Commit Graph

29083 Commits

Author SHA1 Message Date
James Bardin ef3c98466d
Merge pull request #29755 from hashicorp/jbardin/first-plan-lineage
Check for stale plan with no state metadata
2021-10-14 13:31:30 -04:00
dependabot[bot] 8946d7ff20 build(deps): bump github.com/golang/protobuf from 1.5.0 to 1.5.2
Bumps [github.com/golang/protobuf](https://github.com/golang/protobuf) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/golang/protobuf/releases)
- [Commits](https://github.com/golang/protobuf/compare/v1.5.0...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/golang/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-13 18:12:51 -07:00
Martin Atkins 88bddd7143 go.mod: go get go get golang.org/x/tools@v0.1.7
This also transitively upgrades golang.org/x/sys and golang.org/x/net,
but there do not seem to be any significant changes compared to the
commits we were previously using.
2021-10-13 17:37:37 -07:00
James Bardin 9c80574417 test planfile may need to have a specific lineage
In order to test applying a plan from an existing state, we need to be
able to inject the state meta into the planfile.
2021-10-13 17:28:14 -04:00
James Bardin 5ffa0839f9 only check serial when applying the first plan
Ensure that we still check for a stale plan even when it was created
with no previous state.

Create separate errors for incorrect lineage vs incorrect serial.

To prevent confusion when applying a first plan multiple times, only
report it as a stale plan rather than different lineage.
2021-10-13 17:17:51 -04:00
Martin Atkins c76f54781a
Update CHANGELOG.md 2021-10-13 13:56:47 -07:00
Martin Atkins bee7403f3e command/workspace_delete: Allow deleting a workspace with empty husks
Previously we would reject attempts to delete a workspace if its state
contained any resources at all, even if none of the resources had any
resource instance objects associated with it.

Nowadays there isn't any situation where the normal Terraform workflow
will leave behind resource husks, and so this isn't as problematic as it
might've been in the v0.12 era, but nonetheless what we actually care
about for this check is whether there might be any remote objects that
this state is tracking, and for that it's more precise to look for
non-nil resource instance objects, rather than whole resources.

This also includes some adjustments to our error messaging to give more
information about the problem and to use terminology more consistent with
how we currently talk about this situation in our documentation and
elsewhere in the UI.

We were also using the old State.HasResources method as part of some of
our tests. I considered preserving it to avoid changing the behavior of
those tests, but the new check seemed close enough to the intent of those
tests that it wasn't worth maintaining this method that wouldn't be used
in any main code anymore. I've therefore updated those tests to use
the new HasResourceInstanceObjects method instead.
2021-10-13 13:54:11 -07:00
megan07 968f422681
Merge pull request #29753 from hashicorp/megan_update_msg
update error message for invalid json
2021-10-13 14:04:24 -05:00
Megan Bang 9b9b26a3cd update error message for invalid json 2021-10-13 13:51:07 -05:00
Martin Atkins 765bff1dd5
Update CHANGELOG.md 2021-10-13 10:53:27 -07:00
dependabot[bot] b0d10c9857 build(deps): bump github.com/xanzy/ssh-agent from 0.2.1 to 0.3.1
Bumps [github.com/xanzy/ssh-agent](https://github.com/xanzy/ssh-agent) from 0.2.1 to 0.3.1.
- [Release notes](https://github.com/xanzy/ssh-agent/releases)
- [Commits](https://github.com/xanzy/ssh-agent/compare/v0.2.1...v0.3.1)

---
updated-dependencies:
- dependency-name: github.com/xanzy/ssh-agent
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-13 10:43:46 -07:00
James Bardin 87e852c832
Merge pull request #29741 from hashicorp/jbardin/test-fix
fix test fixture with multiple provider instances
2021-10-13 09:53:02 -04:00
James Bardin 73b1263a86 wrap multiple provider creations into a factory fn
When a test uses multiple instances of the same provider, we may need to
have separate objects to prevent overwriting of the MockProvider state.
Create a completely new MockProvider in each factory function call
rather than re-using the original provider value.
2021-10-12 17:47:50 -04:00
Martin Atkins 965c0f3f91 build: Run staticcheck with "go run"
Running the tool this way ensures that we'll always run the version
selected by our go.mod file, rather than whatever happened to be available
in $GOPATH/bin on the system where we're running this.

