Commit Graph

805 Commits

Author SHA1 Message Date
Martin Atkins 39c4d6ab1f Merge #15424: Improve robustness of state persistence handling
Previously the APIs for state persistence and management had some problematic cases where we depended on hidden mutations of the state structure as side-effects of otherwise-innocent-looking operations, which was a frequent cause of accidental regressions due to faulty assumptions.

This new model attempts to isolate certain state mutations to just within the state managers, and makes the state managers work on separated snapshots of the state rather than on the "live" object to reduce the risk of race conditions.
2017-07-05 16:27:08 -07:00
Martin Atkins fee1197cf9 command: terraform state rm to require at least one argument
Due to how the state filter machinery works, passing no arguments is valid
and matches _all_ resources.

It is very unlikely that someone wants to remove everything from state, so
this ends up being a very dangerous default for the "terraform state rm"
command, and surprising for someone who perhaps runs it looking for the
usage information.

So we'll be pragmatic here and reject the no-arguments case for this
command, accepting that it makes the unlikely case of intentionally
deleting all resources harder in order to make it less likely that it
will happen _unintentionally_.

If someone does really want to remove all resources from the state, they
can provide an explicit empty string argument, but this isn't documented
because it's a weird case that doesn't seem worth mentioning.

This fixes #15283.
2017-07-05 16:19:32 -07:00
James Bardin fb397060eb add some Serial checks to apply and refresh tests 2017-07-05 18:18:28 -04:00
James Bardin 054716c397 use testStateRead helper in apply tests
We have a helper function that we hardly ever use.
TODO: convert the rest of the manual ReadState calls eventually.
2017-07-05 18:18:16 -04:00
James Bardin 501cbeaffe testState shouldn't rely on mods from WriteState
The state returned from the testState helper shouldn't rely on any
mutations caused by WriteState. The Init function (which is analogous to
NewState) shoudl set any required fields.
2017-07-05 17:47:05 -04:00
Mike Helmick 9d7fce2f69 command: "terraform workspace show" to print current workspace name
This command serves as an alternative to the human-oriented list of workspaces for scripting use-cases where it's useful to know the _current_ workspace name.
2017-07-05 14:35:46 -07:00
Martin Atkins 4d53eaa6df state: more robust handling of state Serial
Previously we relied on a constellation of coincidences for everything to
work out correctly with state serials. In particular, callers needed to
be very careful about mutating states (or not) because many different bits
of code shared pointers to the same objects.

Here we move to a model where all of the state managers always use
distinct instances of state, copied when WriteState is called. This means
that they are truly a snapshot of the state as it was at that call, even
if the caller goes on mutating the state that was passed.

We also adjust the handling of serials so that the state managers ignore
any serials in incoming states and instead just treat each Persist as
the next version after what was most recently Refreshed.

(An exception exists for when nothing has been refreshed, e.g. because
we are writing a state to a location for the first time. In that case
we _do_ trust the caller, since the given state is either a new state
or it's a copy of something we're migrating from elsewhere with its
state and lineage intact.)

The intent here is to allow the rest of Terraform to not worry about
serials and state identity, and instead just treat the state as a mutable
structure. We'll just snapshot it occasionally, when WriteState is called,
and deal with serials _only_ at persist time.

This is intended as a more robust version of #15423, which was a quick
hotfix to an issue that resulted from our previous slopping handling
of state serials but arguably makes the problem worse by depending on
an additional coincidental behavior of the local backend's apply
implementation.
2017-07-05 12:34:30 -07:00
Radek Simko 14614a5423 command/validate: Add flag to check that all variables are specified (#13872)
* command/validate: Add flag to check that all variables are specified

* Rename config-only to check-variables
2017-07-05 17:32:29 +01:00
Jake Champlin 9944ea6886
core: Skip provider checksum validation based on env var
Skips checksum validation if the `TF_SKIP_PROVIDER_VERIFY` environment variable is set. Undocumented variable, as the primary goal is to significantly improve the local provider development workflow.
2017-07-03 13:59:13 -04:00
James Bardin da1c45b566 Merge pull request #15412 from hashicorp/jbardin/windows-delete-workspace
Unlock state before workspace deletion
2017-06-27 17:47:34 -04:00
James Bardin 1c78dfb286 Unlock state before workspace deletion
We need to release the lock just before deleting the state, in case the backend
can't remove the resource while holding the lock. This is currently true for
Windows local files.

