1855 lines
50 KiB
Go
1855 lines
50 KiB
Go
// schema is a high-level framework for easily writing new providers
|
|
// for Terraform. Usage of schema is recommended over attempting to write
|
|
// to the low-level plugin interfaces manually.
|
|
//
|
|
// schema breaks down provider creation into simple CRUD operations for
|
|
// resources. The logic of diffing, destroying before creating, updating
|
|
// or creating, etc. is all handled by the framework. The plugin author
|
|
// only needs to implement a configuration schema and the CRUD operations and
|
|
// everything else is meant to just work.
|
|
//
|
|
// A good starting point is to view the Provider structure.
|
|
package schema
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"reflect"
|
|
"regexp"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
|
|
"github.com/hashicorp/terraform/config/hcl2shim"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
"github.com/mitchellh/copystructure"
|
|
"github.com/mitchellh/mapstructure"
|
|
)
|
|
|
|
// Name of ENV variable which (if not empty) prefers panic over error
|
|
const PanicOnErr = "TF_SCHEMA_PANIC_ON_ERROR"
|
|
|
|
// type used for schema package context keys
|
|
type contextKey string
|
|
|
|
var (
|
|
protoVersionMu sync.Mutex
|
|
protoVersion5 = false
|
|
)
|
|
|
|
func isProto5() bool {
|
|
protoVersionMu.Lock()
|
|
defer protoVersionMu.Unlock()
|
|
return protoVersion5
|
|
|
|
}
|
|
|
|
// SetProto5 enables a feature flag for any internal changes required required
|
|
// to work with the new plugin protocol. This should not be called by
|
|
// provider.
|
|
func SetProto5() {
|
|
protoVersionMu.Lock()
|
|
defer protoVersionMu.Unlock()
|
|
protoVersion5 = true
|
|
}
|
|
|
|
// Schema is used to describe the structure of a value.
|
|
//
|
|
// Read the documentation of the struct elements for important details.
|
|
type Schema struct {
|
|
// Type is the type of the value and must be one of the ValueType values.
|
|
//
|
|
// This type not only determines what type is expected/valid in configuring
|
|
// this value, but also what type is returned when ResourceData.Get is
|
|
// called. The types returned by Get are:
|
|
//
|
|
// TypeBool - bool
|
|
// TypeInt - int
|
|
// TypeFloat - float64
|
|
// TypeString - string
|
|
// TypeList - []interface{}
|
|
// TypeMap - map[string]interface{}
|
|
// TypeSet - *schema.Set
|
|
//
|
|
Type ValueType
|
|
|
|
// ConfigMode allows for overriding the default behaviors for mapping
|
|
// schema entries onto configuration constructs.
|
|
//
|
|
// By default, the Elem field is used to choose whether a particular
|
|
// schema is represented in configuration as an attribute or as a nested
|
|
// block; if Elem is a *schema.Resource then it's a block and it's an
|
|
// attribute otherwise.
|
|
//
|
|
// If Elem is *schema.Resource then setting ConfigMode to
|
|
// SchemaConfigModeAttr will force it to be represented in configuration
|
|
// as an attribute, which means that the Computed flag can be used to
|
|
// provide default elements when the argument isn't set at all, while still
|
|
// allowing the user to force zero elements by explicitly assigning an
|
|
// empty list.
|
|
//
|
|
// When Computed is set without Optional, the attribute is not settable
|
|
// in configuration at all and so SchemaConfigModeAttr is the automatic
|
|
// behavior, and SchemaConfigModeBlock is not permitted.
|
|
ConfigMode SchemaConfigMode
|
|
|
|
// If one of these is set, then this item can come from the configuration.
|
|
// Both cannot be set. If Optional is set, the value is optional. If
|
|
// Required is set, the value is required.
|
|
//
|
|
// One of these must be set if the value is not computed. That is:
|
|
// value either comes from the config, is computed, or is both.
|
|
Optional bool
|
|
Required bool
|
|
|
|
// If this is non-nil, the provided function will be used during diff
|
|
// of this field. If this is nil, a default diff for the type of the
|
|
// schema will be used.
|
|
//
|
|
// This allows comparison based on something other than primitive, list
|
|
// or map equality - for example SSH public keys may be considered
|
|
// equivalent regardless of trailing whitespace.
