Commit Graph

20280 Commits

Author SHA1 Message Date
James Bardin b14677bd9a look for new error output 2017-06-22 15:37:32 -04:00
James Bardin 4893fcc24f improve plugin error formatting
Remove "checksum" from the error, and only indicate that the plugin has
changed.

Always show requested versions even if it's "any", and found versions of
plugins.
2017-06-22 15:31:36 -04:00
James Bardin ac937a890d improve plugin reinit error text 2017-06-22 15:11:37 -04:00
James Bardin 103ab20b00 add required and found versions to error output
Provide the user with feedback showing the version requirements and the
versions found when there's is a plugin error
2017-06-22 14:20:50 -04:00
James Bardin 7a955f990c make display plugin checksum error to user
The error follows a generic message, so can be ignored by users who may
not understand the implications.
2017-06-22 13:38:55 -04:00
Alex Rowley db40dc06ab
Add configurable workspace prefix for S3 Backend
Fixes #13184
2017-06-22 18:24:10 +01:00
James Bardin 5be15ed77c have the local backend provide a plugin init msg
During plan and apply, because the provider constraints need to be built
from a plan, they are not checked until the terraform.Context is
created. Since the context is always requested by the backend during the
Operation, the backend needs to be responsible for generating contextual
error messages for the user.

Instead of formatting the ResolveProviders errors during NewContext,
return a special error type, ResourceProviderError to signal that
init will be required. The backend can then extract and format the
errors.
2017-06-22 13:15:30 -04:00
Alex Rowley 2f4e9a6797 Remove core-dev from README
$ make core-dev
make: *** No rule to make target `core-dev'.  Stop.

This was removed in #15258
2017-06-22 08:10:54 -07:00
Rob Phoenix de2927d0b4 core: fix some typos in comments 2017-06-22 07:09:07 -07:00
Martin Atkins 83622cf19b Update CHANGELOG.md 2017-06-22 07:04:50 -07:00
Martin Atkins 0dc6d97a37 command/format: minor adjustments to plan rendering
This change makes various minor adjustments to the rendering of plans
in the output of "terraform plan":

- Resources are identified using the standard resource address syntax,
  rather than exposing the legacy internal representation used in the
  module diff resource keys. This fixes #8713.

- Subjectively, having square brackets in the addresses made it look more
  visually "off" when the same name but with different indices were
  shown together with differing-length "symbols", so the symbols are now
  all padded and right-aligned to three characters for consistent layout
  across all operations.

- The -/+ action is now more visually distinct, using several different
  colors to help communicate what it will do and including a more obvious
  "(new resource required)" marker to help draw attention to this not
  being just an update diff. This fixes #15350.

- The resources are now sorted in a manner that sorts index [10] after
  index [9], rather than after index [1] as we did before. This makes it
  easier to scan the list and avoids the common confusion where it seems
  that there are only 10 items when in fact there are 11-20 items with
  all the tens hiding further up in the list.
2017-06-22 07:03:23 -07:00
Martin Atkins 53c0ff4017 core: ParseResourceAddressForInstanceDiff function
This is a specialized thin wrapper around parseResourceAddressInternal
that can be used to obtain a ResourceAddress from the keys in
ModuleDiff.Resources.

This is not something we'd ideally expose, but since the internal address
format is already exposed in the ModuleDiff object this ends up being
necessary to process the ModuleDiff from other packages, e.g. for
display in the UI.
2017-06-22 07:03:23 -07:00
Martin Atkins 482c1f1ea5 core: ResourceAddress.Less for sorting resource addresses
Lexicographic sorting by the string form produces the wrong result because
[9] sorts after [10], so this custom comparison function takes that into
account and compares each portion separately to get a more intuitive
result.
2017-06-22 07:03:23 -07:00
Chris Marchesi 0e3aedcea3 core: Remove ResourceRefreshPlannableTransformer
This transformer is no longer needed, as we are not transforming
scale-out resource nodes into plannable nodes anymore, but rather just
taking a different eval sequence for resource refresh nodes with no
state.
2017-06-22 04:14:35 -07:00
Chris Marchesi 01e3386e13 core: Add resource count scale-out EvalTree test
This test ensures that the right EvalSequence gets set for a refresh
node with no state. This will ultimately assert that nodes on scale out
will not go down the regular refresh path, which would result in an
error due to the nil state - instead, we stub this node so that we get a
diff on it that can be used to effect computed/unknown values on
interpolations that may depend on this node.
2017-06-22 03:44:16 -07:00
Chris Marchesi 42ebbc6e0e core: ScaleIn should have been ScaleOut
We are actually acting on/fixing the scale-out here (ie: new child node
from count with no state), not scale-in.
2017-06-22 03:43:05 -07:00
James Bardin 2051b286e0 Merge pull request #15360 from hashicorp/jbardin/get-provider-err
make sure we error out on plugin checksum signature mismatch
2017-06-21 16:30:18 -04:00
James Bardin e059eb80d1 add test for signature mismatch 2017-06-21 16:17:34 -04:00
Martin Atkins 40e2fbb8e9 command: init to allow plugin init without backend init
Previously init would crash if given these options:
    -backend=false -get-plugins=true

This is because the state is used as a source of provider dependency
information, and we need to instantiate the backend to get the state.

