2015-11-05 15:47:08 +01:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
2018-03-10 01:18:30 +01:00
|
|
|
"encoding/json"
|
2015-11-05 15:47:08 +01:00
|
|
|
"fmt"
|
|
|
|
"path/filepath"
|
2016-10-27 19:42:49 +02:00
|
|
|
"strings"
|
2016-02-08 23:04:24 +01:00
|
|
|
|
2018-06-22 21:59:50 +02:00
|
|
|
"github.com/zclconf/go-cty/cty"
|
|
|
|
|
terraform: ugly huge change to weave in new HCL2-oriented types
Due to how deeply the configuration types go into Terraform Core, there
isn't a great way to switch out to HCL2 gradually. As a consequence, this
huge commit gets us from the old state to a _compilable_ new state, but
does not yet attempt to fix any tests and has a number of known missing
parts and bugs. We will continue to iterate on this in forthcoming
commits, heading back towards passing tests and making Terraform
fully-functional again.
The three main goals here are:
- Use the configuration models from the "configs" package instead of the
older models in the "config" package, which is now deprecated and
preserved only to help us write our migration tool.
- Do expression inspection and evaluation using the functionality of the
new "lang" package, instead of the Interpolator type and related
functionality in the main "terraform" package.
- Represent addresses of various objects using types in the addrs package,
rather than hand-constructed strings. This is not critical to support
the above, but was a big help during the implementation of these other
points since it made it much more explicit what kind of address is
expected in each context.
Since our new packages are built to accommodate some future planned
features that are not yet implemented (e.g. the "for_each" argument on
resources, "count"/"for_each" on modules), and since there's still a fair
amount of functionality still using old-style APIs, there is a moderate
amount of shimming here to connect new assumptions with old, hopefully in
a way that makes it easier to find and eliminate these shims later.
I apologize in advance to the person who inevitably just found this huge
commit while spelunking through the commit history.
2018-04-30 19:33:53 +02:00
|
|
|
"github.com/hashicorp/terraform/terraform"
|
command: validate config as part of loading it
Previously we required callers to separately call .Validate on the root
module to determine if there were any value errors, but we did that
inconsistently and would thus see crashes in some cases where later code
would try to use invalid configuration as if it were valid.
Now we run .Validate automatically after config loading, returning the
resulting diagnostics. Since we return a diagnostics here, it's possible
to return both warnings and errors.
We return the loaded module even if it's invalid, so callers are free to
ignore returned errors and try to work with the config anyway, though they
will need to be defensive against invalid configuration themselves in
that case.
As a result of this, all of the commands that load configuration now need
to use diagnostic printing to signal errors. For the moment this just
allows us to return potentially-multiple config errors/warnings in full
fidelity, but also sets us up for later when more subsystems are able
to produce rich diagnostics so we can show them all together.
Finally, this commit also removes some stale, commented-out code for the
"legacy" (pre-0.8) graph implementation, which has not been available
for some time.
2017-12-07 01:41:48 +01:00
|
|
|
"github.com/hashicorp/terraform/tfdiags"
|
2015-11-05 15:47:08 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// ValidateCommand is a Command implementation that validates the terraform files
|
|
|
|
type ValidateCommand struct {
|
|
|
|
Meta
|
|
|
|
}
|
|
|
|
|
|
|
|
const defaultPath = "."
|
|
|
|
|
|
|
|
func (c *ValidateCommand) Run(args []string) int {
|
2017-08-28 21:01:11 +02:00
|
|
|
args, err := c.Meta.process(args, true)
|
2017-03-08 05:09:48 +01:00
|
|
|
if err != nil {
|
|
|
|
return 1
|
|
|
|
}
|
2015-11-05 15:47:08 +01:00
|
|
|
|
2018-03-10 01:18:30 +01:00
|
|
|
var jsonOutput bool
|
|
|
|
|
2017-07-05 18:32:29 +02:00
|
|
|
cmdFlags := c.Meta.flagSet("validate")
|
2018-03-10 01:18:30 +01:00
|
|
|
cmdFlags.BoolVar(&jsonOutput, "json", false, "produce JSON output")
|
2017-07-05 18:32:29 +02:00
|
|
|
cmdFlags.Usage = func() {
|
|
|
|
c.Ui.Error(c.Help())
|
|
|
|
}
|
2016-10-27 19:42:49 +02:00
|
|
|
if err := cmdFlags.Parse(args); err != nil {
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2018-03-10 01:18:30 +01:00
|
|
|
// After this point, we must only produce JSON output if JSON mode is
|
|
|
|
// enabled, so all errors should be accumulated into diags and we'll
|
|
|
|
// print out a suitable result at the end, depending on the format
|
|
|
|
// selection. All returns from this point on must be tail-calls into
|
|
|
|
// c.showResults in order to produce the expected output.
