Merge pull request #19035 from hashicorp/f-policy-override

backend/remote: don’t ask questions when -auto-approve is set
2018-10-10 18:55:34 +02:00 · 2018-10-10 18:55:34 +02:00 · 4586b9f65a
parent 15dda63358 d78470ad5a
commit 4586b9f65a
3 changed files with 105 additions and 103 deletions
--- a/backend/local/backend.go
+++ b/backend/local/backend.go
@ -350,7 +350,7 @@ func (b *Local) Operation(ctx context.Context, op *backend.Operation) (*backend.
 	return runningOp, nil
 }

-// opWait wats for the operation to complete, and a stop signal or a
+// opWait waits for the operation to complete, and a stop signal or a
 // cancelation signal.
 func (b *Local) opWait(
 	doneCh <-chan struct{},
--- a/backend/remote/backend_apply.go
+++ b/backend/remote/backend_apply.go
@ -223,7 +223,7 @@ func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Ope
 		case tfe.PolicyHardFailed:
 			return fmt.Errorf(msgPrefix + " hard failed.")
 		case tfe.PolicySoftFailed:
-			if op.UIOut == nil || op.UIIn == nil ||
+			if op.UIOut == nil || op.UIIn == nil || op.AutoApprove ||
 				!pc.Actions.IsOverridable || !pc.Permissions.CanOverride {
 				return fmt.Errorf(msgPrefix + " soft failed.")
 			}
--- a/backend/remote/backend_apply_test.go
+++ b/backend/remote/backend_apply_test.go
@ -66,61 +66,6 @@ func TestRemote_applyBasic(t *testing.T) {
 	}
 }

-func TestRemote_applyWithAutoApply(t *testing.T) {
-	b := testBackendNoDefault(t)
-
-	// Create a named workspace that auto applies.
-	_, err := b.client.Workspaces.Create(
-		context.Background(),
-		b.organization,
-		tfe.WorkspaceCreateOptions{
-			AutoApply: tfe.Bool(true),
-			Name:      tfe.String(b.prefix + "prod"),
-		},
-	)
-	if err != nil {
-		t.Fatalf("error creating named workspace: %v", err)
-	}
-
-	mod, modCleanup := module.TestTree(t, "./test-fixtures/apply")
-	defer modCleanup()
-
-	input := testInput(t, map[string]string{
-		"approve": "yes",
-	})
-
-	op := testOperationApply()
-	op.Module = mod
-	op.UIIn = input
-	op.UIOut = b.CLI
-	op.Workspace = "prod"
-
-	run, err := b.Operation(context.Background(), op)
-	if err != nil {
-		t.Fatalf("error starting operation: %v", err)
-	}
-
-	<-run.Done()
-	if run.Err != nil {
-		t.Fatalf("error running operation: %v", run.Err)
-	}
-	if run.PlanEmpty {
-		t.Fatalf("expected a non-empty plan")
-	}
-
-	if len(input.answers) != 1 {
-		t.Fatalf("expected an unused answer, got: %v", input.answers)
-	}
-
-	output := b.CLI.(*cli.MockUi).OutputWriter.String()
-	if !strings.Contains(output, "1 to add, 0 to change, 0 to destroy") {
-		t.Fatalf("missing plan summery in output: %s", output)
-	}
-	if !strings.Contains(output, "1 added, 0 changed, 0 destroyed") {
-		t.Fatalf("missing apply summery in output: %s", output)
-	}
-}
-
 func TestRemote_applyWithoutPermissions(t *testing.T) {
 	b := testBackendNoDefault(t)

@ -461,6 +406,61 @@ func TestRemote_applyAutoApprove(t *testing.T) {
 	}
 }

+func TestRemote_applyWithAutoApply(t *testing.T) {
+	b := testBackendNoDefault(t)
+
+	// Create a named workspace that auto applies.
+	_, err := b.client.Workspaces.Create(
+		context.Background(),
+		b.organization,
+		tfe.WorkspaceCreateOptions{
+			AutoApply: tfe.Bool(true),
+			Name:      tfe.String(b.prefix + "prod"),
+		},
+	)
+	if err != nil {
+		t.Fatalf("error creating named workspace: %v", err)
+	}
+
+	mod, modCleanup := module.TestTree(t, "./test-fixtures/apply")
+	defer modCleanup()
+
+	input := testInput(t, map[string]string{
+		"approve": "yes",
+	})
+
+	op := testOperationApply()
+	op.Module = mod
+	op.UIIn = input
+	op.UIOut = b.CLI
+	op.Workspace = "prod"
+
+	run, err := b.Operation(context.Background(), op)
+	if err != nil {
+		t.Fatalf("error starting operation: %v", err)
+	}
+
+	<-run.Done()
+	if run.Err != nil {
+		t.Fatalf("error running operation: %v", run.Err)
+	}
+	if run.PlanEmpty {
+		t.Fatalf("expected a non-empty plan")
+	}
+
+	if len(input.answers) != 1 {
+		t.Fatalf("expected an unused answer, got: %v", input.answers)
+	}
+
+	output := b.CLI.(*cli.MockUi).OutputWriter.String()
+	if !strings.Contains(output, "1 to add, 0 to change, 0 to destroy") {
+		t.Fatalf("missing plan summery in output: %s", output)
+	}
+	if !strings.Contains(output, "1 added, 0 changed, 0 destroyed") {
+		t.Fatalf("missing apply summery in output: %s", output)
+	}
+}
+
 func TestRemote_applyLockTimeout(t *testing.T) {
 	b := testBackendDefault(t)
 	ctx := context.Background()
@ -745,6 +745,54 @@ func TestRemote_applyPolicySoftFail(t *testing.T) {
 	}
 }

+func TestRemote_applyPolicySoftFailAutoApprove(t *testing.T) {
+	b := testBackendDefault(t)
+
+	mod, modCleanup := module.TestTree(t, "./test-fixtures/apply-policy-soft-failed")
+	defer modCleanup()
+
+	input := testInput(t, map[string]string{
+		"override": "override",
+	})
+
+	op := testOperationApply()
+	op.AutoApprove = true
+	op.Module = mod
+	op.UIIn = input
+	op.UIOut = b.CLI
+	op.Workspace = backend.DefaultStateName
+
+	run, err := b.Operation(context.Background(), op)
+	if err != nil {
+		t.Fatalf("error starting operation: %v", err)
+	}
+
+	<-run.Done()
+	if run.Err == nil {
+		t.Fatalf("expected an apply error, got: %v", run.Err)
+	}
+	if !run.PlanEmpty {
+		t.Fatalf("expected plan to be empty")
+	}
+	if !strings.Contains(run.Err.Error(), "soft failed") {
+		t.Fatalf("expected a policy check error, got: %v", run.Err)
+	}
+	if len(input.answers) != 1 {
+		t.Fatalf("expected an unused answers, got: %v", input.answers)
+	}
+
+	output := b.CLI.(*cli.MockUi).OutputWriter.String()
+	if !strings.Contains(output, "1 to add, 0 to change, 0 to destroy") {
+		t.Fatalf("missing plan summery in output: %s", output)
+	}
+	if !strings.Contains(output, "Sentinel Result: false") {
+		t.Fatalf("missing policy check result in output: %s", output)
+	}
+	if strings.Contains(output, "1 added, 0 changed, 0 destroyed") {
+		t.Fatalf("unexpected apply summery in output: %s", output)
+	}
+}
+
 func TestRemote_applyPolicySoftFailAutoApply(t *testing.T) {
 	b := testBackendDefault(t)

@ -804,52 +852,6 @@ func TestRemote_applyPolicySoftFailAutoApply(t *testing.T) {
 	}
 }

-func TestRemote_applyPolicySoftFailAutoApprove(t *testing.T) {
-	b := testBackendDefault(t)
-
-	mod, modCleanup := module.TestTree(t, "./test-fixtures/apply-policy-soft-failed")
-	defer modCleanup()
-
-	input := testInput(t, map[string]string{
-		"override": "override",
-	})
-
-	op := testOperationApply()
-	op.AutoApprove = true
-	op.Module = mod
-	op.UIIn = input
-	op.UIOut = b.CLI
-	op.Workspace = backend.DefaultStateName
-
-	run, err := b.Operation(context.Background(), op)
-	if err != nil {
-		t.Fatalf("error starting operation: %v", err)
-	}
-
-	<-run.Done()
-	if run.Err != nil {
-		t.Fatalf("error running operation: %v", run.Err)
-	}
-	if run.PlanEmpty {
-		t.Fatalf("expected a non-empty plan")
-	}
-
-	if len(input.answers) > 0 {
-		t.Fatalf("expected no unused answers, got: %v", input.answers)
-	}
-
-	output := b.CLI.(*cli.MockUi).OutputWriter.String()
-	if !strings.Contains(output, "1 to add, 0 to change, 0 to destroy") {
-		t.Fatalf("missing plan summery in output: %s", output)
-	}
-	if !strings.Contains(output, "Sentinel Result: false") {
-		t.Fatalf("missing policy check result in output: %s", output)
-	}
-	if !strings.Contains(output, "1 added, 0 changed, 0 destroyed") {
-		t.Fatalf("missing apply summery in output: %s", output)
-	}
-}
-
 func TestRemote_applyWithRemoteError(t *testing.T) {
 	b := testBackendDefault(t)