To avoid the crash, we now use the following adjusted behavior:

- if -backend=true, we behave as before

- if -backend=false, we instead try to instantiate the backend the same
  way any other command would, without modifying its configuration

- if we're able to instantiate the backend, we use it to fetch state
  for dependency resolution purposes

- if the backend is not instantiable then we assume it's not yet
  configured and proceed with a nil state, which may cause us to see an
  incomplete picture of the dependencies but still allows the install
  to succeed. Subsequently running "terraform plan" will not work until
  the backend is (re-)initialized, so the incomplete picture of required
  plugins is safe.
2017-06-21 11:43:28 -07:00
James Bardin 2cca6f10fa return sig error when fetching a plugin
A signature error was being ignored while fetching a plugin
2017-06-21 12:57:53 -04:00
Chris Marchesi f249386c8a core: Test to ensure PostDiff is ignoring stubs
Added a test that shows that PostDiff is ignoring diffs where the Stub
attribute is set.
2017-06-21 09:39:52 -07:00
Martin Atkins 3dc7d618f7 command: avoid empty string constraints in plugin install errors
This takes care of a few dangling cases where we were still stringifying
empty version constraints, which creates confusing error messages due to
it stringing as the empty string.

For the "no suitable versions available" message, we fall back on the
"provider not found" message if no versions were found even though it's
unconstrained. This should only happen in an edge case where the
provider's index page exists on the releases server but no versions are
yet present.

For the message about plugin protocol versions, this again is an edge
case since with no constraints this should happen only if we release
an incompatible Terraform version but don't release a new version of the
plugin that's compatible. In this case we just show the constraint as
"(any version)" to make sure we always show _something_.
2017-06-21 09:18:17 -07:00
Chris Marchesi 565790d8da core: Fix scale-out refresh graph test
Since the transformer that changed stateless nodes in refresh to
NodePlannableResourceInstance is not being used anymore, this test
needed to be adjusted to ensure that the right output was expected.
2017-06-21 09:15:50 -07:00
Chris Marchesi 45528b2217 core: Instance/EvalDiff.Quiet -> Stub
Changed the language of this field to indicate that this diff is not a
"real" diff, in that it should not be acted on, versus a "quiet" mode,
which would indicate just simply to act silently.
2017-06-21 09:15:08 -07:00
Andreas Würl aa130b070a allow metrics collection (#15352) 2017-06-21 16:58:55 +03:00
James Bardin c10f5caf05 Merge pull request #15345 from hashicorp/jbardin/plugin-sig
verify automatically downloaded plugins
2017-06-20 17:05:54 -04:00
Martin Atkins 9c2fe3456b command: purge unused plugins as a side effect of plugin installation
Previously we only did this when _upgrading_, but that's unnecessarily
specific and confusing since e.g. plugins can get upgraded implicitly by
constraint changes, which would not then trigger the purge process.

Instead, we'll assume that the user is able to easily re-download plugins
that were purged here, or if they need more specific guarantees they will
manage manually a plugin directory and disable the auto-install behavior
using `-plugin-dir`.
2017-06-20 13:40:03 -07:00
Martin Atkins d48dcbb4a5 command: more-helpful error messages from plugin installation
Now we are able to recognize and handle a few special error situations
from plugin installation with more verbose error messages that give the
user better feedback on how to proceed.
2017-06-20 13:39:45 -07:00
Martin Atkins af2111f24e plugin/discovery: sentinel error values for Get errors
Some errors from Get are essentially user error, so we want to be able to
recognize them and give the user good feedback on how to proceed.

Although sentinel values are not an ideal solution to this, it's something
reasonably simple we can do to get this done without lots of refactoring.
2017-06-20 13:39:45 -07:00
James Bardin 5328c6a551 udpate revision for all x/crypto packages
Make sure the entrie tree is uniform
2017-06-20 13:14:31 -04:00
James Bardin 91e65066d8 vendor golang.org/x/crypto/openpgp 2017-06-20 13:14:31 -04:00
James Bardin 020959546e add init -verify-plugin to website docs 2017-06-20 13:14:31 -04:00
James Bardin 0a47228065 add -verify-plugins flag to init
This provides the user with the option to disable plugin signature
verification.
2017-06-20 13:14:31 -04:00
James Bardin 13d835f996 test signature verification
use a published provider's checksum file and signature to check the
verification.
2017-06-20 13:14:30 -04:00
James Bardin 415d562d36 add signature verification
Fetch the SHA256SUMS file and verify it's signature before downloading
any plugins.

