ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
terraform/terraform/eval_validate.go

228 lines
6.4 KiB
Go
Raw Normal View History

terraform: validate almost done
2015-02-05 00:44:23 +01:00
package terraform
terraform: EvalValidateCount
2015-02-09 02:20:46 +01:00
import (
"fmt"
"github.com/hashicorp/terraform/config"
Detect and reject unknown attributes in "connection" blocks Since the validation of connection blocks is delegated to the communicator selected by "type", we were not previously doing any validation of the attribute names in these blocks until running provisioners during apply. Proper validation here requires us to already have the instance state, since the final connection info is a merge of values provided in config with values assigned automatically by the resource. However, we can do some basic name validation to catch typos during the validation pass, even though semantic validation and checking for missing attributes will still wait until the provisioner is instantiated. This fixes #6582 as much as we reasonably can.
2017-04-06 00:34:59 +02:00
"github.com/mitchellh/mapstructure"
terraform: EvalValidateCount
2015-02-09 02:20:46 +01:00
)
terraform: validate almost done
2015-02-05 00:44:23 +01:00
// EvalValidateError is the error structure returned if there were
// validation errors.
type EvalValidateError struct {
Warnings []string
Errors []error
}
func (e *EvalValidateError) Error() string {
terraform: provider config inheritance in modules
2015-02-10 08:32:28 +01:00
return fmt.Sprintf("Warnings: %s. Errors: %s", e.Warnings, e.Errors)
terraform: validate almost done
2015-02-05 00:44:23 +01:00
}
terraform: EvalValidateCount
2015-02-09 02:20:46 +01:00
// EvalValidateCount is an EvalNode implementation that validates
// the count of a resource.
type EvalValidateCount struct {
Resource *config.Resource
}
// TODO: test
terraform: clean up EvalNodes
2015-02-14 07:58:41 +01:00
func (n *EvalValidateCount) Eval(ctx EvalContext) (interface{}, error) {
terraform: EvalValidateCount
2015-02-09 02:20:46 +01:00
var count int
var errs []error
var err error
if _, err := ctx.Interpolate(n.Resource.RawCount, nil); err != nil {
errs = append(errs, fmt.Errorf(
"Failed to interpolate count: %s", err))
goto RETURN
}
count, err = n.Resource.Count()
if err != nil {
terraform: fix some count validation
2015-02-10 21:16:55 +01:00
// If we can't get the count during validation, then
// just replace it with the number 1.
c := n.Resource.RawCount.Config()
c[n.Resource.RawCount.Key] = "1"
count = 1
terraform: EvalValidateCount
2015-02-09 02:20:46 +01:00
}
terraform: don't validate computed values in validate This disables the computed value check for `count` during the validation pass. This enables partial support for #3888 or #1497: as long as the value is non-computed during the plan, complex values will work in counts. **Notably, this allows data source values to be present in counts!** The "count" value can be disabled during validation safely because we can treat it as if any field that uses `count.index` is computed for validation. We then validate a single instance (as if `count = 1`) just to make sure all required fields are set.
2017-01-28 06:15:43 +01:00
err = nil
terraform: EvalValidateCount
2015-02-09 02:20:46 +01:00
if count < 0 {
errs = append(errs, fmt.Errorf(
"Count is less than zero: %d", count))
}
RETURN:
Demote some log lines to DEBUG. Now that we support log line filtering (as of 0090c063) it's good to be a bit more fussy about what log levels are assigned to different things. Here we make a few things that are implementation details log as DEBUG, and prevent spurious errors from EvalValidateCount where it was returning an empty EvalValidateError rather than nil when everything was okay.
2015-10-11 19:45:33 +02:00
if len(errs) != 0 {
err = &EvalValidateError{
Errors: errs,
}
terraform: EvalValidateCount
2015-02-09 02:20:46 +01:00
}
Demote some log lines to DEBUG. Now that we support log line filtering (as of 0090c063) it's good to be a bit more fussy about what log levels are assigned to different things. Here we make a few things that are implementation details log as DEBUG, and prevent spurious errors from EvalValidateCount where it was returning an empty EvalValidateError rather than nil when everything was okay.
2015-10-11 19:45:33 +02:00
return nil, err
terraform: EvalValidateCount
2015-02-09 02:20:46 +01:00
}
terraform: basic provider validation!
2015-02-05 02:23:26 +01:00
// EvalValidateProvider is an EvalNode implementation that validates
// the configuration of a resource.
type EvalValidateProvider struct {
terraform: merge provider configs before validate [GH-1282]
2015-03-26 00:28:52 +01:00
Provider *ResourceProvider
Config **ResourceConfig
terraform: basic provider validation!
