Commit Graph

465 Commits

Author SHA1 Message Date
Paul Hinze c7dc1c10a3 helper/schema: skip StateFunc when value is nil
This takes the nil checking burden off of StateFunc.

fixes #3586, see that issue for further discussion
2015-11-20 14:07:18 -06:00
Paul Hinze 938281024f helper/schema: name test cases w/ strings
I promised myself that next time I jumped in this file I'd fix this up.
Now we don't have to manually index the file with comments, we can just
add descriptive names to the test cases!
2015-11-20 13:51:34 -06:00
Paul Hinze 6b6b5a43c3 provider/aws: serialize SG rule access to fix race condition
Because `aws_security_group_rule` resources are an abstraction on top of
Security Groups, they must interact with the AWS Security Group APIs in
a pattern that often results in lots of parallel requests interacting
with the same security group.

We've found that this pattern can trigger race conditions resulting in
inconsistent behavior, including:

 * Rules that report as created but don't actually exist on AWS's side
 * Rules that show up in AWS but don't register as being created
   locally, resulting in follow up attempts to authorize the rule
   failing w/ Duplicate errors

Here, we introduce a per-SG mutex that must be held by any security
group before it is allowed to interact with AWS APIs. This protects the
space between `DescribeSecurityGroup` and `Authorize*` / `Revoke*`
calls, ensuring that no other rules interact with the SG during that
span.

The included test exposes the race by applying a security group with
lots of rules, which based on the dependency graph can all be handled in
parallel. This fails most of the time without the new locking behavior.

I've omitted the mutex from `Read`, since it is only called during the
Refresh walk when no changes are being made, meaning a bunch of parallel
`DescribeSecurityGroup` API calls should be consistent in that case.
2015-11-18 12:39:59 -06:00
Radek Simko 1e3cc7b33f helper: Remove url helper (moved to go-getter) 2015-11-14 08:21:18 +00:00
Paul Hinze 7ffa66d1a5 ssh: accept private key contents instead of path
We've been moving away from config fields expecting file paths that
Terraform will load, instead prefering fields that expect file contents,
leaning on `file()` to do loading from a path.

This helps with consistency and also flexibility - since this makes it
easier to shift sensitive files into environment variables.

Here we add a little helper package to manage the transitional period
for these fields where we support both behaviors.

Also included is the first of several fields being shifted over - SSH
private keys in provisioner connection config.

We're moving to new field names so the behavior is more intuitive, so
instead of `key_file` it's `private_key` now.

Additional field shifts will be included in follow up PRs so they can be
reviewed and discussed individually.
2015-11-12 14:59:14 -06:00
James Nugent f4c03ec2a6 Reflect new comment format in stringer.go
As of November 8th 2015, (4b07c5ce8a), the word "Code" is prepended to
the comments in Go source files generated by the stringer utility.
2015-11-09 11:38:51 -05:00
Martin Atkins a67182543c Nicer error when list/map assigned to string argument.
Previous this would return the following sort of error:
expected type 'string', got unconvertible type '[]interface {}'

This is the raw error returned by the underlying mapstructure library.
This is not a helpful error message for anyone who doesn't know Go's
type system, and it exposes Terraform's internals to the UI.

Instead we'll catch these cases before we try to use mapstructure and
return a more straightforward message.

By checking the type before the IsComputed exception this also avoids
a crash caused when the assigned value is a computed list. Otherwise
the list of interpolations is allowed through here and then crashes later
during Diff when the value is not a primitive as expected.
2015-10-22 21:16:02 -07:00
Mitchell Hashimoto 344e7c26b5 fix a bunch of tests from go-getter import 2015-10-15 13:48:58 -07:00
Paul Hinze 2a179d1065 helper/schema: ValidateFunc support for maps 2015-10-14 15:10:22 -05:00
Panagiotis Moustafellos e4845f75cc removed extra parentheses 2015-10-08 15:48:04 +03:00
Martin Atkins cc8e8a55de helper/schema: Default hashing function for sets
A common issue with new resource implementations is not considering parts
of a complex structure that's used inside a set, which causes quirky
behavior.

The schema helper has enough information to provide a default reasonable
implementation of a set function that includes all non-computed attributes
in a deterministic way. Here we implement such a function and use it
when no explicit hashing function is provided.

