Adds the `TF_SKIP_REMOTE_TESTS` env var to be used in cases where the
`http.Get()` smoke test passes but the network is not able to service
the needs of the tests.
Fixes#4421
The retryablehttp package implements basic retries w/ exponential
backoff, which helps the remote state push recover in cases of
connectivity blips or transient errors.
Atlas returns an HTTP 409 - Conflict if the pushed state reports the same
Serial number but the checksum of the raw content differs. This can
sometimes happen when Terraform changes state representation internally
between versions in a way that's semantically neutral but affects the JSON
output and therefore the checksum.
Here we detect and handle this situation by ticking the serial and retrying
iff for the previous state and the proposed state:
* the serials match
* the parsed states are Equal (semantically equivalent)
In other words, in this situation Terraform can override Atlas's detected
conflict by asserting that the state it is pushing is indeed correct.
The state is always JSON, in spite of the fact that this interface
presents it as an opaque byte array. It's more helpful to those interacting
with the state object outside of Terraform for it to have a more specific
content-type.
This change allows the user to specify `-backend-config="encrypt=1"`
to tell S3 to encrypt the data that's in the bucket when using S3
for remote config storage.
The encryption uses "Amazon S3-managed encryption keys" so it should
not require any further user intervention.
A line was added to the unit test just for coverage.
The acceptance test was modified to:
a) Use encryption
b) Push some test data up to the bucket created to ensure
that Amazon accepts the header.
/cc @LeftyBC - Hope this helps! Some basic point:
* Idiomatic Go is to use thisCasingStyle and not this_casing_style
* Less repetitive to just create an http.Client once and re-use, also
more flexible for later.
* The empty `if ok {}` was kind of awkward, replace with proper check
Rework devcamcar's OpenStack Swift remote [pull
request](https://github.com/hashicorp/terraform/pull/942) to work with
Terraform's new `state/remote` and Gophercloud's current implementation.
`Get()` changed up a bit from devcamcar's version (using different
Gopercloud functionality resulted in less fussing around to figure out
the error case).
Otherwise this is a transliteration/remix of his ideas.
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:
3c259c9586
Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
Sending state over a cleartext protocol is bad in untrusted networks.
Expose `-backend-config="scheme=https"` and wire it through to the
Consul client.
Paul Hinze