|
|
|
|
var diags tfdiags.Diagnostics
|
2017-07-05 18:32:29 +02:00
|
|
|
args = cmdFlags.Args()
|
|
|
|
|
|
|
|
var dirPath string
|
2015-11-05 15:47:08 +01:00
|
|
|
if len(args) == 1 {
|
|
|
|
dirPath = args[0]
|
|
|
|
} else {
|
|
|
|
dirPath = "."
|
|
|
|
}
|
|
|
|
dir, err := filepath.Abs(dirPath)
|
|
|
|
if err != nil {
|
2018-03-10 01:18:30 +01:00
|
|
|
diags = diags.Append(fmt.Errorf("unable to locate module: %s", err))
|
|
|
|
return c.showResults(diags, jsonOutput)
|
2015-11-05 15:47:08 +01:00
|
|
|
}
|
|
|
|
|
2017-10-21 00:42:51 +02:00
|
|
|
// Check for user-supplied plugin path
|
|
|
|
if c.pluginPath, err = c.loadPluginPath(); err != nil {
|
2018-03-10 01:18:30 +01:00
|
|
|
diags = diags.Append(fmt.Errorf("error loading plugin path: %s", err))
|
|
|
|
return c.showResults(diags, jsonOutput)
|
2017-10-21 00:42:51 +02:00
|
|
|
}
|
|
|
|
|
2018-03-10 01:18:30 +01:00
|
|
|
validateDiags := c.validate(dir)
|
|
|
|
diags = diags.Append(validateDiags)
|
2015-11-05 15:47:08 +01:00
|
|
|
|
2018-03-10 01:18:30 +01:00
|
|
|
return c.showResults(diags, jsonOutput)
|
2015-11-05 15:47:08 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *ValidateCommand) Synopsis() string {
|
|
|
|
return "Validates the Terraform files"
|
|
|
|
}
|
|
|
|
|
2016-10-27 19:42:49 +02:00
|
|
|
func (c *ValidateCommand) Help() string {
|
|
|
|
helpText := `
|
2017-07-05 18:32:29 +02:00
|
|
|
Usage: terraform validate [options] [dir]
|
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
Validate the configuration files in a directory, referring only to the
|
|
|
|
configuration and not accessing any remote services such as remote state,
|
|
|
|
provider APIs, etc.
|
2016-10-27 19:42:49 +02:00
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
Validate runs checks that verify whether a configuration is
|
|
|
|
internally-consistent, regardless of any provided variables or existing
|
|
|
|
state. It is thus primarily useful for general verification of reusable
|
|
|
|
modules, including correctness of attribute names and value types.
|
2016-10-27 19:42:49 +02:00
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
To verify configuration in the context of a particular run (a particular
|
|
|
|
target workspace, operation variables, etc), use the following command
|
|
|
|
instead:
|
|
|
|
terraform plan -validate-only
|
2016-10-27 19:42:49 +02:00
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
It is safe to run this command automatically, for example as a post-save
|
|
|
|
check in a text editor or as a test step for a re-usable module in a CI
|
|
|
|
system.
|
2016-10-27 19:42:49 +02:00
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
Validation requires an initialized working directory with any referenced
|
|
|
|
plugins and modules installed. To initialize a working directory for
|
|
|
|
validation without accessing any configured remote backend, use:
|
|
|
|
terraform init -backend=false
|
2016-10-27 19:42:49 +02:00
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
If dir is not specified, then the current directory will be used.
|
2017-07-05 18:32:29 +02:00
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
Options:
|
2017-07-05 18:32:29 +02:00
|
|
|
|
2018-03-10 01:18:30 +01:00
|
|
|
-json Produce output in a machine-readable JSON format, suitable for
|
|
|
|
use in e.g. text editor integrations.
|
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
-no-color If specified, output won't contain any color.
|
2016-10-27 19:42:49 +02:00
|
|
|
`
|
|
|
|
return strings.TrimSpace(helpText)
|
|
|
|
}
|
|
|
|
|
2018-03-10 01:18:30 +01:00
|
|
|
func (c *ValidateCommand) validate(dir string) tfdiags.Diagnostics {
|
command: validate config as part of loading it
Previously we required callers to separately call .Validate on the root
module to determine if there were any value errors, but we did that
inconsistently and would thus see crashes in some cases where later code
would try to use invalid configuration as if it were valid.
