Commit Graph

23505 Commits

Author SHA1 Message Date
Martin Atkins 0b2cc6298b plans/objchange: Fix panic in AssertObjectCompatible with set blocks
Our usual "ground rules" for mapping configschema to cty call for the
collection values representing nested block types to always be known and
non-null, using an empty collection to represent the absense of any blocks
of that type so that users can always safely use length(...) etc on them
without worrying about them sometimes being null.

However, due to some different behaviors in the legacy SDK we've allowed
it an exception to this rule which means that we can see unknown and null
collections in these positions in object values returned from provider
operations like PlanResourceChange and ApplyResourceChange when the legacy
SDK opt-out is activated.

As a consequence of this, we need to be mindful in our safety check
functions, like AssertObjectCompatible here, of tolerating these non-ideal
situations to allow the safety checks to complete. We run these checks
even when the provider requests an opt-out, because we want to note any
inconsistencies as WARNING level log lines to aid in debugging.
2019-02-14 10:04:51 -08:00
Brian Flad 58eba8fe9a
Merge pull request #20339 from hashicorp/td-UnsafeSetFieldRaw-deprecation
helper/schema: Add deprecation to ResourceData.UnsafeSetFieldRaw
2019-02-14 12:51:21 -05:00
Martin Atkins bfbce53911 vendor: go get github.com/hashicorp/hcl2@master
This includes a fix to properly report the position of an errant block
inside a block processed as JustAttributes, which fixes #20248.
2019-02-14 09:49:37 -08:00
Brian Flad 3d908f56aa
helper/schema: Add deprecation to ResourceData.UnsafeSetFieldRaw
This functionality is no longer supported in Terraform 0.12 and above.
2019-02-13 22:12:10 -05:00
James Bardin f9b62cb5fe
Merge pull request #20335 from hashicorp/jbardin/diff-apply
Diff apply needs to check for both types of containers keys
2019-02-13 19:33:34 -05:00
Martin Atkins b4d9f63622 website: Forward-port docs on file-hashing functions from 0.11 branch 2019-02-13 16:10:14 -08:00
James Bardin c34c37fbd5 missed .% suffixes in diff.Apply
Diff.Apply checks for unneeded container count diffs, but was missing
the check for maps.

Add an early return for planning a destroy.
2019-02-13 19:09:46 -05:00
James Bardin 931f459336 add a trouble test schema from the aws provider 2019-02-13 19:09:46 -05:00
Martin Atkins fedbd6c3b8 helper/plugin: fix panic with empty objects in normalizeNullValues
cty.Value.AsValueMap can return nil if called on an empty map or object.
The logic above was dealing with that case for maps, but object types
were falling through into this codepath and panicking when trying to
assign a new key into the nil dstMap.

This also includes a bonus fix where we were calling ty.ElementType in
a switch case that accepts object types. Object types don't have a single
element type, so we can't call ElementType on those (that also panics)
but we _can_ use the type of the value we selected from src to construct
our placeholder null value.
2019-02-13 15:56:12 -08:00
Radek Simko 8f3ee1800d
Merge pull request #20316 from hashicorp/vendor-go-tfe-bump
vendor: github.com/hashicorp/go-tfe@v0.3.8
2019-02-13 09:06:22 +00:00
Martin Atkins 12a6d22589 core: Better handle providers failing updates with no new value
A provider may react to a create or update failing by returning error
diagnostics and a partially-updated or nil new value, in which case we
do not expect our AssertObjectCompatible consistency check to succeed: the
provider is just assumed to be doing the best it can to preserve whatever
partial outcome it was able to achieve.

However, if errors are accompanied with a nil new value after an update,
we'll assume that the provider is telling us it wasn't able to get far
enough to make any change at all, and so we'll retain the prior value in
state. This ensures that a provider can't cause an object to be forgotten
from the state just because an update failed.
2019-02-12 18:13:14 -08:00
James Bardin 303e5cc82e
Merge pull request #20319 from hashicorp/jbardin/go-plugin
update go-plugin
2019-02-12 20:59:31 -05:00
James Bardin cf7a6b7bb8 update go-plugin
This unfortunately breaks alpha comaptibility at this point, due to
changes in the grpc paths.
2019-02-12 18:28:34 -05:00
Radek Simko 5a20e1ab94
Merge pull request #20243 from hashicorp/v0.12-upgrade-guide-remote-state
docs/upgrade-guide: Document changes in remote state referencing
2019-02-12 22:16:41 +00:00
James Bardin b758628e51
Merge pull request #20308 from hashicorp/jbardin/requires-replace
Requires replace should not error on missing index steps
2019-02-12 15:08:38 -05:00
Radek Simko e2df4c435f
Merge pull request #20287 from hashicorp/vendor-aws-bump
vendor: github.com/terraform-providers/terraform-provider-aws@v1.58.0
2019-02-12 20:07:39 +00:00
Kristin Laemmert f783ed0d45
command/jsonconfig: display module variables in config output (#20311)
* command/jsonconfig: display module variables in config output

The tests have been updated to reflect this change.

