ ] Model struct uses correct framework types116- [ ] Optional attributes with defaults are marked Computed117- [ ] Code compiles without type errors118- [ ] Run `go build` to catch type mismatches119 120## Action Invoke Method121 122The Invoke method contains the action logic:123 124```go125func (a *actionType) Invoke(ctx context.Context, req action.InvokeRequest, resp *action.InvokeResponse) {126    var data actionModel127    resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)128 129    // Create provider client130    conn := a.Meta().Client(ctx)131 132    // Progress updates for long-running operations133    resp.Progress.Set(ctx, "Starting operation...")134 135    // Implement action logic with error handling136    // Use context for timeout management137    // Poll for completion if async operation138 139    resp.Progress.Set(ctx, "Operation completed")140}141```142 143## Key Implementation Requirements144 145### 1. Progress Reporting146 147- Use `resp.SendProgress(action.InvokeProgressEvent{...})` for real-time updates148- Provide meaningful progress messages during long operations149- Update progress at key milestones150- Include elapsed time for long operations151 152### 2. Timeout Management153 154- Always include configurable timeout parameter (default: 1800s)155- Use `context.WithTimeout()` for API calls156- Handle timeout errors gracefully157- Validate timeout ranges (typically 60-7200 seconds)158 159### 3. Error Handling160 161- Add diagnostics with `resp.Diagnostics.AddError()`162- Provide clear error messages with context163- Include API error details when relevant164- Map provider error types to user-friendly messages165- Document all possible error cases166 167Example error handling:168```go169// Handle specific errors170var notFound *types.ResourceNotFoundException171if errors.As(err, &notFound) {172    resp.Diagnostics.AddError(173        "Resource Not Found",174        fmt.Sprintf("Resource %s was not found", resourceID),175    )176    return177}178 179// Generic error handling180resp.Diagnostics.AddError(181    "Operation Failed",182    fmt.Sprintf("Could not complete operation for %s: %s", resourceID, err),183)184```185 186### 4. Provider SDK Integration187 188- Use provider SDK clients from `a.Meta().<Service>Client(ctx)`189- Handle pagination for list operations190- Implement retry logic for transient failures191- Use appropriate error types192 193### 5. Parameter Validation194 195- Use framework validators for input validation196- Validate resource existence before operations197- Check for conflicting parameters198- Validate against provider naming requirements199 200### 6. Polling and Waiting201 202For operations that require waiting for completion:203 204```go205result, err := wait.WaitForStatus(ctx,206    func(ctx context.Context) (wait.FetchResult[*ResourceType], error) {207        // Fetch current status208        resource, err := findResource(ctx, conn, id)209        if err != nil {210            return wait.FetchResult[*ResourceType]{}, err211        }212        return wait.FetchResult[*ResourceType]{213            Status: wait.Status(resource.Status),214            Value:  resource,215        }, nil216    },217    wait.Options[*ResourceType]{218        Timeout:            timeout,219        Interval:           wait.FixedInterval(5 * time.Second),220        SuccessStates:      []wait.Status{"AVAILABLE", "COMPLETED"},221        TransitionalStates: []wait.Status{"CREATING", "PENDING"},222        ProgressInterval:   30 * time.Second,223        ProgressSink: func(fr wait.FetchResult[any], meta wait.ProgressMeta) {224            resp.SendProgress(action.InvokeProgressEvent{225                Message: fmt.Sprintf("Status: %s, Elapsed: %v", fr.Status, meta.Elapsed.Round(time.Second)),226            })227        },228    },229)230```231 232## Common Action Patterns233 234### Batch Operations235- Process items in configurable batches236- Report progress per batch237- Handle partial failures gracefully238- Support prefix/filter parameters239 240### Command Execution241- Submit command and get operation ID242- Poll for completion status243- Retrieve and report output244- Handle timeout during polling245- Validate resources exist before execution246 247### Service Invocation248- Invoke service with parameters249- Wait for completion (if synchronous)250- Return output/results251- Handle service-specific errors252 253### Resource State Changes254- Validate current state255- Apply state change256- Poll for target state257- Handle transitional states258 259### Async Job Submission260- Submit job with configuration261- Get job ID262- Optionally wait for completion263- Report job status264 265## Action Triggers266 267Actions are invoked via `action_trigger` lifecycle blocks in Terraform configurations:268 269```hcl270action "provider_service_action" "name" {271  config {272    parameter = value273  }274}275 276resource "terraform_data" "trigger" {277  lifecycle {278    action_trigger {279      events  = [after_create]280      actions = [action.provider_service_action.name]281    }282  }283}284```285 286### Available Trigger Events287 288**Terraform 1.14.0 Supported Events:**289- `before_create` - Before resource creation290- `after_create` - After resource creation291- `before_update` - Before resource update292- `after_update` - After resource update293 294**Not Supported in Terraform 1.14.0:**295- `before_destroy` - Not available (will cause validation error)296- `after_destroy` - Not available (will cause