feat: add validation for parent environment group in managed environments #961
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…es-error-on-powerplatform_managed_environment
…es-error-on-powerplatform_managed_environment
…-powerplatform_managed_environment' of https://github.com/microsoft/terraform-provider-power-platform into mawasile/931-enabling-environment-group-causes-error-on-powerplatform_managed_environment
Contributor
There was a problem hiding this comment.
Pull Request Overview
This pull request adds validation and handling for environments that belong to an Environment Group in the managed environment resource. When an environment is part of an Environment Group, managed environment settings cannot be applied, so the resource now detects this condition and issues a warning instead of attempting (and failing) to apply settings.
Key changes:
- Added ParentEnvironmentGroup validation checks in Read, Update, and Delete operations
- Enhanced string field validation for LimitSharingMode and SolutionCheckerMode to prevent processing empty/single-character values
- Added comprehensive test fixture with extended environment response including governance configuration
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
internal/services/managed_environment/resource_managed_environment.go |
Added ParentEnvironmentGroup checks and improved string field validation |
templates/resources/managed_environment.md.tmpl |
Added documentation template with Known Limitations section |
docs/resources/managed_environment.md |
Generated documentation with Environment Groups limitation |
internal/services/managed_environment/tests/resource/Validate_Create_And_Update/get_environment_create_response_extended_29.json |
New test fixture with comprehensive environment response |
.changes/unreleased/fixed-20251022-124634.yaml |
Changelog entry for the fix |
Comment on lines
+238
to
+242
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode) > 1 { | ||
| state.LimitSharingMode = types.StringValue(strings.ToUpper(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[:1]) + env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[1:]) | ||
| } | ||
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode) > 1 { | ||
| state.SolutionCheckerMode = types.StringValue(strings.ToUpper(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode[:1]) + env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode[1:]) |
There was a problem hiding this comment.
The length check > 1 allows single-character strings to pass through unchecked. If the API returns a single-character value, the slice operation [:1] and [1:] will cause a panic on the second part [1:] since there's no character at index 1. Consider changing the condition to >= 2 or len(...) > 0 with additional validation, or handle the single-character case explicitly.
Suggested change
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode) > 1 { | |
| state.LimitSharingMode = types.StringValue(strings.ToUpper(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[:1]) + env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[1:]) | |
| } | |
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode) > 1 { | |
| state.SolutionCheckerMode = types.StringValue(strings.ToUpper(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode[:1]) + env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode[1:]) | |
| limitSharingMode := env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode | |
| if len(limitSharingMode) > 0 { | |
| if len(limitSharingMode) == 1 { | |
| state.LimitSharingMode = types.StringValue(strings.ToUpper(limitSharingMode)) | |
| } else { | |
| state.LimitSharingMode = types.StringValue(strings.ToUpper(limitSharingMode[:1]) + limitSharingMode[1:]) | |
| } | |
| } | |
| solutionCheckerMode := env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode | |
| if len(solutionCheckerMode) > 0 { | |
| if len(solutionCheckerMode) == 1 { | |
| state.SolutionCheckerMode = types.StringValue(strings.ToUpper(solutionCheckerMode)) | |
| } else { | |
| state.SolutionCheckerMode = types.StringValue(strings.ToUpper(solutionCheckerMode[:1]) + solutionCheckerMode[1:]) | |
| } |
Comment on lines
+417
to
+420
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode) > 1 { | ||
| plan.LimitSharingMode = types.StringValue(strings.ToUpper(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[:1]) + env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[1:]) | ||
| } | ||
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode) > 1 { |
There was a problem hiding this comment.
Same issue as in the Read method: the length check > 1 allows single-character strings which will cause a slice bounds panic on [1:]. Consider changing to >= 2 or len(...) > 0 with proper handling of the single-character case.
Suggested change
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode) > 1 { | |
| plan.LimitSharingMode = types.StringValue(strings.ToUpper(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[:1]) + env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[1:]) | |
| } | |
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode) > 1 { | |
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode) > 0 { | |
| plan.LimitSharingMode = types.StringValue(strings.ToUpper(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[:1]) + env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.LimitSharingMode[1:]) | |
| } | |
| if len(env.Properties.GovernanceConfiguration.Settings.ExtendedSettings.SolutionCheckerMode) > 0 { |
| } | ||
|
|
||
| if env.Properties.ParentEnvironmentGroup != nil && env.Properties.ParentEnvironmentGroup.Id != "" { | ||
| resp.Diagnostics.AddWarning(fmt.Sprintf("Environment '%s' is included in Environment Group '%s'. The Manage Environment Settings will not be applied.", state.EnvironmentId.ValueString(), env.Properties.ParentEnvironmentGroup.Id), "") |
There was a problem hiding this comment.