In order to achieve this we encapsulate the construction of the zero
value for a schema in a new method schema.ZeroValue, which allows us to
put the fallback logic to the new default function in a single spot.
It is no longer valid to use &Set{F: schema.Set} and all uses of that
construct should be replaced with schema.ZeroValue().(*Set) .
2015-10-03 18:10:47 -07:00
Martin Atkins 3fde993978 Merge #3336: Remove local multierror package.
Instead, use ``github.com/hashicorp/go-multierror``.
2015-10-03 17:53:36 -07:00
Radek Simko 641b701830 schema: Make validation more strict 2015-10-03 14:29:19 -07:00
Sander van Harmelen 2ba8dc38fa Switch to go-multierror
It seems there are 4 locations left that use the `helper/multierror`
package, where the rest is TF settled on the `hashicorp/go-multierror`
package.

Functionally this doesn’t change anything, so I suggest to delete the
builtin version as it can only cause confusion (both packages have the
same name, but are still different types according to Go’s type system.
2015-09-27 18:58:48 -07:00
Fatih Arslan f269d4fc8c schema: add test for nil string case 2015-09-16 23:35:10 +03:00
Fatih Arslan 8e7fc240f9 schema: delete non existing values
We need to set the value to an empty value so the state file does
indeed change the value. Otherwise the obsolote value is still
intact and doesn't get changed at all. This means `terraform show`
still shows the obsolote value when the particular value is not
existing anymore. This is due the AWS API which is returning a null
instead of an empty string.
2015-09-16 23:26:27 +03:00
Anthony Scalisi 198e1a5186 remove various typos 2015-09-11 11:56:20 -07:00
Paul Hinze 7eb72e7a12 helper/schema: record schema version when destroy fails
This was just a missed exit from the resource.Apply function -
subsequent refreshes would add the SchemaVersion back into the state,
but having the state recorded once without the meta information can
cause problems with Atlas's remote state checksumming.
2015-08-03 15:53:15 -05:00
Clint f979fd7dee Merge pull request #2571 from TimeIncOSS/f-aws-autogenerated-elb-name
provider/aws: Allow ELB name to be generated
2015-07-21 15:52:36 -05:00
Radek Simko 9882cc59d8 aws: Add regression test for renaming ecs_cluster 2015-07-12 14:37:39 +01:00
Sander van Harmelen 4a8ef78d33 Fixes #2676 by prefixing all Windows commands
By prefixing them with `cmd /c` it will work with both `winner` and
`ssh` connection types.

This PR also reverts some bad stringer changes made in PR #2673
2015-07-10 12:56:27 +02:00
Sander van Harmelen 97fd4f5b7d Tweaking the tests 2015-07-09 21:29:27 +02:00
Paul Hinze 5c38456b05 core: don't prompt for variables with defaults
In `helper/schema` we already makes a distinction between `Default`
which is always applied and `InputDefault` which is displayed to the
user for an empty field.

But for variables we just have `Default` which is treated like
`InputDefault`. This changes it to _not_ prompt the user for a value
when the variable declaration includes a default.

Treating this as a UX bugfix and the "don't prompt for variables w/
defaults set" behavior as the originally expected behavior we were
failing to honor.

Added an already-passing test to verify and cover the `helper/schema`
behavior.

Perhaps down the road we can add a `input_default` attribute to
variables to allow similar behavior to `helper/schema` in variables, but
for now just sticking with the fix.

Fixes #2592
2015-07-02 10:40:30 -05:00
Radek Simko 70b7243dd6 helper: Add resource.PrefixedUniqueId 2015-06-30 12:54:54 +01:00
Mitchell Hashimoto 2f08a2bb15 Merge pull request #2507 from hashicorp/b-set-remove
helper/schema: diff should include removed set items [GH-1823]
2015-06-26 08:18:28 -07:00
Mitchell Hashimoto 0100d4139b helper/schema: clean up style 2015-06-25 22:01:54 -07:00
Mitchell Hashimoto 6e509aedcb helper/schema: diff should include removed set items [GH-1823] 2015-06-25 21:52:49 -07:00
Paul Hinze 7238b3b4af core: encapsulate representation of StringList
Now the only code that cares about how StringLists are represented lives
inside string_list.go