Now we run .Validate automatically after config loading, returning the
resulting diagnostics. Since we return a diagnostics here, it's possible
to return both warnings and errors.
We return the loaded module even if it's invalid, so callers are free to
ignore returned errors and try to work with the config anyway, though they
will need to be defensive against invalid configuration themselves in
that case.
As a result of this, all of the commands that load configuration now need
to use diagnostic printing to signal errors. For the moment this just
allows us to return potentially-multiple config errors/warnings in full
fidelity, but also sets us up for later when more subsystems are able
to produce rich diagnostics so we can show them all together.
Finally, this commit also removes some stale, commented-out code for the
"legacy" (pre-0.8) graph implementation, which has not been available
for some time.
2017-12-07 01:41:48 +01:00
|
|
|
var diags tfdiags.Diagnostics
|
|
|
|
|
terraform: ugly huge change to weave in new HCL2-oriented types
Due to how deeply the configuration types go into Terraform Core, there
isn't a great way to switch out to HCL2 gradually. As a consequence, this
huge commit gets us from the old state to a _compilable_ new state, but
does not yet attempt to fix any tests and has a number of known missing
parts and bugs. We will continue to iterate on this in forthcoming
commits, heading back towards passing tests and making Terraform
fully-functional again.
The three main goals here are:
- Use the configuration models from the "configs" package instead of the
older models in the "config" package, which is now deprecated and
preserved only to help us write our migration tool.
- Do expression inspection and evaluation using the functionality of the
new "lang" package, instead of the Interpolator type and related
functionality in the main "terraform" package.
- Represent addresses of various objects using types in the addrs package,
rather than hand-constructed strings. This is not critical to support
the above, but was a big help during the implementation of these other
points since it made it much more explicit what kind of address is
expected in each context.
Since our new packages are built to accommodate some future planned
features that are not yet implemented (e.g. the "for_each" argument on
resources, "count"/"for_each" on modules), and since there's still a fair
amount of functionality still using old-style APIs, there is a moderate
amount of shimming here to connect new assumptions with old, hopefully in
a way that makes it easier to find and eliminate these shims later.
I apologize in advance to the person who inevitably just found this huge
commit while spelunking through the commit history.
2018-04-30 19:33:53 +02:00
|
|
|
cfg, cfgDiags := c.loadConfig(dir)
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
diags = diags.Append(cfgDiags)
|
|
|
|
|
|
|
|
if diags.HasErrors() {
|
2018-03-10 01:18:30 +01:00
|
|
|
return diags
|
2015-11-05 15:47:08 +01:00
|
|
|
}
|
command: validate config as part of loading it
Previously we required callers to separately call .Validate on the root
module to determine if there were any value errors, but we did that
inconsistently and would thus see crashes in some cases where later code
would try to use invalid configuration as if it were valid.
Now we run .Validate automatically after config loading, returning the
resulting diagnostics. Since we return a diagnostics here, it's possible
to return both warnings and errors.
We return the loaded module even if it's invalid, so callers are free to
ignore returned errors and try to work with the config anyway, though they
will need to be defensive against invalid configuration themselves in
that case.
As a result of this, all of the commands that load configuration now need
to use diagnostic printing to signal errors. For the moment this just
allows us to return potentially-multiple config errors/warnings in full
fidelity, but also sets us up for later when more subsystems are able
to produce rich diagnostics so we can show them all together.
Finally, this commit also removes some stale, commented-out code for the
"legacy" (pre-0.8) graph implementation, which has not been available
for some time.
