fix(engines): ensure infra created if referenced in depends_on

[tjholm]

No description provided.

[coderabbitai]

Walkthrough

The Terraform engine now uses a two-phase process: first resolving dependencies for resources and infra, then resolving tokens. resolveDependencies was updated to explicitly resolve infra references in depends_on via td.resolveInfraResource and return errors on failure; module IDs are taken from the resolved infra resource’s node ID. In deployment, resolveInfraResource now calls td.createVariablesForIntent before constructing the TerraformHclModule. The main orchestration in terraform.go reflects the dependency-first, token-second flow for both resources and infra. No exported/public signatures were changed.

Pre-merge checks

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description Check	❓ Inconclusive	The pull request has no description provided, so there is nothing to verify against the changeset. Because the description is absent I cannot determine whether the author documented intent, scope, or risk, making this check inconclusive. The code diffs and title suggest the intended change but the missing description prevents a definite pass.	Please add a short PR description (one paragraph) summarizing what changed and why — for example note that infra referenced by depends_on are now explicitly resolved and will error if unresolved, and that the flow moved to a dependency-first, two-phase resolution. Also list any deployment impacts or testing done. This will help reviewers quickly assess intent and risks.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title concisely and accurately summarizes the primary change: ensuring infra referenced by depends_on is created. It is specific, focused, and avoids noise like file lists or vague terms. A reviewer scanning PR history will understand the main intent from the title alone.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f64ed82 and 5d85cd0.

📒 Files selected for processing (3)

• engines/terraform/deployment.go (1 hunks)
• engines/terraform/resolve.go (1 hunks)
• engines/terraform/terraform.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• engines/terraform/deployment.go
• engines/terraform/resolve.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Build (windows-latest, amd64)
• GitHub Check: Build (macos-latest, arm64)
• GitHub Check: Security Scan
• GitHub Check: Test

🔇 Additional comments (4)

engines/terraform/terraform.go (4)

154-166: Two-phase dependency resolution implemented correctly.

The implementation follows Terraform best practices where "most of the time, Terraform infers dependencies between resources based on the configuration given, so that resources are created and destroyed in the correct order. Occasionally, however, Terraform cannot infer dependencies between different parts of your infrastructure, and you will need to create an explicit dependency" by separating dependency resolution from token resolution.

---

168-179: Dependency resolution for infra resources looks solid.

The code correctly handles infra dependency resolution in the first phase, matching the pattern established for resource dependencies.

---

181-192: Token resolution phase properly separated.

Good separation of concerns - tokens are resolved after all dependencies are established, ensuring infra resources referenced in depends_on are available.

---

194-204: No change needed — resolveTokensForModule correctly resolves tokens for infra and resources

Function is implemented as
func (td *TerraformDeployment) resolveTokensForModule(intentName string, resource *ResourceBlueprint, module cdktf.TerraformHclModule)
in engines/terraform/resolve.go and uses resolveValue(...) + module.Set(...); the calls in terraform.go match this signature.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

engines/terraform/resolve.go (1)

36-45: Prevent panic on malformed infra tokens

Accessing specRef.Path[1] without length check can panic. Validate path length first.

Apply this diff:

-		if specRef.Source == "infra" {
-			refName := specRef.Path[0]
-			propertyName := specRef.Path[1]
+		if specRef.Source == "infra" {
+			if len(specRef.Path) < 2 {
+				return nil, fmt.Errorf("invalid infra token: expected infra.<resource>.<property>, got %q", v)
+			}
+			refName := specRef.Path[0]
+			propertyName := specRef.Path[1]

🧹 Nitpick comments (1)

engines/terraform/resolve.go (1)

104-124: Deduplicate depends_on, validate token shape, and guard Node().Id()

Avoid duplicate deps, provide clearer errors, and prevent potential nil deref on Id.

Apply this diff:

-	dependsOnResources := []*string{}
-	for _, dependsOn := range resource.DependsOn {
-		specRef, err := SpecReferenceFromToken(dependsOn)
-		if err != nil {
-			return err
-		}
-
-		if specRef.Source != "infra" {
-			return fmt.Errorf("depends_on can only reference infra resources")
-		}
-
-		// Ensure the infra resource is created if it doesn't exist
-		infraResource, err := td.resolveInfraResource(specRef.Path[0])
-		if err != nil {
-			return fmt.Errorf("failed to resolve infra resource %s: %w", specRef.Path[0], err)
-		}
-
-		moduleId := fmt.Sprintf("module.%s", *infraResource.Node().Id())
-		dependsOnResources = append(dependsOnResources, jsii.String(moduleId))
-	}
-	module.SetDependsOn(&dependsOnResources)
+	visited := make(map[string]struct{}, len(resource.DependsOn))
+	dependsOnResources := make([]*string, 0, len(resource.DependsOn))
+	for _, dependsOn := range resource.DependsOn {
+		specRef, err := SpecReferenceFromToken(dependsOn)
+		if err != nil {
+			return fmt.Errorf("invalid depends_on token %q: %w", dependsOn, err)
+		}
+
+		if specRef.Source != "infra" {
+			return fmt.Errorf("depends_on can only reference infra resources: %q", dependsOn)
+		}
+		if len(specRef.Path) != 1 {
+			return fmt.Errorf("depends_on must reference only an infra resource name (e.g. ${infra.myres}), got: %q", dependsOn)
+		}
+
+		refName := specRef.Path[0]
+		if _, seen := visited[refName]; seen {
+			continue
+		}
+
+		// Ensure the infra resource is created if it doesn't exist
+		infraResource, err := td.resolveInfraResource(refName)
+		if err != nil {
+			return fmt.Errorf("failed to resolve infra resource %s: %w", refName, err)
+		}
+
+		id := infraResource.Node().Id()
+		if id == nil || *id == "" {
+			return fmt.Errorf("resolved infra resource %s has empty node id", refName)
+		}
+		moduleId := fmt.Sprintf("module.%s", *id)
+		dependsOnResources = append(dependsOnResources, jsii.String(moduleId))
+		visited[refName] = struct{}{}
+	}
+	module.SetDependsOn(&dependsOnResources)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7504992 and 3fb3fe9.

📒 Files selected for processing (1)

• engines/terraform/resolve.go (1 hunks)

🔇 Additional comments (1)

engines/terraform/resolve.go (1)

115-119: Nice: proactively resolving infra in depends_on

This aligns behavior with intent and surfaces misconfigurations early. Looks good.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3fb3fe9 and f8472ca.

📒 Files selected for processing (2)

• engines/terraform/deployment.go (3 hunks)
• engines/terraform/resolve.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• engines/terraform/resolve.go

🧰 Additional context used

🧬 Code graph analysis (1)

engines/terraform/deployment.go (1)

engines/terraform/platform.go (1)

• IdentitiesBlueprint (227-229)

🔇 Additional comments (2)

engines/terraform/deployment.go (2)

73-74: Good addition; confirm error/idempotency behavior of createVariablesForIntent

Calling createVariablesForIntent before module creation makes sense. Please confirm it’s idempotent and cannot fail silently. If it can error, propagate it.

---

133-134: No-op formatting change

Nothing to do.

[nitric-bot]

🎉 This PR is included in version 0.1.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