Backport of core: Defer on transitive dependencies for data resources with conditions into v1.2 #31034
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #31028 to be assessed for backporting due to the inclusion of the label 1.2-backport.
The below text is copied from the body of the original PR.
@apparentlymart subsequently replaced the branch the bot generated both because he dislikes how the bot creates useless commit messages and because this backport also needs to include #30971 in order to give suitable feedback.
When a data resource is used for the purposes of verifying a condition about an object managed elsewhere (e.g. if the managed resource doesn't directly export all of the information required for the condition) it's important that we defer the data resource read to the apply step if the corresponding managed resource has any changes pending.
Typically we'd expect that to come "for free" but unfortunately we have a pragmatic special case in our handling of data resources where we normally defer to the apply step only if a direct dependency of the data resource has a change pending, and allow a plan-time read if there's a pending change in an indirect dependency. This allowed us to preserve some compatibility with the questionable historical behavior of always reading data resources proactively unless the configuration contains unknown values, since the arguably-more-correct behavior would've been a regression for anyone who had been depending on that before.
Since preconditions and postconditions didn't exist until now, we are not constrained in the same way by backward compatibility, and so we can adopt the more correct behavior in the case where a data resource has conditions specified. This does unfortunately make the handling of data resources with conditions subtly inconsistent with those that don't, but this is a better situation than the alternative where it would be easy to get into a trapped situation where the remote system is invalid and it's impossible to plan the change that would make it valid again because the conditions evaluate too soon, prior to the fix being applied.