2017-12-07 01:41:48 +01:00
|
|
|
|
2018-06-22 21:59:50 +02:00
|
|
|
// "validate" is to check if the given module is valid regardless of
|
|
|
|
// input values, current state, etc. Therefore we populate all of the
|
|
|
|
// input values with unknown values of the expected type, allowing us
|
|
|
|
// to perform a type check without assuming any particular values.
|
|
|
|
varValues := make(terraform.InputValues)
|
|
|
|
for name, variable := range cfg.Module.Variables {
|
|
|
|
ty := variable.Type
|
|
|
|
if ty == cty.NilType {
|
|
|
|
// Can't predict the type at all, so we'll just mark it as
|
|
|
|
// cty.DynamicVal (unknown value of cty.DynamicPseudoType).
|
|
|
|
ty = cty.DynamicPseudoType
|
|
|
|
}
|
|
|
|
varValues[name] = &terraform.InputValue{
|
|
|
|
Value: cty.UnknownVal(ty),
|
|
|
|
SourceType: terraform.ValueFromCLIArg,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
opts := c.contextOpts()
|
terraform: ugly huge change to weave in new HCL2-oriented types
Due to how deeply the configuration types go into Terraform Core, there
isn't a great way to switch out to HCL2 gradually. As a consequence, this
huge commit gets us from the old state to a _compilable_ new state, but
does not yet attempt to fix any tests and has a number of known missing
parts and bugs. We will continue to iterate on this in forthcoming
commits, heading back towards passing tests and making Terraform
fully-functional again.
The three main goals here are:
- Use the configuration models from the "configs" package instead of the
older models in the "config" package, which is now deprecated and
preserved only to help us write our migration tool.
- Do expression inspection and evaluation using the functionality of the
new "lang" package, instead of the Interpolator type and related
functionality in the main "terraform" package.
- Represent addresses of various objects using types in the addrs package,
rather than hand-constructed strings. This is not critical to support
the above, but was a big help during the implementation of these other
points since it made it much more explicit what kind of address is
expected in each context.
Since our new packages are built to accommodate some future planned
features that are not yet implemented (e.g. the "for_each" argument on
resources, "count"/"for_each" on modules), and since there's still a fair
amount of functionality still using old-style APIs, there is a moderate
amount of shimming here to connect new assumptions with old, hopefully in
a way that makes it easier to find and eliminate these shims later.
I apologize in advance to the person who inevitably just found this huge
commit while spelunking through the commit history.
2018-04-30 19:33:53 +02:00
|
|
|
opts.Config = cfg
|
2018-06-22 21:59:50 +02:00
|
|
|
opts.Variables = varValues
|
command: beginnings of new config loader in "terraform validate"
As part of some light reorganization of our commands, this new
implementation no longer does validation of variables and will thus avoid
the need to spin up a fully-valid context. Instead, its focus is on
validating the configuration itself, regardless of any variables, state,
etc.
This change anticipates us later adding a -validate-only flag to
"terraform plan" which will then take over the related use-case of
checking if a particular execution of Terraform is valid, _including_ the
state, variables, etc.
Although leaving variables out of validate feels pretty arbitrary today
while all of the variable sources are local anyway, we have plans to
allow per-workspace variables to be stored in the backend in future and
at that point it will no longer be possible to fully validate variables
without accessing the backend. The "terraform plan" command explicitly
requires access to the backend, while "terraform validate" is now
explicitly for local-only validation of a single module.
In a future commit this will be extended to do basic type checking of
the configuration based on provider schemas, etc.
2018-03-01 02:14:05 +01:00
|
|
|
|
terraform: ugly huge change to weave in new HCL2-oriented types
Due to how deeply the configuration types go into Terraform Core, there
isn't a great way to switch out to HCL2 gradually. As a consequence, this
huge commit gets us from the old state to a _compilable_ new state, but
does not yet attempt to fix any tests and has a number of known missing
parts and bugs. We will continue to iterate on this in forthcoming
commits, heading back towards passing tests and making Terraform
fully-functional again.
The three main goals here are:
- Use the configuration models from the "configs" package instead of the
older models in the "config" package, which is now deprecated and
preserved only to help us write our migration tool.
- Do expression inspection and evaluation using the functionality of the
new "lang" package, instead of the Interpolator type and related
functionality in the main "terraform" package.
- Represent addresses of various objects using types in the addrs package,
rather than hand-constructed strings. This is not critical to support
the above, but was a big help during the implementation of these other
points since it made it much more explicit what kind of address is
expected in each context.
Since our new packages are built to accommodate some future planned
features that are not yet implemented (e.g. the "for_each" argument on
resources, "count"/"for_each" on modules), and since there's still a fair
amount of functionality still using old-style APIs, there is a moderate
amount of shimming here to connect new assumptions with old, hopefully in
a way that makes it easier to find and eliminate these shims later.