...which gives us the ability to change it! :)
2015-06-25 17:55:57 -05:00
Paul Hinze 10b3abf405 config: introduce StringList to abstract over list hack
This is the initial pure "all tests passing without a diff" stage. The
plan is to change the internal representation of StringList to include a
suffix delimiter, which will allow us to recognize empty and
single-element lists.
2015-06-25 17:55:56 -05:00
Radek Simko 6fdbca8e58 Merge pull request #2466 from TimeIncOSS/f-schema-field-name-validate
schema: Add field name to ValidateFunc
2015-06-24 18:52:53 +01:00
Mitchell Hashimoto 6b7c2bcb35 Merge pull request #2450 from hashicorp/b-schema-validate-type
helper/schema: validate objects are objects [GH-2166]
2015-06-24 10:35:26 -07:00
Mitchell Hashimoto 630646335f Merge pull request #2451 from hashicorp/b-provider-validate
helper/schema: internal validate as part of provider validation
2015-06-24 10:28:49 -07:00
Radek Simko 92db4802b6 schema: Add field name to ValidateFunc 2015-06-24 18:22:12 +01:00
Mitchell Hashimoto 4e7fcd4f42 helper/schema: test that validatefunc is not called with computed vals 2015-06-23 22:10:46 -07:00
Mitchell Hashimoto e36597cad7 helper/schema: internal validate as part of provider validation
[GH-1291]
2015-06-23 16:52:04 -07:00
Mitchell Hashimoto 4f391902a0 helper/schema: validate objects are objects [GH-2166] 2015-06-23 16:39:02 -07:00
Paul Hinze aa8cf572a8 Merge pull request #2265 from hashicorp/f-schema-validate-field
Support arbitrary per-field schema validation
2015-06-22 18:01:54 -05:00
Paul Hinze 385b17d679 provider/template: don't error when rendering fails in Exists
The Exists function can run in a context where the contents of the
template have changed, but it uses the old set of variables from the
state. This means that when the set of variables changes, rendering will
fail in Exists. This was returning an error, but really it just needs to
be treated as a scenario where the template needs re-rendering.

fixes #2344 and possibly a few other template issues floating around
2015-06-17 15:33:07 -05:00
Paul Hinze a4912cc51f helper/schema: limit ValidateFunc to primitives for now
I couldn't see a simple path get this working for Maps, Sets,
and Lists, so lets land it as a primitive-only schema feature.

I think validation on primitives comprises 80% of the use cases anyways.
2015-06-11 07:06:30 -05:00
Paul Hinze 49352db26f helper/schema: skip ValidateFunc on other errors
Guarantees that the `interface{}` arg to ValidateFunc is the proper
type, allowing implementations to be simpler.

Finish the docstring on `ValidateFunc` to call this out.

/cc @mitchellh
2015-06-08 08:55:45 -05:00
Paul Hinze 61fee6735d helper/schema: ValidateFunc
Allows provider authors to implement arbitrary per-field validation
warnings or errors.
2015-06-08 08:47:41 -05:00
Svend Sorensen 943bf3c00a Use name of function in comment string
Name of function is Difference, not Differences.
2015-06-04 13:03:01 -07:00
Clint Shryock 78e7519efa Updates from go generate 2015-06-03 08:37:57 -05:00
Sam Boyer b82bd0c280 Condense switch fallthroughs into expr lists 2015-05-26 21:52:36 -04:00
Mitchell Hashimoto dd24ed4b76 helper/schema: blank ID refresh doesn't exist [GH-1905] 2015-05-13 20:15:13 -07:00
Justin Campbell bb14bfa657 helper/schema: call InternalValidate w/ schemaMap{} 2015-05-12 11:01:08 -04:00
Paul Hinze 1e3d1b07e6 helper/schema: validate ConflictsWith against top-level
The runtime impl of ConfictsWith uses Resource.Get(), which makes it
work with any other attribute of the resource - the InternalValidate was
only checking against the local schemaMap though, preventing subResource
from using ConflictsWith properly.

It's a lot of wiring and it's a bit ugly, but it's not runtime code, so
I'm a bit less concerned about that aspect.