2015-02-05 02:23:26 +01:00
}
terraform: clean up EvalNodes
2015-02-14 07:58:41 +01:00
func (n *EvalValidateProvider) Eval(ctx EvalContext) (interface{}, error) {
provider := *n.Provider
config := *n.Config
terraform: provider config inheritance in modules
2015-02-10 08:32:28 +01:00
terraform: basic provider validation!
2015-02-05 02:23:26 +01:00
warns, errs := provider.Validate(config)
if len(warns) == 0 && len(errs) == 0 {
return nil, nil
}
return nil, &EvalValidateError{
Warnings: warns,
Errors: errs,
}
}
terraform: validate provisioners
2015-02-09 20:15:54 +01:00
// EvalValidateProvisioner is an EvalNode implementation that validates
// the configuration of a resource.
type EvalValidateProvisioner struct {
terraform: clean up EvalNodes
2015-02-14 07:58:41 +01:00
Provisioner *ResourceProvisioner
Config **ResourceConfig
Detect and reject unknown attributes in "connection" blocks Since the validation of connection blocks is delegated to the communicator selected by "type", we were not previously doing any validation of the attribute names in these blocks until running provisioners during apply. Proper validation here requires us to already have the instance state, since the final connection info is a merge of values provided in config with values assigned automatically by the resource. However, we can do some basic name validation to catch typos during the validation pass, even though semantic validation and checking for missing attributes will still wait until the provisioner is instantiated. This fixes #6582 as much as we reasonably can.
2017-04-06 00:34:59 +02:00
ConnConfig **ResourceConfig
terraform: validate provisioners
2015-02-09 20:15:54 +01:00
}
terraform: clean up EvalNodes
2015-02-14 07:58:41 +01:00
func (n *EvalValidateProvisioner) Eval(ctx EvalContext) (interface{}, error) {
provisioner := *n.Provisioner
config := *n.Config
Detect and reject unknown attributes in "connection" blocks Since the validation of connection blocks is delegated to the communicator selected by "type", we were not previously doing any validation of the attribute names in these blocks until running provisioners during apply. Proper validation here requires us to already have the instance state, since the final connection info is a merge of values provided in config with values assigned automatically by the resource. However, we can do some basic name validation to catch typos during the validation pass, even though semantic validation and checking for missing attributes will still wait until the provisioner is instantiated. This fixes #6582 as much as we reasonably can.
2017-04-06 00:34:59 +02:00
var warns []string
var errs []error
{
// Validate the provisioner's own config first
w, e := provisioner.Validate(config)
warns = append(warns, w...)
errs = append(errs, e...)
}
{
// Now validate the connection config, which might either be from
// the provisioner block itself or inherited from the resource's
// shared connection info.
w, e := n.validateConnConfig(*n.ConnConfig)
warns = append(warns, w...)
errs = append(errs, e...)
}
terraform: validate provisioners
2015-02-09 20:15:54 +01:00
if len(warns) == 0 && len(errs) == 0 {
return nil, nil
}
return nil, &EvalValidateError{
Warnings: warns,
Errors: errs,
}
}
Detect and reject unknown attributes in "connection" blocks Since the validation of connection blocks is delegated to the communicator selected by "type", we were not previously doing any validation of the attribute names in these blocks until running provisioners during apply. Proper validation here requires us to already have the instance state, since the final connection info is a merge of values provided in config with values assigned automatically by the resource. However, we can do some basic name validation to catch typos during the validation pass, even though semantic validation and checking for missing attributes will still wait until the provisioner is instantiated. This fixes #6582 as much as we reasonably can.
2017-04-06 00:34:59 +02:00
func (n *EvalValidateProvisioner) validateConnConfig(connConfig *ResourceConfig) (warns []string, errs []error) {
// We can't comprehensively validate the connection config since its
// final structure is decided by the communicator and we can't instantiate
// that until we have a complete instance state. However, we *can* catch
// configuration keys that are not valid for *any* communicator, catching
// typos early rather than waiting until we actually try to run one of
// the resource's provisioners.
type connConfigSuperset struct {
// All attribute types are interface{} here because at this point we
// may still have unresolved interpolation expressions, which will
// appear as strings regardless of the final goal type.