TODO: While there is little safety in locking while deleting the state, it
might be nice to be able to coordinate processes around state deletion, i.e. in
a CI environment. Adding Delete() as a required method of States would allow
the removal of the resource to be delegated from the Backend to the State
itself.
2017-06-27 14:31:08 -04:00
David Glasser 14af879fe0 command: also print plan for destroy 2017-06-27 11:22:31 -07:00
David Glasser 039d36bf91 command: add "apply -auto-approve=false" flag
A common reason to want to use `terraform plan` is to have a chance to
review and confirm a plan before running it.  If in fact that is the
only reason you are running plan, this new `terraform apply -auto-approve=false`
flag provides an easier alternative to

    P=$(mktemp -t plan)
    terraform refresh
    terraform plan -refresh=false -out=$P
    terraform apply $P
    rm $P

The flag defaults to true for now, but in a future version of Terraform it will
default to false.
2017-06-27 11:22:26 -07:00
James Bardin 22074f1029 Merge pull request #15408 from hashicorp/jbardin/import-plugin-dir
Make sure import uses complete plugin path
2017-06-27 13:07:47 -04:00
Patrick Aikens 7775ef809b Display correct to and from backends in copy message when migrating to new remote state (#15318) 2017-06-27 19:05:45 +03:00
James Bardin 85b9069eb7 test import with -plugin-dir
The import command wasn't loading the full plugin path for discovery.
Run a basic plugin init sequence, and verify we can find a plugin (even
though the plugin is invalid and will fail).
2017-06-27 11:07:45 -04:00
James Bardin 0cbd51c365 find -plugin-dir during import
The import command wasn't loading the plugin path at all, relying on the
local directory for binaries.

Load the plugin dir into Meta, and pass in ForceLocal for consistency.
The Backend returned was going to be a Local anyway, so the added check
wasn't ensuring anything.
2017-06-26 18:28:45 -04:00
Martin Atkins 3df164502a command: don't prompt for state migration if TF_INPUT is set
The "confirm" method was directly checking the meta struct's input field,
but that only represents the -input command line flag, and doesn't
respect the TF_INPUT environment variable.

By calling the Input method instead, we check both.

This fixes #15338.
2017-06-26 11:22:29 -07:00
James Bardin 833cc9a6c5 Fix state mv/rm -backup documentation
There is only one backup made, contrary to the help text. We may want to
implement that, but the documentation should match the current behavior.
2017-06-23 14:46:09 -04:00
James Bardin 6e7baaaeff don't load the backend when -state is provided
When using a `state` command, if the `-state` flag is provided we do not
want to modify the Backend state. In this case we should always create a
local state instance.

The backup flag was also being ignored, and some tests were relying on
that, which have been fixed.
2017-06-23 14:41:49 -04:00
James Bardin 5f939b42fe test that `state mv -state` doesn't use Backend
If we provide a -state flag to a state command, we do not want terraform
to modify the backend state. This test fails since the state specified
in the backend doesn't exist
2017-06-23 14:39:37 -04:00
James Bardin 4893fcc24f improve plugin error formatting
Remove "checksum" from the error, and only indicate that the plugin has
changed.

Always show requested versions even if it's "any", and found versions of
plugins.
2017-06-22 15:31:36 -04:00
James Bardin 103ab20b00 add required and found versions to error output
Provide the user with feedback showing the version requirements and the
versions found when there's is a plugin error
2017-06-22 14:20:50 -04:00
James Bardin 7a955f990c make display plugin checksum error to user
The error follows a generic message, so can be ignored by users who may
not understand the implications.
2017-06-22 13:38:55 -04:00
Martin Atkins 0dc6d97a37 command/format: minor adjustments to plan rendering
This change makes various minor adjustments to the rendering of plans
in the output of "terraform plan":

- Resources are identified using the standard resource address syntax,
  rather than exposing the legacy internal representation used in the
  module diff resource keys. This fixes #8713.