This should take care of the problem mentioned in #1909
2015-05-12 09:45:15 -05:00
Paul Hinze a96a3372c6 provider/template: don't diff when there's no diff
This reworks the template lifecycle a bit such that we get nicer diff
behavior.

First, we tick ForceNew on for both filename and vars, so that the diff
indicates that the template will be "replaced" on change. This is mostly
cosmetic, but it also tracks conceptually with the fact that the
identifier we use is a hash of the contents, so any change essentially
makes a "new resource".

Second, we change the Exists implementation to only return `false` when
there has been a change in the rendered template. This lets descendent
resources see the computed value changing so that they'll properly
trigger in the plan.

Fixes #1898
Refs #1866 (but does not fix, there's another deeper issue there)
2015-05-11 10:38:19 -05:00
Paul Hinze bc9792f4c5 helper/schema: tweak test anotation 2015-05-07 10:39:17 -05:00
Paul Hinze 051ba78554 Merge pull request #1824 from hashicorp/b-write-count-for-empty-maps
helper/schema: write "attr.#": "0" for empty maps
2015-05-07 10:38:32 -05:00
Andrew Langhorn bb4f7415ca Rename "The The" so that they can play songs again
Other than the fact that "The the" doesn't really make any sense anywhere
that it's used in Terraform, they're a post-punk band from the UK.

Fixes "The The" so that they can get back to playing songs.
2015-05-06 22:53:11 +01:00
Paul Hinze fbce3a3caa helper/resource: don't fail test on config warnings
AccTests like TestAccComputeInstance_basic_deprecated_network were
failing early on "invalid config" when we are explictly testing behavior
that we know generates warnings.
2015-05-06 13:17:56 -05:00
Paul Hinze f2368428d3 helper/schema: write "attr.#": "0" for empty maps
This fixes some perpetual diffs I saw in Atlas AccTests where an empty
map (`map[string]interface{}{}`) was being `d.Set` for "metadata_full".

Because the MapFieldWriter was not distinguishing between empty and nil,
this trigger the "map delete" logic and no count was written to the
state. This caused subsequent plans to improperly report a diff.

Here we redefine the map delete functionality to explicitly trigger only
on `nil`, so we catch the `.#` field for empty maps.
2015-05-06 10:21:22 -05:00
Paul Hinze cebcee5c63 Merge pull request #1778 from josharian/template-provider
providers: add template provider
2015-05-05 20:09:27 -05:00
Phil Frost b082117e92 Implement AWS IAM resources
- Users
- Groups
- Roles
- Inline policies for the above three
- Instance profiles
- Managed policies
- Access keys

This is most of the data types provided by IAM. There are a few things
missing, but the functionality here is probably sufficient for 95% of
the cases. Makes a dent in #28.
2015-05-05 12:47:20 -04:00
Phil Frost 33183c078b Implement a hash function for string sets
Sets of strings are pretty common. Let's not duplicate the function
necessary to create a set of strings in so many places.
2015-05-05 12:47:18 -04:00
Paul Hinze a3101568c5 helper/schema: add clarifying GetOk test
Wrote this test to verify behavior, committing and commenting to help me
get the answer faster in the future.
2015-05-04 14:58:12 -05:00
Josh Bleecher Snyder 76bcac3031 providers/template: add tests, address review comments
Do directory expansion on filenames.

Add basic acceptance tests. Code coverage is 72.5%.
Uncovered code is uninteresting and/or impossible error cases.