Type interface{} `mapstructure:"type"`
User interface{} `mapstructure:"user"`
Password interface{} `mapstructure:"password"`
Host interface{} `mapstructure:"host"`
Port interface{} `mapstructure:"port"`
Timeout interface{} `mapstructure:"timeout"`
ScriptPath interface{} `mapstructure:"script_path"`
// For type=ssh only (enforced in ssh communicator)
PrivateKey interface{} `mapstructure:"private_key"`
Agent interface{} `mapstructure:"agent"`
BastionHost interface{} `mapstructure:"bastion_host"`
BastionPort interface{} `mapstructure:"bastion_port"`
BastionUser interface{} `mapstructure:"bastion_user"`
BastionPassword interface{} `mapstructure:"bastion_password"`
BastionPrivateKey interface{} `mapstructure:"bastion_private_key"`
// For type=winrm only (enforced in winrm communicator)
HTTPS interface{} `mapstructure:"https"`
Insecure interface{} `mapstructure:"insecure"`
CACert interface{} `mapstructure:"cacert"`
}
var metadata mapstructure.Metadata
decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
Metadata: &metadata,
Result: &connConfigSuperset{}, // result is disregarded; we only care about unused keys
})
if err != nil {
// should never happen
errs = append(errs, err)
return
}
if err := decoder.Decode(connConfig.Config); err != nil {
errs = append(errs, err)
return
}
for _, attrName := range metadata.Unused {
errs = append(errs, fmt.Errorf("unknown 'connection' argument %q", attrName))
}
return
}
terraform: validate almost done
2015-02-05 00:44:23 +01:00
// EvalValidateResource is an EvalNode implementation that validates
// the configuration of a resource.
type EvalValidateResource struct {
terraform: clean up EvalNodes
2015-02-14 07:58:41 +01:00
Provider *ResourceProvider
Config **ResourceConfig
terraform: validate resource names
2015-02-09 18:50:20 +01:00
ResourceName string
terraform: provider should be cached by path
2015-02-09 02:58:02 +01:00
ResourceType string
core: EvalValidate calls appropriate validator for resource mode data resources are a separate namespace of resources than managed resources, so we need to call a different provider method depending on what mode of resource we're visiting. Managed resources use ValidateResource, while data resources use ValidateDataSource, since at the provider level of abstraction each provider has separate sets of resources and data sources respectively.
2016-05-02 04:01:48 +02:00
ResourceMode config.ResourceMode
core: rerun resource validation before plan and apply In #7170 we found two scenarios where the type checking done during the `context.Validate()` graph walk was circumvented, and the subsequent assumption of type safety in the provider's `Diff()` implementation caused panics. Both scenarios have to do with interpolations that reference Computed values. The sentinel we use to indicate that a value is Computed does not carry any type information with it yet. That means that an incorrect reference to a list or a map in a string attribute can "sneak through" validation only to crop up... 1. ...during Plan for Data Source References 2. ...during Apply for Resource references In order to address this, we: * add high-level tests for each of these two scenarios in `provider/test` * add context-level tests for the same two scenarios in `terraform` (these tests proved _really_ tricky to write!) * place an `EvalValidateResource` just before `EvalDiff` and `EvalApply` to catch these errors * add some plumbing to `Plan()` and `Apply()` to return validation errors, which were previously only generated during `Validate()` * wrap unit-tests around `EvalValidateResource` * add an `IgnoreWarnings` option to `EvalValidateResource` to prevent active warnings from halting execution on the second-pass validation Eventually, we might be able to attach type information to Computed values, which would allow for these errors to be caught earlier. For now, this solution keeps us safe from panics and raises the proper errors to the user. Fixes #7170
2016-07-01 01:22:20 +02:00
// IgnoreWarnings means that warnings will not be passed through. This allows
// "just-in-time" passes of validation to continue execution through warnings.
IgnoreWarnings bool
terraform: validate almost done
2015-02-05 00:44:23 +01:00
}
terraform: clean up EvalNodes
2015-02-14 07:58:41 +01:00
func (n *EvalValidateResource) Eval(ctx EvalContext) (interface{}, error) {
provider := *n.Provider
cfg := *n.Config
core: EvalValidate calls appropriate validator for resource mode data resources are a separate namespace of resources than managed resources, so we need to call a different provider method depending on what mode of resource we're visiting. Managed resources use ValidateResource, while data resources use ValidateDataSource, since at the provider level of abstraction each provider has separate sets of resources and data sources respectively.
2016-05-02 04:01:48 +02:00
var warns []string
var errs []error
// Provider entry point varies depending on resource mode, because
// managed resources and data resources are two distinct concepts
// in the provider abstraction.