- Subjectively, having square brackets in the addresses made it look more
  visually "off" when the same name but with different indices were
  shown together with differing-length "symbols", so the symbols are now
  all padded and right-aligned to three characters for consistent layout
  across all operations.

- The -/+ action is now more visually distinct, using several different
  colors to help communicate what it will do and including a more obvious
  "(new resource required)" marker to help draw attention to this not
  being just an update diff. This fixes #15350.

- The resources are now sorted in a manner that sorts index [10] after
  index [9], rather than after index [1] as we did before. This makes it
  easier to scan the list and avoids the common confusion where it seems
  that there are only 10 items when in fact there are 11-20 items with
  all the tens hiding further up in the list.
2017-06-22 07:03:23 -07:00
Martin Atkins 40e2fbb8e9 command: init to allow plugin init without backend init
Previously init would crash if given these options:
    -backend=false -get-plugins=true

This is because the state is used as a source of provider dependency
information, and we need to instantiate the backend to get the state.

To avoid the crash, we now use the following adjusted behavior:

- if -backend=true, we behave as before

- if -backend=false, we instead try to instantiate the backend the same
  way any other command would, without modifying its configuration

- if we're able to instantiate the backend, we use it to fetch state
  for dependency resolution purposes

- if the backend is not instantiable then we assume it's not yet
  configured and proceed with a nil state, which may cause us to see an
  incomplete picture of the dependencies but still allows the install
  to succeed. Subsequently running "terraform plan" will not work until
  the backend is (re-)initialized, so the incomplete picture of required
  plugins is safe.
2017-06-21 11:43:28 -07:00
Martin Atkins 3dc7d618f7 command: avoid empty string constraints in plugin install errors
This takes care of a few dangling cases where we were still stringifying
empty version constraints, which creates confusing error messages due to
it stringing as the empty string.

For the "no suitable versions available" message, we fall back on the
"provider not found" message if no versions were found even though it's
unconstrained. This should only happen in an edge case where the
provider's index page exists on the releases server but no versions are
yet present.

For the message about plugin protocol versions, this again is an edge
case since with no constraints this should happen only if we release
an incompatible Terraform version but don't release a new version of the
plugin that's compatible. In this case we just show the constraint as
"(any version)" to make sure we always show _something_.
2017-06-21 09:18:17 -07:00
James Bardin c10f5caf05 Merge pull request #15345 from hashicorp/jbardin/plugin-sig
verify automatically downloaded plugins
2017-06-20 17:05:54 -04:00
Martin Atkins 9c2fe3456b command: purge unused plugins as a side effect of plugin installation
Previously we only did this when _upgrading_, but that's unnecessarily
specific and confusing since e.g. plugins can get upgraded implicitly by
constraint changes, which would not then trigger the purge process.

Instead, we'll assume that the user is able to easily re-download plugins
that were purged here, or if they need more specific guarantees they will
manage manually a plugin directory and disable the auto-install behavior
using `-plugin-dir`.
2017-06-20 13:40:03 -07:00
Martin Atkins d48dcbb4a5 command: more-helpful error messages from plugin installation
Now we are able to recognize and handle a few special error situations
from plugin installation with more verbose error messages that give the
user better feedback on how to proceed.
2017-06-20 13:39:45 -07:00
James Bardin 0a47228065 add -verify-plugins flag to init
This provides the user with the option to disable plugin signature
verification.
2017-06-20 13:14:31 -04:00
James Bardin 6728c48d8c fix whitespace around backend init success message
make it better match the surrounding messages.
2017-06-19 12:08:42 -04:00
James Bardin da385c4268 Don't show plugin init message if there are none
Skip the message and plugin initialization if there are none in the
config.
2017-06-19 12:08:42 -04:00
James Bardin 2e57d284cb Merge pull request #15323 from hashicorp/jbardin/constraint-suggestion
remove "~> 0.0" constraint suggestions
2017-06-16 18:20:24 -04:00
James Bardin ec99b6910b remove "~> 0.0" constraint suggestions
Don't suggest constraints when the available plugin isn't versioned.