* command/jsonconfig: properly handle variables with nil defaults
2019-02-12 12:03:07 -08:00
Radek Simko 916310e601
vendor: github.com/hashicorp/go-tfe@v0.3.8 2019-02-12 19:54:56 +00:00
James Bardin c6daf9fb24 don't error on all invalid RequiresReplace paths
RequiresReplace paths with IndexSteps that have been added or removed
may fail to apply against one of the two state values. Only error out if
the path cannot be applied to both values.
2019-02-12 14:43:41 -05:00
Chris Griggs 2ad995a859
Merge pull request #20312 from cgriggs01/cgriggs01-community4
[Website] Adding Community Providers
2019-02-12 10:19:02 -08:00
Martin Atkins eb1346447f
Merge #20282: Enforce expected behaviors for provider PlanResourceChange
An exception remains for the legacy SDK, which does not meet all of these requirements.
2019-02-12 09:19:05 -08:00
James Bardin f932e11a50 create a test that removes a RequiresReplace path
One of the paths that triggers RequiresReplace does not apply to the
new value.
2019-02-12 11:48:36 -05:00
Radek Simko a486cd838e
vendor: github.com/terraform-providers/terraform-provider-aws@v1.58.0 2019-02-12 16:32:22 +00:00
Radek Simko c2032d8fcf
Merge pull request #20290 from hashicorp/vendor-hil-bump
vendor: github.com/hashicorp/hil@latest
2019-02-12 16:31:36 +00:00
Radek Simko f137b32140
vendor: github.com/hashicorp/hil@latest 2019-02-12 15:56:22 +00:00
Radek Simko fe7e7afd53
Merge pull request #20302 from hashicorp/vendor-bump-deps
vendor: Bump more dependencies to go-mod-aware versions
2019-02-12 15:54:47 +00:00
Radek Simko 14246bdfe9
vendor: go get github.com/mitchellh/copystructure@v1.0.0 2019-02-12 12:06:10 +00:00
Radek Simko 12ac212611
vendor: github.com/mitchellh/hashstructure v1.0.0 2019-02-12 11:44:28 +00:00
Radek Simko e0841f73b3
vendor: github.com/hashicorp/logutils@v1.0.0 2019-02-12 10:25:04 +00:00
Radek Simko d69e96544d
vendor: github.com/blang/semver@v3.5.1 2019-02-12 10:22:28 +00:00
Radek Simko 8e2f2d0b0f
vendor: github.com/apparentlymart/go-cidr@v1.0.0 2019-02-12 09:32:10 +00:00
Radek Simko ed15deb380
go mod tidy 2019-02-12 09:29:35 +00:00
Chris Doherty 135d05dd62
Merge pull request #20299 from hashicorp/cd/add-backend-codeowners
First pass at adding CODEOWNERS for remote-state backends.
2019-02-11 18:53:33 -08:00
Martin Atkins 0b7179c363 command: Apply tests with realistic mock providers
Now that we're actually verifying correct behavior of providers during
plan and apply, our mock providers need to behave like real providers,
properly propagating any configured values through the plan and into the
final state.

For most of these it was simpler to just switch over to using the newer
PlanResourceChangeFn mock interface, away from the legacy DiffFn approach,
because then we can just return the ProposedNewState verbatim because our
schema for these tests does not require any default values to be
populated.
2019-02-11 17:46:55 -08:00
James Bardin fbde1b20f0
Merge pull request #20300 from hashicorp/jbardin/empty-string
allow implicit empty strings in lists
2019-02-11 20:30:28 -05:00
Martin Atkins f4e6431da2 core: Ensure context tests comply with plan/apply safety checks
Prior to Terraform 0.12 there were certain behaviors we expected from
providers that were actually just details of the SDK and not part of the
enforced contract.

For 0.12 we're now codifying some of these behaviors explicitly via safety
checks in core, thus ensuring that all future providers will behave in a
consistent way that users can rely on.

Unfortunately, due to the hand-written nature of the mock provider
implementations we use in tests, they have been getting away with some
unusual behaviors that don't match our usual expectations, and our safety
checks now detect those as incorrect behaviors.

To address this, we make the minimal changes to each test to ensure that
its mock provider behaves in a consistent way, which requires that values
set in config be represented correctly in the plan and ultimately saved
in the new state, without any changes along the way. In particular, the
common testDiffFn implementation has historically used a number of special
hidden attributes to trigger special behaviors, and our new rules require
that these special settings propagate properly through the plan and into
the state.
2019-02-11 17:26:50 -08:00
Martin Atkins e831182c8d plans/objchange: Hide sensitive attribute values in error messages
Since these error messages get printed in Terraform's output and we
encourage users to share them as part of bug reports, we should avoid
including sensitive information in them to reduce the risk of accidental
exposure.
2019-02-11 17:26:50 -08:00
Martin Atkins 31299e688d core: Allow legacy SDK to opt out of plan-time safety checks
Due to the inprecision of our shimming from the legacy SDK type system to
the new Terraform Core type system, the legacy SDK produces a number of
inconsistencies that produce only minor quirky behavior or broken
edge-cases. To retain compatibility with those existing weird behaviors,
the legacy SDK opts out of our safety checks.

