Revert "Merge pull request #18980 from hashicorp/f-policy-output"

This reverts commit f09c2db8d2, reversing changes made to 8394dc797d.
2018-10-04 23:03:40 +02:00 · 2018-10-04 23:03:40 +02:00 · c12f0355a7
parent 6eec5fadd0
commit c12f0355a7
5 changed files with 48 additions and 42 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,7 +9,6 @@ IMPROVEMENTS:
 * backend/remote: Implement the state.Locker interface to support state locking [GH-18826]
 * backend/remote: Add initial support for the apply command [GH-18950]
 * backend/remote: Ask to cancel pending remote operations when Ctrl-C is pressed [GH-18979]
-* backend/remote: Only show the full policy output when the check failed [GH-18980]
 * backend/remote: Add support for the `-no-color` command line flag [GH-19002]

 BUG FIXES:
--- a/backend/remote/backend_apply.go
+++ b/backend/remote/backend_apply.go
@ -7,7 +7,6 @@ import (
 	"fmt"
 	"log"
 	"strings"
-	"time"

 	tfe "github.com/hashicorp/go-tfe"
 	"github.com/hashicorp/terraform/backend"
@ -147,30 +146,21 @@ func (b *Remote) opApply(stopCtx, cancelCtx context.Context, op *backend.Operati
 	return r, nil
 }

-func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Operation, r *tfe.Run) (err error) {
+func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Operation, r *tfe.Run) error {
 	if b.CLI != nil {
 		b.CLI.Output("\n------------------------------------------------------------------------\n")
 	}
 	for _, pc := range r.PolicyChecks {
-		// Loop until the context is canceled or the policy check is finished.
-		for {
-			pc, err = b.client.PolicyChecks.Read(stopCtx, pc.ID)
-			if err != nil {
-				return generalError("error retrieving policy check", err)
-			}
+		logs, err := b.client.PolicyChecks.Logs(stopCtx, pc.ID)
+		if err != nil {
+			return generalError("error retrieving policy check logs", err)
+		}
+		scanner := bufio.NewScanner(logs)

-			switch pc.Status {
-			case tfe.PolicyPending, tfe.PolicyQueued:
-				select {
-				case <-stopCtx.Done():
-					return generalError("error retrieving policy check", stopCtx.Err())
-				case <-time.After(500 * time.Millisecond):
-					continue
-				}
-			}
-
-			// Break if the policy check is finished.
-			break
+		// Retrieve the policy check to get its current status.
+		pc, err := b.client.PolicyChecks.Read(stopCtx, pc.ID)
+		if err != nil {
+			return generalError("error retrieving policy check", err)
 		}

 		var msgPrefix string
@ -183,25 +173,10 @@ func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Ope
 			msgPrefix = fmt.Sprintf("Unknown policy check (%s)", pc.Scope)
 		}

-		// Don't show the full policy output if the policy passed.
-		if pc.Status == tfe.PolicyPasses {
-			if b.CLI != nil {
-				b.CLI.Output(b.Colorize().Color(msgPrefix + ": passed\n"))
-				b.CLI.Output("------------------------------------------------------------------------")
-			}
-			continue
-		}
-
 		if b.CLI != nil {
 			b.CLI.Output(b.Colorize().Color(msgPrefix + ":\n"))
 		}

-		logs, err := b.client.PolicyChecks.Logs(stopCtx, pc.ID)
-		if err != nil {
-			return generalError("error retrieving policy check logs", err)
-		}
-		scanner := bufio.NewScanner(logs)
-
 		for scanner.Scan() {
 			if b.CLI != nil {
 				b.CLI.Output(b.Colorize().Color(scanner.Text()))
@ -212,6 +187,11 @@ func (b *Remote) checkPolicy(stopCtx, cancelCtx context.Context, op *backend.Ope
 		}

 		switch pc.Status {
+		case tfe.PolicyPasses:
+			if b.CLI != nil {
+				b.CLI.Output("\n------------------------------------------------------------------------")
+			}
+			continue
 		case tfe.PolicyErrored:
 			return fmt.Errorf(msgPrefix + " errored.")
 		case tfe.PolicyHardFailed:
--- a/backend/remote/backend_apply_test.go
+++ b/backend/remote/backend_apply_test.go
@ -442,7 +442,7 @@ func TestRemote_applyPolicyPass(t *testing.T) {
 	if !strings.Contains(output, "1 to add, 0 to change, 0 to destroy") {
 		t.Fatalf("missing plan summery in output: %s", output)
 	}
-	if !strings.Contains(output, "policy check: passed") {
+	if !strings.Contains(output, "Sentinel Result: true") {
 		t.Fatalf("missing polic check result in output: %s", output)
 	}
 	if !strings.Contains(output, "1 added, 0 changed, 0 destroyed") {
--- a/backend/remote/backend_mock.go
+++ b/backend/remote/backend_mock.go
@ -527,7 +527,7 @@ func (m *mockPolicyChecks) Logs(ctx context.Context, policyCheckID string) (io.R
 	}

 	if _, err := os.Stat(logfile); os.IsNotExist(err) {
-		return nil, fmt.Errorf("logfile does not exist")
+		return bytes.NewBufferString("logfile does not exist"), nil
 	}

 	logs, err := ioutil.ReadFile(logfile)
@ -535,6 +535,23 @@ func (m *mockPolicyChecks) Logs(ctx context.Context, policyCheckID string) (io.R
 		return nil, err
 	}

+	switch {
+	case bytes.Contains(logs, []byte("Sentinel Result: true")):
+		pc.Status = tfe.PolicyPasses
+	case bytes.Contains(logs, []byte("Sentinel Result: false")):
+		switch {
+		case bytes.Contains(logs, []byte("hard-mandatory")):
+			pc.Status = tfe.PolicyHardFailed
+		case bytes.Contains(logs, []byte("soft-mandatory")):
+			pc.Actions.IsOverridable = true
+			pc.Permissions.CanOverride = true
+			pc.Status = tfe.PolicySoftFailed
+		}
+	default:
+		// As this is an unexpected state, we say the policy errored.
+		pc.Status = tfe.PolicyErrored
+	}
+
 	return bytes.NewBuffer(logs), nil
 }

--- a/backend/remote/test-fixtures/apply-policy-passed/policy.log
+++ b/backend/remote/test-fixtures/apply-policy-passed/policy.log
@ -1,2 +1,12 @@
-# This line is here only for the mock!
 Sentinel Result: true
+
+This result means that Sentinel policies returned true and the protected
+behavior is allowed by Sentinel policies.
+
+1 policies evaluated.
+
+## Policy 1: Passthrough.sentinel (soft-mandatory)
+
+Result: true
+
+TRUE - Passthrough.sentinel:1:1 - Rule "main"