switch n.ResourceMode {
case config.ManagedResourceMode:
warns, errs = provider.ValidateResource(n.ResourceType, cfg)
case config.DataResourceMode:
warns, errs = provider.ValidateDataSource(n.ResourceType, cfg)
}
terraform: validate resource names
2015-02-09 18:50:20 +01:00
core: rerun resource validation before plan and apply In #7170 we found two scenarios where the type checking done during the `context.Validate()` graph walk was circumvented, and the subsequent assumption of type safety in the provider's `Diff()` implementation caused panics. Both scenarios have to do with interpolations that reference Computed values. The sentinel we use to indicate that a value is Computed does not carry any type information with it yet. That means that an incorrect reference to a list or a map in a string attribute can "sneak through" validation only to crop up... 1. ...during Plan for Data Source References 2. ...during Apply for Resource references In order to address this, we: * add high-level tests for each of these two scenarios in `provider/test` * add context-level tests for the same two scenarios in `terraform` (these tests proved _really_ tricky to write!) * place an `EvalValidateResource` just before `EvalDiff` and `EvalApply` to catch these errors * add some plumbing to `Plan()` and `Apply()` to return validation errors, which were previously only generated during `Validate()` * wrap unit-tests around `EvalValidateResource` * add an `IgnoreWarnings` option to `EvalValidateResource` to prevent active warnings from halting execution on the second-pass validation Eventually, we might be able to attach type information to Computed values, which would allow for these errors to be caught earlier. For now, this solution keeps us safe from panics and raises the proper errors to the user. Fixes #7170
2016-07-01 01:22:20 +02:00
// If the resource name doesn't match the name regular
// expression, show an error.
terraform: validate resource names
2015-02-09 18:50:20 +01:00
if !config.NameRegexp.Match([]byte(n.ResourceName)) {
terraform: upgrade resource name regexp failure to error We're well past Terraform 0.4, so it's time to finally make good on the original promise. :) Fixes #5243
2016-02-23 17:32:02 +01:00
errs = append(errs, fmt.Errorf(
terraform: validate resource names
2015-02-09 18:50:20 +01:00
"%s: resource name can only contain letters, numbers, "+
core: rerun resource validation before plan and apply In #7170 we found two scenarios where the type checking done during the `context.Validate()` graph walk was circumvented, and the subsequent assumption of type safety in the provider's `Diff()` implementation caused panics. Both scenarios have to do with interpolations that reference Computed values. The sentinel we use to indicate that a value is Computed does not carry any type information with it yet. That means that an incorrect reference to a list or a map in a string attribute can "sneak through" validation only to crop up... 1. ...during Plan for Data Source References 2. ...during Apply for Resource references In order to address this, we: * add high-level tests for each of these two scenarios in `provider/test` * add context-level tests for the same two scenarios in `terraform` (these tests proved _really_ tricky to write!) * place an `EvalValidateResource` just before `EvalDiff` and `EvalApply` to catch these errors * add some plumbing to `Plan()` and `Apply()` to return validation errors, which were previously only generated during `Validate()` * wrap unit-tests around `EvalValidateResource` * add an `IgnoreWarnings` option to `EvalValidateResource` to prevent active warnings from halting execution on the second-pass validation Eventually, we might be able to attach type information to Computed values, which would allow for these errors to be caught earlier. For now, this solution keeps us safe from panics and raises the proper errors to the user. Fixes #7170
2016-07-01 01:22:20 +02:00
"dashes, and underscores.", n.ResourceName))
terraform: validate resource names
2015-02-09 18:50:20 +01:00
}
terraform: provider should be cached by path
2015-02-09 02:58:02 +01:00
core: rerun resource validation before plan and apply In #7170 we found two scenarios where the type checking done during the `context.Validate()` graph walk was circumvented, and the subsequent assumption of type safety in the provider's `Diff()` implementation caused panics. Both scenarios have to do with interpolations that reference Computed values. The sentinel we use to indicate that a value is Computed does not carry any type information with it yet. That means that an incorrect reference to a list or a map in a string attribute can "sneak through" validation only to crop up... 1. ...during Plan for Data Source References 2. ...during Apply for Resource references In order to address this, we: * add high-level tests for each of these two scenarios in `provider/test` * add context-level tests for the same two scenarios in `terraform` (these tests proved _really_ tricky to write!) * place an `EvalValidateResource` just before `EvalDiff` and `EvalApply` to catch these errors * add some plumbing to `Plan()` and `Apply()` to return validation errors, which were previously only generated during `Validate()` * wrap unit-tests around `EvalValidateResource` * add an `IgnoreWarnings` option to `EvalValidateResource` to prevent active warnings from halting execution on the second-pass validation Eventually, we might be able to attach type information to Computed values, which would allow for these errors to be caught earlier. For now, this solution keeps us safe from panics and raises the proper errors to the user. Fixes #7170
2016-07-01 01:22:20 +02:00
if (len(warns) == 0 || n.IgnoreWarnings) && len(errs) == 0 {
terraform: provider should be cached by path
2015-02-09 02:58:02 +01:00
return nil, nil
}
return nil, &EvalValidateError{
Warnings: warns,
Errors: errs,
}
terraform: validate almost done
2015-02-05 00:44:23 +01:00
}