The intent here is to allow existing providers to continue to do their
previous unsafe behaviors for now, accepting that this will allow certain
quirky bugs from previous releases to persist, and then gradually migrate
away from the legacy SDK and remove this opt-out on a per-resource basis
over time.

As with the apply-time safety check opt-out, this is reserved only for
the legacy SDK and must not be used in any new SDK implementations. We
still include any inconsistencies as warnings in the logs as an aid to
anyone debugging weird behavior, so that they can see situations where
blame may be misplaced in the user-visible error messages.
2019-02-11 17:26:49 -08:00
Martin Atkins 5649ae6abf core: Improve warnings for legacy SDK apply-time inconsistencies
We've allowed the legacy SDK an opt-out from the post-apply safety checks,
but previously we produced only a generic warning message in that case.
Now instead we'll still run the safety checks, but report the results in
the logs instead of as error diagnostics.

This should allow developers who are debugging strange interactions
between buggy legacy providers to get better insight into what's going
on upstream in order to help explain what's going on when these problems
inevitably get caught by other downstream safety checks when trying to
make use of these invalid results.
2019-02-11 17:26:49 -08:00
Martin Atkins 419f5e58cd core: Enforce the validity of planned new objects
We've been gradually adding safety checks of this sort throughout the
lifecycle to help ensure that buggy providers can't introduce
hard-to-diagnose downstream failures and misbehavior. This completes the
set by verifying during plan time that the provider has produced a plan
that actually achieves the goals defined in the configuration.

In particular, this catches the situation where a provider may incorrectly
override a value explicitly set in configuration, which avoids creating
confusion by betraying the reasonable user expectation that referencing an
explicitly-defined attribute will produce exactly the value shown in
configuration.
2019-02-11 17:26:49 -08:00
cgriggs01 1565abfcaa add four community providers 2019-02-11 17:25:30 -08:00
James Bardin 1ca7531cc7 allow implicit empty strings in lists
The helper/schema handling of lists loses empty string values, but
retains the correct count. Only re-count the values if the count is
missing entirely, and allow our shims to re-populate the zero values.
2019-02-11 19:24:14 -05:00
Chris Doherty 9cfb8797ae First pass at adding CODEOWNERS to link remote-state backends with maintainers of the associated providers. 2019-02-11 15:52:19 -08:00
James Bardin 3cecacb660
Merge pull request #20292 from hashicorp/jbardin/sdk
allow 0 and unset to be equal in count tests
2019-02-11 17:01:57 -05:00
James Bardin d871ce63fc
Merge pull request #20295 from hashicorp/jbardin/apply-error
process state even after provider.Apply errors
2019-02-11 16:51:06 -05:00
Kristin Laemmert f2f35265bc
command/show: json output enhancements (#20291)
* command/jsonplan: 
- add variables to plan output
- print known planned values for resources

Previously, resource attribute values were only displayed if the values
were wholly known. Now we will filter the unknown values out of the
change and print the known values.

* command/jsonstate: added depends_on and tainted fields
* command/show: update tests to reflect added fields
2019-02-11 13:17:03 -08:00
James Bardin 1bfc27817e process state even after provider.Apply errors
Terraform core expects a sane state even when the provider returns an
error. Make sure at the prior state is always the default value to
return, and then alway attempt to process any state returned by
provider.Apply.
2019-02-11 15:41:07 -05:00
James Bardin c02f1d7256 allow 0 and unset to be equal in count tests
This was changed in the single attribute test cases, but the AttrPair
test is used a lot for data source. As far as tests are concerned, 0 and
unset should be treated equally for flatmapped collections.
2019-02-11 11:35:19 -05:00
Martin Atkins fec6e0328d plans/objchange: AssertPlanValid function
Completing our set of provider result safety-check functions,
AssertPlanValid checks a result from a provider's PlanResourceChange to
make sure it doesn't propose a change that is not valid within the user
model of Terraform.

Specifically, it forbids the provider from planning a value that
contradicts what the user gave in configuration, which is important to
ensure that making a reference to an attribute elsewhere in the
configuration will produce exactly the given result, as users reasonably
expect.

Providers _are_ allowed (and, in fact, required) to make changes to
any Computed attribute values declared in the schema in order to fill in
the default values that the provider has generated. Later checks during
the apply phase will ensure that the provider remains true to these
planned values, to ensure that Terraform can keep its promise of doing
exactly what was planned or presenting an error explaining why not.
2019-02-08 19:47:02 -08:00
Kristin Laemmert 5f8916b4fd
configs/configupgrade: do not panic on HEREDOCs. (#20281)
Previously, configupgrade would panic if it encountered a HEREDOC. For
the time being, we will simply print out the HEREDOC as-is.

Unfortunately, we discovered that terraform 0.11's version of HCL
allowed for HEREDOCs with the termination delimiter inline (instead of
on a newline, which is technically correct). Since 0.12configupgrade
needs to be bug-compatible with terraform 0.11, we must roll back to the
same version of HCL used in terraform 0.11.
2019-02-08 15:51:53 -08:00