I apologize in advance to the person who inevitably just found this huge
commit while spelunking through the commit history.
2018-04-30 19:33:53 +02:00
|
|
|
tfCtx, ctxDiags := terraform.NewContext(opts)
|
|
|
|
diags = diags.Append(ctxDiags)
|
|
|
|
if ctxDiags.HasErrors() {
|
|
|
|
return diags
|
command: validate config as part of loading it
Previously we required callers to separately call .Validate on the root
module to determine if there were any value errors, but we did that
inconsistently and would thus see crashes in some cases where later code
would try to use invalid configuration as if it were valid.
Now we run .Validate automatically after config loading, returning the
resulting diagnostics. Since we return a diagnostics here, it's possible
to return both warnings and errors.
We return the loaded module even if it's invalid, so callers are free to
ignore returned errors and try to work with the config anyway, though they
will need to be defensive against invalid configuration themselves in
that case.
As a result of this, all of the commands that load configuration now need
to use diagnostic printing to signal errors. For the moment this just
allows us to return potentially-multiple config errors/warnings in full
fidelity, but also sets us up for later when more subsystems are able
to produce rich diagnostics so we can show them all together.
Finally, this commit also removes some stale, commented-out code for the
"legacy" (pre-0.8) graph implementation, which has not been available
for some time.
2017-12-07 01:41:48 +01:00
|
|
|
}
|
|
|
|
|
terraform: ugly huge change to weave in new HCL2-oriented types
Due to how deeply the configuration types go into Terraform Core, there
isn't a great way to switch out to HCL2 gradually. As a consequence, this
huge commit gets us from the old state to a _compilable_ new state, but
does not yet attempt to fix any tests and has a number of known missing
parts and bugs. We will continue to iterate on this in forthcoming
commits, heading back towards passing tests and making Terraform
fully-functional again.
The three main goals here are:
- Use the configuration models from the "configs" package instead of the
older models in the "config" package, which is now deprecated and
preserved only to help us write our migration tool.
- Do expression inspection and evaluation using the functionality of the
new "lang" package, instead of the Interpolator type and related
functionality in the main "terraform" package.
- Represent addresses of various objects using types in the addrs package,
rather than hand-constructed strings. This is not critical to support
the above, but was a big help during the implementation of these other
points since it made it much more explicit what kind of address is
expected in each context.
Since our new packages are built to accommodate some future planned
features that are not yet implemented (e.g. the "for_each" argument on
resources, "count"/"for_each" on modules), and since there's still a fair
amount of functionality still using old-style APIs, there is a moderate
amount of shimming here to connect new assumptions with old, hopefully in
a way that makes it easier to find and eliminate these shims later.
I apologize in advance to the person who inevitably just found this huge
commit while spelunking through the commit history.
2018-04-30 19:33:53 +02:00
|
|
|
validateDiags := tfCtx.Validate()
|
|
|
|
diags = diags.Append(validateDiags)
|
2018-03-10 01:18:30 +01:00
|
|
|
return diags
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *ValidateCommand) showResults(diags tfdiags.Diagnostics, jsonOutput bool) int {
|
|
|
|
switch {
|
|
|
|
case jsonOutput:
|
|
|
|
// FIXME: Eventually we'll probably want to factor this out somewhere
|
|
|
|
// to support machine-readable outputs for other commands too, but for
|
|
|
|
// now it's simplest to do this inline here.
|
|
|
|
type Pos struct {
|
|
|
|
Line int `json:"line"`
|
|
|
|
Column int `json:"column"`
|
|
|
|
Byte int `json:"byte"`
|
|
|
|
}
|
|
|
|
type Range struct {
|
|
|
|
Filename string `json:"filename"`
|
|
|
|
Start Pos `json:"start"`
|
|
|
|
End Pos `json:"end"`
|
|
|
|
}
|
|
|
|
type Diagnostic struct {
|
|
|
|
Severity string `json:"severity,omitempty"`
|
|
|
|
Summary string `json:"summary,omitempty"`
|
|
|
|
Detail string `json:"detail,omitempty"`
|
|
|
|
Range *Range `json:"range,omitempty"`
|
|
|
|
}
|
|
|
|
type Output struct {
|
|
|
|
// We include some summary information that is actually redundant
|
|
|
|
// with the detailed diagnostics, but avoids the need for callers
|
|
|
|
// to re-implement our logic for deciding these.