Note that this required adding a knob to
helper/resource.TestStep to allow transient
resources.
2015-05-04 10:26:17 -07:00
Paul Hinze 1671f1e50c Merge pull request #1762 from hashicorp/f-add-test-for-nested-set-statefunc
helper/schema: add test for statefunc with nested sets
2015-05-01 20:07:44 -05:00
Paul Hinze 15c75c501f Merge pull request #1483 from svanharmelen/f-winrm-support
core: add WinRM support
2015-05-01 15:56:53 -05:00
Sander van Harmelen c9e9e374bb Adding some abstractions for the communicators
This is needed as preperation for adding WinRM support. There is still
one error in the tests which needs another look, but other than that it
seems like were now ready to start working on the WinRM part…
2015-05-01 18:48:54 +02:00
Paul Hinze 88744d569f helper/resource/testing: unit tests to cover #1770
Also clarified that final return value of testStep is now only for the
happy path.
2015-05-01 11:22:06 -05:00
Paul Hinze dbf6d1bd00 helper/resource: fix accidentaly swallowing of acctest step errors
With #1757 I unwittingly reused an err variable, causing all test check
errors to be swallowed. -_-
2015-05-01 11:11:16 -05:00
Paul Hinze cb3cbffb19 helper/schema: add test for statefunc with nested sets
refs #1759
2015-04-30 15:20:33 -05:00
Paul Hinze 149e52ad1f helper/resource: verify refresh+plan after each step
I forgot to add `Computed: true` when I made the "key_name" field
optional in #1751.

This made the behavior:

 * Name generated in Create and set as ID
 * Follow up plan (without refresh) was nice and empty
 * During refresh, name gets cleared out on Read, causing a bad diff on
   subsequent plans

We can automatically catch bugs like this if we add yet another
verification step to our resource acceptance tests -> a post
Refresh+Plan that we verify is empty.

I left the non-refresh Plan verification in, because it's important that
_both_ of these are empty after an Apply.
2015-04-30 12:52:25 -05:00
Mitchell Hashimoto b96027ac87 Merge pull request #1656 from tpounds/bug-fix-prevent-neg-hash-all-operations
helper/schema: Prevent negative hashcodes for all set operations.
2015-04-28 20:49:53 -07:00
Phil Frost bd8ac4fe5e Better document StateChangeConf.WaitForState 2015-04-28 12:33:23 -04:00
Trevor Pounds 17b31925fe Prevent negative hashcodes for all set operations. 2015-04-23 09:32:07 -07:00
Mitchell Hashimoto 10fa50ce35 Merge pull request #1654 from hashicorp/b-neg-code
helper/schema: allow set items with hyphens
2015-04-23 17:36:30 +02:00
Mitchell Hashimoto 707aa36aec helper/schema: only use ~ on first char of code 2015-04-23 17:20:54 +02:00
Mitchell Hashimoto 77314a01d2 helper/schema: disallow negative hash codes 2015-04-23 16:57:26 +02:00
Paul Hinze 92ebb60293 helper/resource: ok let's actually use RFC4122 2015-04-22 13:16:44 -05:00
Paul Hinze d1106e9e22 helper/resource: add UniqueId() helper
A generic function for provider resources to use to get a unique
identifier.
2015-04-22 12:53:05 -05:00
Mitchell Hashimoto 1f46bc1926 helper/schema: validate unknown fields with computed values [GH-1507] 2015-04-22 12:52:26 +02:00
Mitchell Hashimoto 3176e5b44a Merge pull request #1595 from TimeIncOSS/aws-account-protection
aws: Allow defining blacklist/whitelist of account IDs
2015-04-22 08:08:01 +02:00
Mitchell Hashimoto 54e3e6104e Merge pull request #1594 from TimeIncOSS/schema-conflicts-with
helper/schema: add schema.ConflictsWith[]
2015-04-22 08:04:49 +02:00
Mitchell Hashimoto 51951d68f4 helper/schema: change diff logic around maps to fix case #57 and #44 2015-04-21 22:13:03 +02:00
Mitchell Hashimoto 9c10a89cf8 helper/schema: FieldReaderMap should mark map as exists if anything set 2015-04-21 22:11:00 +02:00
Mitchell Hashimoto fa934d96d0 helper/schema: FieldReaderConfig detects computed maps 2015-04-21 22:07:52 +02:00
Mitchell Hashimoto dc69603cd4 helper/resource: docs 2015-04-20 14:14:34 -07:00
Matt Good 21b0a03d70 Support for multiple providers of the same type
Adds an "alias" field to the provider which allows creating multiple instances
of a provider under different names. This provides support for configurations
such as multiple AWS providers for different regions. In each resource, the
provider can be set with the "provider" field.