This change caused some contexts to now be using a newer version of
staticcheck with additional checks, and so this commit also includes some
changes to quiet the new warnings without any change in overall behavior.
2021-10-12 11:42:17 -07:00
Martin Atkins d76759a6a9 configs/configload: snapshotDir must be used via pointer
A snapshotDir tracks its current position as part of its state, so we need
to use it via pointer rather than value so that Readdirnames can actually
update that position, or else we'll just get stuck at position zero.

In practice this wasn't hurting anything because we only call Readdir once
on our snapshots, to read the whole directory at once. Still nice to fix
to avoid a gotcha for future maintenence, though.
2021-10-12 11:42:17 -07:00
James Bardin 903ae5edfd fix test fixtures with multiple providers
Allow these to share the same backing MockProvider.
2021-10-12 14:34:34 -04:00
James Bardin e804fce63a
Merge pull request #29740 from hashicorp/jbardin/test-fix
fix test fixture had the instance in the wrong mod
2021-10-12 14:03:33 -04:00
James Bardin 656f03b250 fix test fixture had the instance in the wrong mod
Make the state match the fixture config. The old test was not
technically invalid, but because it caused multiple instances of the
provider to be created, they were backed by the same MockProvider value
resulting in the `*Called` fields interfering.
2021-10-12 13:53:02 -04:00
dependabot[bot] 051629d74a build(deps): bump github.com/agext/levenshtein from 1.2.2 to 1.2.3
Bumps [github.com/agext/levenshtein](https://github.com/agext/levenshtein) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/agext/levenshtein/releases)
- [Commits](https://github.com/agext/levenshtein/compare/v1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: github.com/agext/levenshtein
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 10:44:05 -07:00
Martin Atkins 02ca4e970c go.mod: replace github.com/dgrijalva/jwt-go with .../golang-jwt/jwt
CVE-2020-26160 is a high-severity advisory reported against this module.

The dgrijalva package is no longer maintained but our legacy etcv2 backend
depends on it indirectly, via go.etcd.io/etcd/client. The golang-jwt
package is the blessed successor of the original, and has a v3 line which
is compatible with the v3 line of dgrijalva, and so through this replace
we can get a fix for the advisory without other significant behavior
change.

We've preserved the etcdv2 backend as-is on a best-effort basis in order
to support anyone who is already using it, but recommend that users switch
to etcdv3 or to some other backend for ongoing use.

We also have future plans to make state storage be a matter for provider
plugins rather than built in to Terraform CLI, at which point this backend
will either become obsolete or be factored out into its own plugin, at
which point we can remove this "replace" directive and the associated
dependency altogether.
2021-10-12 10:35:07 -07:00
dependabot[bot] 2fd5ca3767 build(deps): bump honnef.co/go/tools from 0.0.1-2020.1.4 to 0.3.0-0.dev
Bumps [honnef.co/go/tools](https://github.com/dominikh/go-tools) from 0.0.1-2020.1.4 to 0.3.0-0.dev.
- [Release notes](https://github.com/dominikh/go-tools/releases)
- [Commits](https://github.com/dominikh/go-tools/compare/v0.0.1-2020.1.4...v0.3.0-0.dev)

