Provider performs connection validation during terraform plan, violating Terraform principles #98
Description
Problem
The ClickHouseDBOps provider violates core Terraform principles by attempting to establish live database connections during terraform plan operations. This causes authentication errors and prevents proper plan-only workflows.
Expected Behavior
terraform planshould be read-only and not attempt actual connections- Provider validation should be deferred until
terraform apply - Plan operations should work even when the target service isn't ready for connections
Actual Behavior
During terraform plan, the provider attempts to initialize a ClickHouse client connection:
Error: error initializing clickhouse client
with provider["registry.terraform.io/clickhouse/clickhousedbops"],
on cdk.tf.json line 48, in provider.clickhousedbops[0]:
48: }
code: 516, message: default: Authentication failed: password is incorrect,
or there is no user with such name.
This occurs even when:
- The ClickHouse service is being created in the same Terraform run
- Dependencies are properly configured with
depends_on - The plan should only show what would be created
Impact
- Prevents using the provider in infrastructure-as-code scenarios where services are created and configured in the same run
- Forces users to use workarounds like null_resource with local-exec
- Violates the fundamental Terraform principle of plan-time safety
Suggested Solution
Add provider configuration options to skip connection validation during plan time, similar to other well-designed providers:
provider "clickhousedbops" {
# ... connection config ...
skip_credentials_validation = true # Skip validation during plan
}Environment
- Provider version: 1.3.1
- Terraform: 1.13.2+
- CDKTF: Latest
- Target: ClickHouse Cloud service
Related
This is a common pattern violation - AWS provider and others provide skip validation options for exactly this use case.