(thanks to Cisco Cloud for their support)
2015-04-20 14:14:34 -07:00
Radek Simko 150fd00932 AWS account ID protection added 2015-04-20 12:07:39 +01:00
Radek Simko 34f48b3e06 Add schema.ConflictsWith[]
- this will allow defining logically conflicting attributes
2015-04-20 12:07:34 +01:00
Radek Simko e0df74c863 Add schema.ConflictsWith[]
- this will allow defining logically conflicting attributes
2015-04-20 12:07:00 +01:00
Mitchell Hashimoto de8666a5fa helper/ssh: add random number to script [GH-1545] 2015-04-18 16:09:08 -07:00
Mitchell Hashimoto 968a152df4 Merge pull request #1443 from hashicorp/f-acc-tests-check-empty-plan
providers: check for empty plan after each test step
2015-04-14 08:30:11 -07:00
Sander van Harmelen d90b3aa332 Merge pull request #1469 from svanharmelen/b-communicator-tests
Fixing up the communicator tests
2015-04-09 23:46:59 +02:00
Sander van Harmelen 02a41a8802 Fixing up the communicator tests
It turned out the tests didn’t work as expected due to some missing
config in the `newMockLineServer` and a defer located in the wrong
location. All is good again now…
2015-04-09 23:40:40 +02:00
Mitchell Hashimoto db58c7dd33 providers/docker: default cert_path to non-nil so input isn't asked 2015-04-09 09:49:03 -07:00
Paul Hinze 7fe34d4547 providers: check for empty plan after each test step
Each acceptance test step plays a Refresh, Plan, Apply for a given
config. This adds a follow up Plan and fails the test if it does not
come back empty. This will catch issues with perpetual, unresolvable
diffs that crop up here and there.

This is going to cause a lot of our existing acceptance tests to fail -
too many to roll into a single PR. I think the best plan is to land this
in master and then fix the failures (each of which should be catching a
legitimate provider bug) one by one until we get the provider suites
back to green.
2015-04-09 10:19:01 -05:00
Paul Hinze 66dbf91ffd helper/schema: ensure ForceNew set when Update is not
If a given resource does not define an `Update` function, then all of
its attributes must be specified as `ForceNew`, lest Applys fail with
"doesn't support update" like #1367.

This is something we can detect automatically, so this adds a check for
it when we validate provider implementations.
2015-04-03 09:57:30 -05:00
Tarrant f68c9eee63 Merge branch 'master' of https://github.com/hashicorp/terraform 2015-04-01 18:24:57 -07:00
Tarrant 6ad812e3d8 Merge branch 'ssh_agent' 2015-03-31 17:49:55 -07:00
Paul Hinze 97acccd3ed core: targeted operations
Add `-target=resource` flag to core operations, allowing users to
target specific resources in their infrastructure. When `-target` is
used, the operation will only apply to that resource and its
dependencies.

The calculated dependencies are different depending on whether we're
running a normal operation or a `terraform destroy`.

Generally, "dependencies" refers to ancestors: resources falling
_before_ the target in the graph, because their changes are required to
accurately act on the target.

For destroys, "dependencies" are descendents: those resources which fall
_after_ the target. These resources depend on our target, which is going
to be destroyed, so they should also be destroyed.
2015-03-31 14:49:38 -05:00
Tarrant 05407296c6 Add cleanup function to close SSHAgent 2015-03-20 18:18:35 -07:00
Paul Hinze 3ba8ed536b helper/schema: record schema version on apply
We were previously only recording the schema version on refresh. This
caused the state to be incorrectly written after a `terraform apply`
causing subsequent commands to run the state through an unnecessary
migration.
2015-03-18 19:08:48 -05:00
Tarrant 164f303da4 Add SSH Agent support 2015-03-15 16:12:59 -07:00
Paul Hinze 558775d115 Merge pull request #1184 from hashicorp/f-update-ssh-import
helper/ssh: update import location
2015-03-11 16:57:12 -05:00
Paul Hinze a24c21bd2c Merge pull request #1152 from hashicorp/f-helper-schema-versioning
helper/schema: schema versioning & migration
2015-03-11 15:54:22 -05:00
Paul Hinze 85caf9d8d7 helper/ssh: update import location
go's ssh package now lives canonically at `golang.org/x/crypto/ssh`

see https://godoc.org/golang.org/x/crypto/ssh

closes #1179
2015-03-11 15:48:47 -05:00