---
updated-dependencies:
- dependency-name: honnef.co/go/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 10:34:27 -07:00
Martin Atkins 55f0d06314 go.mod: go get github.com/lib/pq@v1.10.3
This is just a routine upgrade to the latest v1 release.
2021-10-12 10:32:38 -07:00
dependabot[bot] eec4a838e0 Bump github.com/mitchellh/copystructure from 1.0.0 to 1.2.0
Bumps [github.com/mitchellh/copystructure](https://github.com/mitchellh/copystructure) from 1.0.0 to 1.2.0.
- [Release notes](https://github.com/mitchellh/copystructure/releases)
- [Commits](https://github.com/mitchellh/copystructure/compare/v1.0.0...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/mitchellh/copystructure
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 10:11:55 -07:00
dependabot[bot] 2dd15caf87 Bump github.com/hashicorp/go-plugin from 1.4.1 to 1.4.3
Bumps [github.com/hashicorp/go-plugin](https://github.com/hashicorp/go-plugin) from 1.4.1 to 1.4.3.
- [Release notes](https://github.com/hashicorp/go-plugin/releases)
- [Commits](https://github.com/hashicorp/go-plugin/compare/v1.4.1...v1.4.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 10:10:49 -07:00
James Bardin ef8f1b3e38
Merge pull request #29734 from hashicorp/jbardin/missing-change
Check for nil change during apply
2021-10-12 12:22:51 -04:00
James Bardin 69787e7f67
Merge pull request #29431 from hashicorp/dependabot/go_modules/google.golang.org/protobuf-1.27.1
Bump google.golang.org/protobuf from 1.25.0 to 1.27.1
2021-10-12 08:44:34 -04:00
Martin Atkins 2e6b6e9a6b go.mod: go get google.golang.org/protobuf@v1.27.1 2021-10-11 16:37:39 -07:00
James Bardin 3f4b680f1c Check for nil change during apply
Because NodeAbstractResourceInstance.readDiff can return a nil change,
we must check for that in all callers.
2021-10-08 16:46:29 -04:00
James Bardin 3c942ee3ac
Merge pull request #29720 from hashicorp/jbardin/destroy-plan-deposed
don't refresh deposed instances during the destroy plan
2021-10-08 16:23:59 -04:00
James Bardin fc980887fe
Merge pull request #29721 from hashicorp/jbardin/go-version
Update go1.17.2
2021-10-08 16:23:30 -04:00
James Bardin 94ed6a0c84 update the go.mod format for go1.17.2 2021-10-08 15:54:13 -04:00
James Bardin 4c2dbec5b1 update to go1.17.2 2021-10-08 15:54:02 -04:00
James Bardin 05954a328d udpate CI go version
Since we have to specify the minor release for `.go-version`, make sure
the CI version doesn't automatically udpate.
2021-10-08 15:53:08 -04:00
James Bardin a036109bc1 add comment about when we call ConfigureProvider 2021-10-08 15:23:36 -04:00
megan07 71cbb2a81a
Merge pull request #29719 from hashicorp/megan_invalid_creds
add better error if credentials are invalid
2021-10-08 10:26:53 -05:00
megan07 7dda3366a6
Update internal/backend/remote-state/gcs/backend.go
Co-authored-by: appilon <apilon@hashicorp.com>
2021-10-08 10:02:05 -05:00
James Bardin 03f71c2f06 fixup tests for MockProvider changes
Resetting the *Called fields and enforcing configuration broke a few
tests.
2021-10-08 08:42:06 -04:00
Megan Bang 81201d69a3 check valid json 2021-10-07 16:33:21 -05:00
Megan Bang 348c761bea add better error if credentials are invalid 2021-10-07 16:28:47 -05:00
James Bardin 22b400b8de skip refreshing deposed during destroy plan
The destroy plan should not require a configured provider (the complete
configuration is not evaluated, so they cannot be configured).

Deposed instances were being refreshed during the destroy plan, because
this instance type is only ever destroyed and shares the same
implementation between plan and walkPlanDestroy. Skip refreshing during
walkPlanDestroy.
2021-10-07 16:51:48 -04:00
James Bardin ad9944e523 test that providers are configured for calls
Have the MockProvider ensure that Configure is always called before any
methods that may require a configured provider.

