Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|||||||||
WalkthroughUpdates toolchain versions, adds tool version pinning configuration, and upgrades dependencies. Go version updated from 1.24.0 to 1.25.0, OpenFGA Docker image bumped from 1.8.4 to 1.13.0, and multiple Go dependencies advanced to newer versions. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Updates the module’s Go toolchain/version and bumps a set of Go dependencies (Terraform SDK/framework, OpenFGA SDK/protos, and various indirect libs), plus adds a mise tool pinning file to standardize local dev tool versions.
Changes:
- Bump Go version/toolchain in
go.modand update direct/indirect module versions. - Refresh
go.sumwith checksums for the newly resolved module versions. - Add
.mise.tomlto pin Go/Terraform versions for local development.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| go.mod | Updates Go/toolchain versions and bumps required module versions (HashiCorp, OpenFGA, gRPC/protobuf, etc.). |
| go.sum | Adds checksum entries for newly selected module versions after dependency updates. |
| .mise.toml | Introduces pinned Go/Terraform tool versions for contributors using mise. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| module github.com/openfga/terraform-provider-openfga | ||
|
|
||
| go 1.24.0 | ||
| go 1.25.0 |
There was a problem hiding this comment.
go 1.25.0 combined with toolchain go1.26.1 means CI/dev runs will effectively execute Go 1.26.1 (and may auto-download that toolchain) even though the module language version is declared as 1.25. This is inconsistent with the prior pattern of keeping go and toolchain on the same minor version, and can add an implicit network dependency in CI (setup-go installs from go.mod). Consider aligning go and toolchain to the same Go minor (or dropping toolchain if not needed) so builds are deterministic and the declared Go version matches the compiler actually used.
| go 1.25.0 | |
| go 1.26.1 |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@go.mod`:
- Line 11: The provider is missing the required GenerateResourceConfig RPC
implementation and uses outdated testing/SDK versions introduced as breaking
changes in terraform-plugin-go v0.31.0; add a GenerateResourceConfig handler to
your ResourceServer implementations for both tfprotov5 and tfprotov6 (implement
the method name GenerateResourceConfig on the server type used for resources,
delegating to your existing plan/apply/read logic or returning the appropriate
diagnostics and config proto), and update go.mod to bump
github.com/hashicorp/terraform-plugin-testing to >= v1.15.0 and
github.com/hashicorp/terraform-plugin-sdk/v2 to >= v2.40.0, then run go mod tidy
and rebuild to ensure the new RPC and dependency versions resolve compile
errors.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: b080ed8c-5b00-4d48-938a-f887b607ee5a
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (3)
.github/workflows/test.yml.mise.tomlgo.mod
| github.com/hashicorp/terraform-plugin-framework-jsontypes v0.2.0 | ||
| github.com/hashicorp/terraform-plugin-framework-validators v0.19.0 | ||
| github.com/hashicorp/terraform-plugin-go v0.29.0 | ||
| github.com/hashicorp/terraform-plugin-go v0.31.0 |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What are the breaking changes between terraform-plugin-go v0.29.0 and v0.31.0?
💡 Result:
The breaking changes between terraform-plugin-go v0.29.0 and v0.31.0 are as follows: In v0.31.0 (released March 10, 2026): BREAKING CHANGES: - tfprotov5+tfprotov6: The GenerateResourceConfig RPC call is now required in ResourceServer. (#607) NOTES: - all: To prevent compilation errors, ensure your Go module is updated to at least terraform-plugin-framework@v1.19.0, terraform-plugin-mux@v0.23.0, terraform-plugin-sdk/v2@v2.40.0, and terraform-plugin-testing@v1.15.0 before upgrading this dependency. (#607) - This Go module has been updated to Go 1.25 per the Go support policy. No explicit breaking changes were listed for v0.30.0 (released February 24, 2026). It mentions notes about experimental state store protocol definitions and an upcoming requirement for StateStoreServer in ProviderServer. The primary breaking change in this range is the requirement to implement GenerateResourceConfig in ResourceServer for both tfprotov5 and tfprotov6.
Citations:
- 1: https://github.com/hashicorp/terraform-plugin-go/releases
- 2: https://github.com/hashicorp/terraform-plugin-go
🏁 Script executed:
# Read the go.mod file to check all dependency versions
cat go.modRepository: openfga/terraform-provider-openfga
Length of output: 3994
🏁 Script executed:
# Search for GenerateResourceConfig implementation
rg "GenerateResourceConfig" --type goRepository: openfga/terraform-provider-openfga
Length of output: 60
🏁 Script executed:
# Search for ResourceServer implementation
rg "ResourceServer" --type goRepository: openfga/terraform-provider-openfga
Length of output: 60
🏁 Script executed:
# Check if terraform-plugin-mux is listed as indirect dependency
rg "terraform-plugin-mux" go.modRepository: openfga/terraform-provider-openfga
Length of output: 60
Address critical compatibility issues with terraform-plugin-go v0.31.0.
The upgrade to v0.31.0 introduced a breaking change: GenerateResourceConfig RPC is now required in ResourceServer for both tfprotov5 and tfprotov6. This implementation is missing from the provider and must be added before this version can be used.
Additionally, the following required dependencies are below minimum compatible versions:
terraform-plugin-testingis v1.13.3 but needs v1.15.0 or laterterraform-plugin-sdk/v2is v2.37.0 but needs v2.40.0 or later
The provider will not compile or function correctly without addressing these issues.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@go.mod` at line 11, The provider is missing the required
GenerateResourceConfig RPC implementation and uses outdated testing/SDK versions
introduced as breaking changes in terraform-plugin-go v0.31.0; add a
GenerateResourceConfig handler to your ResourceServer implementations for both
tfprotov5 and tfprotov6 (implement the method name GenerateResourceConfig on the
server type used for resources, delegating to your existing plan/apply/read
logic or returning the appropriate diagnostics and config proto), and update
go.mod to bump github.com/hashicorp/terraform-plugin-testing to >= v1.15.0 and
github.com/hashicorp/terraform-plugin-sdk/v2 to >= v2.40.0, then run go mod tidy
and rebuild to ensure the new RPC and dependency versions resolve compile
errors.
Description
What problem is being solved?
How is it being solved?
What changes are made to solve it?
References
Review Checklist
mainSummary by CodeRabbit