This embeds the hashicorp public key in the binary. If the publickey is
replaced, new releases will need to be cut anyway. A
--verify-plugin=false flag will be added to skip signature verification
in these cases.
2017-06-20 13:14:30 -04:00
Chris Marchesi eef933f2a7 core: Don't count scaled-out resources twice in the UI
This fixes a bug with the new refresh graph behaviour where a resource
was being counted twice in the UI on part of being scaled out:

 * We are no longer transforming refresh nodes without state to
   plannable resources (the transformer will be removed shortly)
 * A Quiet flag has been added to EvalDiff and InstanceDiff - this
   allows for the flagging of a diff that should not be treated as real
   diff for purposes of planning
 * When there is no state for a refresh node now, a new path is taken
   that is similar to plan, but flags Quiet, and does nothing with the
   diff afterwards.

Tests pending - light testing has confirmed this should fix the double
count issue, but we should have some tests to actually confirm the bug.
2017-06-20 07:37:32 -07:00
James Bardin afe891a80e Merge pull request #15335 from hashicorp/jbardin/ux-no-plugins
ux with no plugins
2017-06-19 13:00:06 -04:00
James Bardin 6728c48d8c fix whitespace around backend init success message
make it better match the surrounding messages.
2017-06-19 12:08:42 -04:00
James Bardin da385c4268 Don't show plugin init message if there are none
Skip the message and plugin initialization if there are none in the
config.
2017-06-19 12:08:42 -04:00
Martin Atkins 63d4c0efe1 website: guide to running Terraform in automation
This guide covers assorted best practices and caveats for running
Terraform within orchestration tools and other automation. It provides
general examples and guidance, with the intent that this advice can be
adapted by the reader to a concrete implementation within a selected
orchestration tool.

This guide is based both on our in-house experience with Terraform
Enterprise and on in-house solutions we are aware of in certain
organizations.
2017-06-16 18:04:21 -07:00
Martin Atkins 13807950d3 Update CHANGELOG.md 2017-06-16 16:41:43 -07:00
Martin Atkins a8c58b081c core: -target option to also select resources in descendant modules
Previously the behavior for -target when given a module address was to
target only resources directly within that module, ignoring any resources
defined in child modules.

This behavior turned out to be counter-intuitive, since users expected
the -target address to be interpreted hierarchically.

We'll now use the new "Contains" function for addresses, which provides
a hierarchical "containment" concept that is more consistent with user
expectations. In particular, it allows module.foo to match
module.foo.module.bar.aws_instance.baz, where before that would not have
been true.

Since Contains isn't commutative (unlike Equals) this requires some
special handling for targeting specific indices. When given an argument
like -target=aws_instance.foo[0], the initial graph construction (for
both plan and refresh) is for the resource nodes from configuration, which
have not yet been expanded to separate indexed instances. Thus we need
to do the first pass of TargetsTransformer in mode where indices are
ignored, with the work then completed by the DynamicExpand method which
re-applies the TargetsTransformer in index-sensitive mode.

This is a breaking change for anyone depending on the previous behavior
of -target, since it will now select more resources than before. There is
no way provided to obtain the previous behavior. Eventually we may support
negative targeting, which could then combine with positive targets to
regain the previous behavior as an explicit choice.
2017-06-16 16:36:08 -07:00
Martin Atkins d3eb2b2d28 core: ResourceAddress.Contains method
This is similar in purpose to Equals but it takes a hierarchical approach
where modules contain their child modules, resources are contained by
their modules, and indexed resource instances are contained by their
resource names.

Unlike "Equals", Contains is intended to be transitive, so if A contains B
and B contains C, then C necessarily contains A. It is also directional:
if A contains B then B does not also contain A unless A and B are
identical. This results in more intuitive behavior for use-cases where
the goal is to select a portion of the address space for an operation.
2017-06-16 16:36:08 -07:00
James Bardin 9777174be1 Merge pull request #15325 from hashicorp/jbardin/init-docs
update init docs
2017-06-16 18:35:03 -04:00
James Bardin 71b67b9338 make BC note in CHANGELOG 2017-06-16 18:31:52 -04:00
James Bardin 4bbabb3df0 update init website docs 2017-06-16 18:31:51 -04:00
James Bardin 2e57d284cb Merge pull request #15323 from hashicorp/jbardin/constraint-suggestion
remove "~> 0.0" constraint suggestions
2017-06-16 18:20:24 -04:00
Martin Atkins 790c973320 Update CHANGELOG.md 2017-06-16 15:14:18 -07:00
Martin Atkins 96d08e8aac vendor: go fetch github.com/apparentlymart/go-cidr/cidr
This is to get an upstream fix which will in turn address #15321.
2017-06-16 15:13:10 -07:00
Martin Atkins 5963ea6f26 Update CHANGELOG.md 2017-06-16 15:07:01 -07:00