validation error)297 298## Testing Actions299 300### Acceptance Tests301 302- Test action invocation with valid parameters303- Test timeout scenarios304- Test error conditions305- Verify provider state changes306- Test progress reporting307- Test with custom parameters308- Test trigger-based invocation309 310### Test Pattern311 312```go313func TestAccServiceAction_basic(t *testing.T) {314    ctx := acctest.Context(t)315 316    resource.ParallelTest(t, resource.TestCase{317        PreCheck:                 func() { acctest.PreCheck(ctx, t) },318        ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,319        TerraformVersionChecks: []tfversion.TerraformVersionCheck{320            tfversion.SkipBelow(tfversion.Version1_14_0),321        },322        Steps: []resource.TestStep{323            {324                Config: testAccActionConfig_basic(),325                Check: resource.ComposeTestCheckFunc(326                    testAccCheckResourceExists(ctx, "provider_resource.test"),327                ),328            },329        },330    })331}332```333 334### Test Cleanup with Sweep Functions335 336Add sweep functions to clean up test resources:337 338```go339func sweepResources(region string) error {340    ctx := context.Background()341    client := /* get client for region */342 343    input := &service.ListInput{344        // Filter for test resources345    }346 347    var sweeperErrs *multierror.Error348 349    pages := service.NewListPaginator(client, input)350    for pages.HasMorePages() {351        page, err := pages.NextPage(ctx)352        if err != nil {353            sweeperErrs = multierror.Append(sweeperErrs, err)354            continue355        }356 357        for _, item := range page.Items {358            id := item.Id359 360            // Skip non-test resources361            if !strings.HasPrefix(id, "tf-acc-test") {362                continue363            }364 365            _, err := client.Delete(ctx, &service.DeleteInput{366                Id: id,367            })368            if err != nil {369                sweeperErrs = multierror.Append(sweeperErrs, err)370            }371        }372    }373 374    return sweeperErrs.ErrorOrNil()375}376```377 378### Testing Best Practices379 380**Service-Specific Prerequisites**381- Always check for service-specific prerequisites that must be met before actions can succeed382- Document prerequisites in action documentation and test configurations383 384**Error Pattern Matching**385- Terraform wraps action errors with additional context386- Use flexible regex patterns: `regexache.MustCompile(\`(?s)Error Title.*key phrase\`)`387 388**Test Patterns Not Applicable to Actions**3891. Actions trigger on lifecycle events, not config reapplication3902. Before/After Destroy Tests: Not supported in Terraform 1.14.0391 392### Running Tests393 394Compile test to check for errors:395```bash396go test -c -o /dev/null ./internal/service/<service>397```398 399Run specific action tests:400```bash401TF_ACC=1 go test ./internal/service/<service> -run TestAccServiceAction_ -v402```403 404Run sweep to clean up test resources:405```bash406TF_ACC=1 go test ./internal/service/<service> -sweep=<region> -v407```408 409## Documentation Standards410 411Each action documentation file must include:412 4131. **Front Matter**414   ```yaml415   ---416   subcategory: "Service Name"417   layout: "provider"418   page_title: "Provider: provider_service_action"419   description: |-420     Brief description of what the action does.421   ---422   ```423 4242. **Header with Warnings**425   - Beta/Alpha notice about experimental status426   - Warning about potential unintended consequences427   - Link to provider documentation428 4293. **Example Usage**430   - Basic usage example431   - Advanced usage with all options432   - Trigger-based example with `terraform_data`433   - Real-world use case examples434 4354. **Argument Reference**436   - List all required and optional arguments437   - Include descriptions and defaults438   - Note any validation rules439 4405. **Documentation Linting**441   - Run `terrafmt fmt` before submission442   - Verify with `terrafmt diff`443 444## Changelog Entry Format445 446Create a changelog entry in `.changelog/` directory:447 448```449.changelog/<pr_number_or_description>.txt450```451 452Content format:453```release-note:new-action454action/provider_service_action: Brief description of the action455```456 457## Pre-Submission Checklist458 459Before submitting your action implementation:460 461- [ ] Code compiles: `go build -o /dev/null .`462- [ ] Tests compile: `go test -c -o /dev/null ./internal/service/<service>`463- [ ] Code formatted: `make fmt`464- [ ] Documentation formatted: `terrafmt fmt website/docs/actions/<action>.html.markdown`465- [ ] Changelog entry created466- [ ] Schema uses correct types467- [ ] All List/Map attributes have ElementType468- [ ] Progress updates implemented for long operations469- [ ] Error messages include context and resource identifiers470- [ ] Documentation includes multiple examples471- [ ] Documentation includes prerequisites and warnings472 473## References474 475- [Terraform Plugin Framework Documentation](https://developer.hashicorp.com/terraform/plugin/framework)476- [Terraform Provider Development](https://developer.hashicorp.com/terraform/plugin)477- [terraform-plugin-framework GitHub](https://github.com/hashicorp/terraform-plugin-framework)478- [terraform-plugin-testing](https://github.com/hashicorp/terraform-plugin-testing)