docs(friction): TF child-module required_providers gotcha (caught by live init)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
839fc632a1
commit
e83c777b44
1 changed files with 10 additions and 0 deletions
|
|
@ -21,6 +21,16 @@ earning its keep.
|
|||
|
||||
_(append new raw signals here; the next kaizen review consumes them)_
|
||||
|
||||
- `[gotcha]` **Terraform child modules need their own `required_providers` for
|
||||
non-hashicorp providers** (2026-06-14): `terraform init` for the `offsite` env failed —
|
||||
the `hetzner_vm` module used `hcloud_*` resources with no `required_providers` block, so
|
||||
TF inferred `hashicorp/hcloud` (nonexistent). The `proxmox_vm` module had the **identical
|
||||
latent bug**, never caught because Proxmox TF was never `init`ed. Both the terraform-MCP
|
||||
schema check and the final review subagent missed it; only `make tf-init/plan` on ubongo
|
||||
caught it. Reinforces the M1 signal that **live/real execution catches what static review
|
||||
can't** — now for Terraform. → always give a TF module its own `versions.tf` with
|
||||
`required_providers`; treat "reviewed but never run" as a structural blind spot.
|
||||
|
||||
- `[gotcha]` **`item.values` in a loop sends the dict's `.values()` METHOD, not the
|
||||
key** (2026-06-14): the `public_dns` role looped over records that have a `values:`
|
||||
key and used `{{ item.values }}` in the `gandi_livedns` task. Jinja attribute access
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue