Revert "Merge pull request #18980 from hashicorp/f-policy-output"

This reverts commit f09c2db8d2, reversing
changes made to 8394dc797d.
This commit is contained in:
Sander van Harmelen 2018-10-04 23:03:40 +02:00
parent 6eec5fadd0
commit c12f0355a7
5 changed files with 48 additions and 42 deletions

View File

@ -9,7 +9,6 @@ IMPROVEMENTS:
* backend/remote: Implement the state.Locker interface to support state locking [GH-18826] * backend/remote: Implement the state.Locker interface to support state locking [GH-18826]
* backend/remote: Add initial support for the apply command [GH-18950] * backend/remote: Add initial support for the apply command [GH-18950]
* backend/remote: Ask to cancel pending remote operations when Ctrl-C is pressed [GH-18979] * backend/remote: Ask to cancel pending remote operations when Ctrl-C is pressed [GH-18979]
* backend/remote: Only show the full policy output when the check failed [GH-18980]
* backend/remote: Add support for the `-no-color` command line flag [GH-19002] * backend/remote: Add support for the `-no-color` command line flag [GH-19002]
BUG FIXES: BUG FIXES:

View File

@ -7,7 +7,6 @@ import (
"fmt" "fmt"
"log" "log"
"strings" "strings"
"time"
tfe "github.com/hashicorp/go-tfe" tfe "github.com/hashicorp/go-tfe"
"github.com/hashicorp/terraform/backend" "github.com/hashicorp/terraform/backend"
@ -147,32 +146,23 @@ func (b *Remote) opApply(stopCtx, cancelCtx context.Context, op *backend.Operati
return r, nil return r, nil
} }
func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Operation, r *tfe.Run) (err error) { func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Operation, r *tfe.Run) error {
if b.CLI != nil { if b.CLI != nil {
b.CLI.Output("\n------------------------------------------------------------------------\n") b.CLI.Output("\n------------------------------------------------------------------------\n")
} }
for _, pc := range r.PolicyChecks { for _, pc := range r.PolicyChecks {
// Loop until the context is canceled or the policy check is finished. logs, err := b.client.PolicyChecks.Logs(stopCtx, pc.ID)
for { if err != nil {
pc, err = b.client.PolicyChecks.Read(stopCtx, pc.ID) return generalError("error retrieving policy check logs", err)
}
scanner := bufio.NewScanner(logs)
// Retrieve the policy check to get its current status.
pc, err := b.client.PolicyChecks.Read(stopCtx, pc.ID)
if err != nil { if err != nil {
return generalError("error retrieving policy check", err) return generalError("error retrieving policy check", err)
} }
switch pc.Status {
case tfe.PolicyPending, tfe.PolicyQueued:
select {
case <-stopCtx.Done():
return generalError("error retrieving policy check", stopCtx.Err())
case <-time.After(500 * time.Millisecond):
continue
}
}
// Break if the policy check is finished.
break
}
var msgPrefix string var msgPrefix string
switch pc.Scope { switch pc.Scope {
case tfe.PolicyScopeOrganization: case tfe.PolicyScopeOrganization:
@ -183,25 +173,10 @@ func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Ope
msgPrefix = fmt.Sprintf("Unknown policy check (%s)", pc.Scope) msgPrefix = fmt.Sprintf("Unknown policy check (%s)", pc.Scope)
} }
// Don't show the full policy output if the policy passed.
if pc.Status == tfe.PolicyPasses {
if b.CLI != nil {
b.CLI.Output(b.Colorize().Color(msgPrefix + ": passed\n"))
b.CLI.Output("------------------------------------------------------------------------")
}
continue
}
if b.CLI != nil { if b.CLI != nil {
b.CLI.Output(b.Colorize().Color(msgPrefix + ":\n")) b.CLI.Output(b.Colorize().Color(msgPrefix + ":\n"))
} }
logs, err := b.client.PolicyChecks.Logs(stopCtx, pc.ID)
if err != nil {
return generalError("error retrieving policy check logs", err)
}
scanner := bufio.NewScanner(logs)
for scanner.Scan() { for scanner.Scan() {
if b.CLI != nil { if b.CLI != nil {
b.CLI.Output(b.Colorize().Color(scanner.Text())) b.CLI.Output(b.Colorize().Color(scanner.Text()))
@ -212,6 +187,11 @@ func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Ope
} }
switch pc.Status { switch pc.Status {
case tfe.PolicyPasses:
if b.CLI != nil {
b.CLI.Output("\n------------------------------------------------------------------------")
}
continue
case tfe.PolicyErrored: case tfe.PolicyErrored:
return fmt.Errorf(msgPrefix + " errored.") return fmt.Errorf(msgPrefix + " errored.")
case tfe.PolicyHardFailed: case tfe.PolicyHardFailed:

View File

@ -442,7 +442,7 @@ func TestRemote_applyPolicyPass(t *testing.T) {
if !strings.Contains(output, "1 to add, 0 to change, 0 to destroy") { if !strings.Contains(output, "1 to add, 0 to change, 0 to destroy") {
t.Fatalf("missing plan summery in output: %s", output) t.Fatalf("missing plan summery in output: %s", output)
} }
if !strings.Contains(output, "policy check: passed") { if !strings.Contains(output, "Sentinel Result: true") {
t.Fatalf("missing polic check result in output: %s", output) t.Fatalf("missing polic check result in output: %s", output)
} }
if !strings.Contains(output, "1 added, 0 changed, 0 destroyed") { if !strings.Contains(output, "1 added, 0 changed, 0 destroyed") {

View File

@ -527,7 +527,7 @@ func (m *mockPolicyChecks) Logs(ctx context.Context, policyCheckID string) (io.R
} }
if _, err := os.Stat(logfile); os.IsNotExist(err) { if _, err := os.Stat(logfile); os.IsNotExist(err) {
return nil, fmt.Errorf("logfile does not exist") return bytes.NewBufferString("logfile does not exist"), nil
} }
logs, err := ioutil.ReadFile(logfile) logs, err := ioutil.ReadFile(logfile)
@ -535,6 +535,23 @@ func (m *mockPolicyChecks) Logs(ctx context.Context, policyCheckID string) (io.R
return nil, err return nil, err
} }
switch {
case bytes.Contains(logs, []byte("Sentinel Result: true")):
pc.Status = tfe.PolicyPasses
case bytes.Contains(logs, []byte("Sentinel Result: false")):
switch {
case bytes.Contains(logs, []byte("hard-mandatory")):
pc.Status = tfe.PolicyHardFailed
case bytes.Contains(logs, []byte("soft-mandatory")):
pc.Actions.IsOverridable = true
pc.Permissions.CanOverride = true
pc.Status = tfe.PolicySoftFailed
}
default:
// As this is an unexpected state, we say the policy errored.
pc.Status = tfe.PolicyErrored
}
return bytes.NewBuffer(logs), nil return bytes.NewBuffer(logs), nil
} }

View File

@ -1,2 +1,12 @@
# This line is here only for the mock!
Sentinel Result: true Sentinel Result: true
This result means that Sentinel policies returned true and the protected
behavior is allowed by Sentinel policies.
1 policies evaluated.
## Policy 1: Passthrough.sentinel (soft-mandatory)
Result: true
TRUE - Passthrough.sentinel:1:1 - Rule "main"