Add zero version const for comparisons.
2017-06-16 16:25:36 -04:00
James Bardin 270eedd4b8 always pass in the full plugin path to dicovery
Discovery no longer tries to walk into OS_ARCH dirs, so always pass in
the full search path.
2017-06-16 14:09:47 -04:00
James Bardin be2069ac81 add -plugin-dir option
The -plugin-dir option lets the user specify custom search paths for
plugins. This overrides all other plugin search paths, and prevents the
auto-installation of plugins.

We also make sure that the availability of plugins is always checked
during init, even if -get-plugins=false or -plugin-dir is set.
2017-06-15 15:23:16 -04:00
James Bardin 000e860706 Add plugin dir scaffolding
add pluginDir to command.Meta, the flag to initialize it, and the
methods to save and restore it.
2017-06-15 14:26:12 -04:00
James Bardin f723270e3e search the vendor directory for plugins
The default location for users to manually add plugins will be
./terraform.d/plugins/
2017-06-15 10:12:00 -04:00
James Bardin 4f5e92e4c0 reverse init test to check for dataDir in PWD
init should always write intternal data to the current directory, even
when a path is provided. The inherited behavior no longer applies to the
new use of init.
2017-06-14 15:22:30 -04:00
James Bardin 55bf19e548 always write to dataDir in the current directory
Now that init can take a directory for configuration, the old behavior
of writing the .terraform data directory into the target path no longer
makes sense. Don't change the dataDir field during init, and write to
the default location.

Clean up all references to Meta.dataDir, and only use the getter method
in case we chose to dynamically override this at some point.
2017-06-14 15:14:26 -04:00
Martin Atkins 6979a07754 command: init -upgrade for provider plugins
Now when -upgrade is provided to "terraform init" (and plugin installation
isn't disabled) it will:

- ignore the contents of the auto-install plugin directory when deciding
  what is "available", thus causing anything there to be reinstalled,
  possibly at a newer version.
- if installation completes successfully, purge from the auto-install
  plugin directory any plugin-looking files that aren't in the set of
  chosen plugins.

As before, plugins outside of the auto-install directory are able to
take precedence over the auto-install ones, and these will never be
upgraded nor purged.

The thinking here is that the auto-install directory is an implementation
detail directly managed by Terraform, and so it's Terraform's
responsibility to automatically keep it clean as plugins are upgraded.

We don't yet have the -plugin-dir option implemented, but once it is it
should circumvent all of this behavior and just expect providers to be
already available in the given directory, meaning that nothing will be
auto-installed, -upgraded or -purged.
2017-06-13 12:28:07 -07:00
Martin Atkins f753974bb3 plugin/discovery: Installer interface, and provider implementation
Previously we had a "getProvider" function type used to implement plugin
fetching. Here we replace that with an interface type, initially with
just a "Get" function.

For now this just simplifies the interface by allowing the target
directory and protocol version to be members of the struct rather than
passed as arguments.

A later change will extend this interface to also include a method to
purge unused plugins, so that upgrading frequently doesn't leave behind
a trail of unused executable files.
2017-06-13 12:28:07 -07:00
Gavin Williams 5834333ea3 command: terraform get -upgrade
As of this commit this just upgrades modules, but this option will also
later upgrade plugins and indeed anything else that's being downloaded and
installed as part of the init.
2017-06-13 12:28:07 -07:00
James Bardin be900e8085 Merge pull request #15258 from hashicorp/jbardin/remove-providers
Remove providers from core
2017-06-12 14:13:11 -04:00
James Bardin cbbbcea4b9 stop err scanner goroutines between tests 2017-06-12 13:52:30 -04:00
James Bardin 77a32f3df0 remove "core" distinction
Since there is little left that isn't core, remove the distinction for
now to reduce confusion, since a "core" binary will mostly work except
for provisioners.
2017-06-12 13:43:54 -04:00
James Bardin 7e7f53954d remove internal provider test from command pkg 2017-06-12 13:43:52 -04:00
James Bardin 81ac0ed204 re-generate plugin list 2017-06-12 13:42:07 -04:00
Radek Simko 4e85f552e7 Merge pull request #15246 from hashicorp/b-fix-cmd-provider-crash
command/providers: Avoid crash when no configs found
2017-06-12 15:48:55 +01:00