|
|
|
|
Valid bool `json:"valid"`
|
|
|
|
ErrorCount int `json:"error_count"`
|
|
|
|
WarningCount int `json:"warning_count"`
|
|
|
|
Diagnostics []Diagnostic `json:"diagnostics"`
|
|
|
|
}
|
|
|
|
|
|
|
|
var output Output
|
|
|
|
output.Valid = true // until proven otherwise
|
|
|
|
for _, diag := range diags {
|
|
|
|
var jsonDiag Diagnostic
|
|
|
|
switch diag.Severity() {
|
|
|
|
case tfdiags.Error:
|
|
|
|
jsonDiag.Severity = "error"
|
|
|
|
output.ErrorCount++
|
|
|
|
output.Valid = false
|
|
|
|
case tfdiags.Warning:
|
|
|
|
jsonDiag.Severity = "warning"
|
|
|
|
output.WarningCount++
|
|
|
|
}
|
|
|
|
|
|
|
|
desc := diag.Description()
|
|
|
|
jsonDiag.Summary = desc.Summary
|
|
|
|
jsonDiag.Detail = desc.Detail
|
|
|
|
|
|
|
|
ranges := diag.Source()
|
|
|
|
if ranges.Subject != nil {
|
|
|
|
subj := ranges.Subject
|
|
|
|
jsonDiag.Range = &Range{
|
|
|
|
Filename: subj.Filename,
|
|
|
|
Start: Pos{
|
|
|
|
Line: subj.Start.Line,
|
|
|
|
Column: subj.Start.Column,
|
|
|
|
Byte: subj.Start.Byte,
|
|
|
|
},
|
|
|
|
End: Pos{
|
|
|
|
Line: subj.End.Line,
|
|
|
|
Column: subj.End.Column,
|
|
|
|
Byte: subj.End.Byte,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
output.Diagnostics = append(output.Diagnostics, jsonDiag)
|
|
|
|
}
|
2018-05-01 22:18:10 +02:00
|
|
|
if output.Diagnostics == nil {
|
|
|
|
// Make sure this always appears as an array in our output, since
|
|
|
|
// this is easier to consume for dynamically-typed languages.
|
|
|
|
output.Diagnostics = []Diagnostic{}
|
|
|
|
}
|
2018-03-10 01:18:30 +01:00
|
|
|
|
|
|
|
j, err := json.MarshalIndent(&output, "", " ")
|
|
|
|
if err != nil {
|
|
|
|
// Should never happen because we fully-control the input here
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
c.Ui.Output(string(j))
|
|
|
|
|
|
|
|
default:
|
|
|
|
if len(diags) == 0 {
|
|
|
|
c.Ui.Output(c.Colorize().Color("[green][bold]Success![reset] The configuration is valid.\n"))
|
|
|
|
} else {
|
|
|
|
c.showDiagnostics(diags)
|
|
|
|
|
|
|
|
if !diags.HasErrors() {
|
|
|
|
c.Ui.Output(c.Colorize().Color("[green][bold]Success![reset] The configuration is valid, but there were some validation warnings as shown above.\n"))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
command: validate config as part of loading it
Previously we required callers to separately call .Validate on the root
module to determine if there were any value errors, but we did that
inconsistently and would thus see crashes in some cases where later code
would try to use invalid configuration as if it were valid.
Now we run .Validate automatically after config loading, returning the
resulting diagnostics. Since we return a diagnostics here, it's possible
to return both warnings and errors.
We return the loaded module even if it's invalid, so callers are free to
ignore returned errors and try to work with the config anyway, though they
will need to be defensive against invalid configuration themselves in
that case.
As a result of this, all of the commands that load configuration now need
to use diagnostic printing to signal errors. For the moment this just
allows us to return potentially-multiple config errors/warnings in full
fidelity, but also sets us up for later when more subsystems are able
to produce rich diagnostics so we can show them all together.
Finally, this commit also removes some stale, commented-out code for the
"legacy" (pre-0.8) graph implementation, which has not been available
for some time.
2017-12-07 01:41:48 +01:00
|
|
|
if diags.HasErrors() {
|
|
|
|
return 1
|
2017-07-05 18:32:29 +02:00
|
|
|
}
|
2015-11-05 15:47:08 +01:00
|
|
|
return 0
|
|
|
|
}
|