terraform: verify import providers only depend on vars

2016-11-02 11:08:16 -07:00 · 2016-11-02 11:08:16 -07:00 · ec0ef95c6f
parent ec6e14c4d0
commit ec0ef95c6f
5 changed files with 79 additions and 1 deletions
--- a/command/import.go
+++ b/command/import.go
@ -19,8 +19,8 @@ func (c *ImportCommand) Run(args []string) int {
 	args = c.Meta.process(args, true)

 	cmdFlags := c.Meta.flagSet("import")
-	cmdFlags.StringVar(&c.Meta.statePath, "state", DefaultStateFilename, "path")
 	cmdFlags.IntVar(&c.Meta.parallelism, "parallelism", 0, "parallelism")
+	cmdFlags.StringVar(&c.Meta.statePath, "state", DefaultStateFilename, "path")
 	cmdFlags.StringVar(&c.Meta.stateOutPath, "state-out", "", "path")
 	cmdFlags.StringVar(&c.Meta.backupPath, "backup", "", "path")
 	cmdFlags.Usage = func() { c.Ui.Error(c.Help()) }
--- a/terraform/context_import_test.go
+++ b/terraform/context_import_test.go
@ -264,6 +264,36 @@ func TestContextImport_providerVarConfig(t *testing.T) {
 	}
 }

+// Test that provider configs can't reference resources.
+func TestContextImport_providerNonVarConfig(t *testing.T) {
+	p := testProvider("aws")
+	ctx := testContext2(t, &ContextOpts{
+		Module: testModule(t, "import-provider-non-vars"),
+		Providers: map[string]ResourceProviderFactory{
+			"aws": testProviderFuncFixed(p),
+		},
+	})
+
+	p.ImportStateReturn = []*InstanceState{
+		&InstanceState{
+			ID:        "foo",
+			Ephemeral: EphemeralState{Type: "aws_instance"},
+		},
+	}
+
+	_, err := ctx.Import(&ImportOpts{
+		Targets: []*ImportTarget{
+			&ImportTarget{
+				Addr: "aws_instance.foo",
+				ID:   "bar",
+			},
+		},
+	})
+	if err == nil {
+		t.Fatal("should error")
+	}
+}
+
 func TestContextImport_refresh(t *testing.T) {
 	p := testProvider("aws")
 	ctx := testContext2(t, &ContextOpts{
--- a/terraform/graph_builder_import.go
+++ b/terraform/graph_builder_import.go
@ -58,6 +58,9 @@ func (b *ImportGraphBuilder) Steps() []GraphTransformer {
 		&PruneProviderTransformer{},
 		&AttachProviderConfigTransformer{Module: mod},

+		// This validates that the providers only depend on variables
+		&ImportProviderValidateTransformer{},
+
 		// Single root
 		&RootTransformer{},

--- a/terraform/test-fixtures/import-provider-non-vars/main.tf
+++ b/terraform/test-fixtures/import-provider-non-vars/main.tf
@ -0,0 +1,7 @@
+provider "aws" {
+    foo = "${aws_instance.foo.bar}"
+}
+
+resource "aws_instance" "foo" {
+    bar = "value"
+}
--- a/terraform/transform_import_provider.go
+++ b/terraform/transform_import_provider.go
@ -0,0 +1,38 @@
+package terraform
+
+import (
+	"fmt"
+	"strings"
+)
+
+// ImportProviderValidateTransformer is a GraphTransformer that goes through
+// the providers in the graph and validates that they only depend on variables.
+type ImportProviderValidateTransformer struct{}
+
+func (t *ImportProviderValidateTransformer) Transform(g *Graph) error {
+	for _, v := range g.Vertices() {
+		// We only care about providers
+		pv, ok := v.(GraphNodeProvider)
+		if !ok {
+			continue
+		}
+
+		// We only care about providers that reference things
+		rn, ok := pv.(GraphNodeReferencer)
+		if !ok {
+			continue
+		}
+
+		for _, ref := range rn.References() {
+			if !strings.HasPrefix(ref, "var.") {
+				return fmt.Errorf(
+					"Provider %q depends on non-var %q. Providers for import can currently\n"+
+						"only depend on variables or must be hardcoded. You can stop import\n"+
+						"from loading configurations by specifying `-config=\"\"`.",
+					pv.ProviderName(), ref)
+			}
+		}
+	}
+
+	return nil
+}