Ensure the MockProvider *Called fields are zeroed out when re-using the
provider instance.
2021-10-07 16:48:56 -04:00
hc-github-team-tf-core d05fa3049e Cleanup after v1.1.0-alpha20211006 release 2021-10-06 16:52:28 +00:00
hc-github-team-tf-core db1a97f9af
Release v1.1.0-alpha20211006 2021-10-06 16:36:49 +00:00
Alisdair McDiarmid 09edbba81f
Merge pull request #29550 from hashicorp/alisdair/json-format-version-1.0
json-output: Release format version 1.0
2021-10-06 11:20:46 -04:00
Alisdair McDiarmid b9f3dab035 json-output: Release format version 1.0 2021-10-06 11:13:06 -04:00
Omar Ismail bea7e3ebce
Backend State Migration: change variable names from one/two to source/destination (#29699) 2021-10-05 16:36:50 -04:00
Jeff Escalante 44764ffdee
fix broken logo in readme (#29705) 2021-10-05 16:31:02 -04:00
Martin Atkins 01b22f4b76 command/e2etest: TestProviderTampering
We have various mechanisms that aim to ensure that the installed provider
plugins are consistent with the lock file and that the lock file is
consistent with the provider requirements, and we do have existing unit
tests for them, but all of those cases mock our fake out at least part of
the process and in the past that's caused us to miss usability
regressions, where we still catch the error but do so at the wrong layer
and thus generate error message lacking useful additional context.

Here we'll add some new end-to-end tests to supplement the existing unit
tests, making sure things work as expected when we assemble the system
together as we would in a release. These tests cover a number of different
ways in which the plugin selections can grow inconsistent.

These new tests all run only when we're in a context where we're allowed
to access the network, because they exercise the real plugin installer
codepath. We could technically build this to use a local filesystem mirror
or other such override to avoid that, but the point here is to make sure
we see the expected behavior in the main case, and so it's worth the
small additional cost of downloading the null provider from the real
registry.
2021-10-05 10:59:59 -07:00
Martin Atkins d09510a8fb command: Early error message for missing cache entries of locked providers
In the original incarnation of Meta.providerFactories we were returning
into a Meta.contextOpts whose signature didn't allow it to return an
error directly, and so we had compromised by making the provider factory
functions themselves return errors once called.

Subsequent work made Meta.contextOpts need to return an error anyway, but
at the time we neglected to update our handling of the providerFactories
result, having it still defer the error handling until we finally
instantiate a provider.

Although that did ultimately get the expected result anyway, the error
ended up being reported from deep in the guts of a Terraform Core graph
walk, in whichever concurrently-visited graph node happened to try to
instantiate the plugin first. This meant that the exact phrasing of the
error message would vary between runs and the reporting codepath didn't
have enough context to given an actionable suggestion on how to proceed.

In this commit we make Meta.contextOpts pass through directly any error
that Meta.providerFactories produces, and then make Meta.providerFactories
produce a special error type so that Meta.Backend can ultimately return
a user-friendly diagnostic message containing a specific suggestion to
run "terraform init", along with a short explanation of what a provider
plugin is.

The reliance here on an implied contract between two functions that are
not directly connected in the callstack is non-ideal, and so hopefully
we'll revisit this further in future work on the overall architecture of
the CLI layer. To try to make this robust in the meantime though, I wrote
it to use the errors.As function to potentially unwrap a wrapped version
of our special error type, in case one of the intervening layers is
changed at some point to wrap the downstream error before returning it.
2021-10-05 10:59:59 -07:00
James Bardin aece887a85
Merge pull request #29701 from hashicorp/jbardin/proposed-new-null-objs
objchange: fix ProposedNew from null objects
2021-10-05 13:09:49 -04:00