The second parameter to AddWarning is an empty string. Consider providing a more detailed diagnostic message in this parameter to explain why this limitation exists or what actions the user should take, such as 'To manage this environment's settings, remove it from the Environment Group first.'
Suggested change
| resp.Diagnostics.AddWarning(fmt.Sprintf("Environment '%s' is included in Environment Group '%s'. The Manage Environment Settings will not be applied.", state.EnvironmentId.ValueString(), env.Properties.ParentEnvironmentGroup.Id), "") | |
| resp.Diagnostics.AddWarning( | |
| fmt.Sprintf("Environment '%s' is included in Environment Group '%s'. The Manage Environment Settings will not be applied.", state.EnvironmentId.ValueString(), env.Properties.ParentEnvironmentGroup.Id), | |
| "To manage this environment's settings, remove it from the Environment Group first. This limitation exists because settings cannot be applied to environments that are part of an Environment Group." | |
| ) |
| if err != nil { | ||
| resp.Diagnostics.AddError(fmt.Sprintf("Client error when reading environment %s", r.FullTypeName()), err.Error()) | ||
| if env.Properties.ParentEnvironmentGroup != nil && env.Properties.ParentEnvironmentGroup.Id != "" { | ||
| resp.Diagnostics.AddWarning(fmt.Sprintf("Environment '%s' is included in Environment Group '%s'. The Manage Environment Settings will not be applied.", plan.EnvironmentId.ValueString(), env.Properties.ParentEnvironmentGroup.Id), "") |
There was a problem hiding this comment.
The second parameter to AddWarning is an empty string. Provide a detailed diagnostic message explaining the limitation or recommended user actions.
Suggested change
| resp.Diagnostics.AddWarning(fmt.Sprintf("Environment '%s' is included in Environment Group '%s'. The Manage Environment Settings will not be applied.", plan.EnvironmentId.ValueString(), env.Properties.ParentEnvironmentGroup.Id), "") | |
| resp.Diagnostics.AddWarning( | |
| fmt.Sprintf("Environment '%s' is included in Environment Group '%s'. The Manage Environment Settings will not be applied.", plan.EnvironmentId.ValueString(), env.Properties.ParentEnvironmentGroup.Id), | |
| "Managed Environment settings cannot be applied to environments that are part of an Environment Group. " + | |
| "To manage settings for this environment, remove it from the group or apply settings at the group level if supported." | |
| ) |
| } | ||
|
|
||
| if env.Properties.ParentEnvironmentGroup != nil && env.Properties.ParentEnvironmentGroup.Id != "" { | ||
| resp.Diagnostics.AddWarning(fmt.Sprintf("Environment '%s' is included in Environment Group '%s'. The Manage Environment Settings will not be applied.", state.EnvironmentId.ValueString(), env.Properties.ParentEnvironmentGroup.Id), "") |
There was a problem hiding this comment.
The second parameter to AddWarning is an empty string. Provide a detailed diagnostic message explaining the limitation or recommended user actions.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request updates the managed environment resource logic to improve handling of environments that are part of an Environment Group and adds more robust checks for certain string settings. It also introduces a new test fixture for extended environment responses. The key changes are grouped below:
Governance and Environment Group Handling:
Read,Update, andDeletemethods ofresource_managed_environment.goto detect if an environment is part of an Environment Group (ParentEnvironmentGroup). If so, a warning is issued and the Manage Environment Settings are not applied, preventing unintended configuration changes. [1] [2] [3]String Setting Robustness:
LimitSharingModeandSolutionCheckerModeby only updating these fields if their string length is greater than 1, avoiding potential errors with empty or single-character values. This change is applied in both state population and update flows. [1] [2]Test Coverage:
get_environment_create_response_extended_29.jsonwith a comprehensive sample environment response, including extended governance settings and capacity details, to support validation of the new logic.