|
|
DiffSuppressFunc SchemaDiffSuppressFunc
|
|
|
|
// If this is non-nil, then this will be a default value that is used
|
|
// when this item is not set in the configuration.
|
|
//
|
|
// DefaultFunc can be specified to compute a dynamic default.
|
|
// Only one of Default or DefaultFunc can be set. If DefaultFunc is
|
|
// used then its return value should be stable to avoid generating
|
|
// confusing/perpetual diffs.
|
|
//
|
|
// Changing either Default or the return value of DefaultFunc can be
|
|
// a breaking change, especially if the attribute in question has
|
|
// ForceNew set. If a default needs to change to align with changing
|
|
// assumptions in an upstream API then it may be necessary to also use
|
|
// the MigrateState function on the resource to change the state to match,
|
|
// or have the Read function adjust the state value to align with the
|
|
// new default.
|
|
//
|
|
// If Required is true above, then Default cannot be set. DefaultFunc
|
|
// can be set with Required. If the DefaultFunc returns nil, then there
|
|
// will be no default and the user will be asked to fill it in.
|
|
//
|
|
// If either of these is set, then the user won't be asked for input
|
|
// for this key if the default is not nil.
|
|
Default interface{}
|
|
DefaultFunc SchemaDefaultFunc
|
|
|
|
// Description is used as the description for docs or asking for user
|
|
// input. It should be relatively short (a few sentences max) and should
|
|
// be formatted to fit a CLI.
|
|
Description string
|
|
|
|
// InputDefault is the default value to use for when inputs are requested.
|
|
// This differs from Default in that if Default is set, no input is
|
|
// asked for. If Input is asked, this will be the default value offered.
|
|
InputDefault string
|
|
|
|
// The fields below relate to diffs.
|
|
//
|
|
// If Computed is true, then the result of this value is computed
|
|
// (unless specified by config) on creation.
|
|
//
|
|
// If ForceNew is true, then a change in this resource necessitates
|
|
// the creation of a new resource.
|
|
//
|
|
// StateFunc is a function called to change the value of this before
|
|
// storing it in the state (and likewise before comparing for diffs).
|
|
// The use for this is for example with large strings, you may want
|
|
// to simply store the hash of it.
|
|
Computed bool
|
|
ForceNew bool
|
|
StateFunc SchemaStateFunc
|
|
|
|
// The following fields are only set for a TypeList, TypeSet, or TypeMap.
|
|
//
|
|
// Elem represents the element type. For a TypeMap, it must be a *Schema
|
|
// with a Type that is one of the primitives: TypeString, TypeBool,
|
|
// TypeInt, or TypeFloat. Otherwise it may be either a *Schema or a
|
|
// *Resource. If it is *Schema, the element type is just a simple value.
|
|
// If it is *Resource, the element type is a complex structure,
|
|
// potentially with its own lifecycle.
|
|
Elem interface{}
|
|
|
|
// The following fields are only set for a TypeList or TypeSet.
|
|
//
|
|
// MaxItems defines a maximum amount of items that can exist within a
|
|
// TypeSet or TypeList. Specific use cases would be if a TypeSet is being
|
|
// used to wrap a complex structure, however more than one instance would
|
|
// cause instability.
|
|
//
|
|
// MinItems defines a minimum amount of items that can exist within a
|
|
// TypeSet or TypeList. Specific use cases would be if a TypeSet is being
|
|
// used to wrap a complex structure, however less than one instance would
|
|
// cause instability.
|
|
//
|
|
// If the field Optional is set to true then MinItems is ignored and thus
|
|
// effectively zero.
|
|
MaxItems int
|
|
MinItems int
|
|
|
|
// PromoteSingle originally allowed for a single element to be assigned
|
|
// where a primitive list was expected, but this no longer works from
|
|
// Terraform v0.12 onwards (Terraform Core will require a list to be set
|
|
// regardless of what this is set to) and so only applies to Terraform v0.11
|
|
// and earlier, and so should be used only to retain this functionality
|
|
// for those still using v0.11 with a provider that formerly used this.
|
|
PromoteSingle bool
|
|
|
|
// The following fields are only valid for a TypeSet type.
|
|
//
|
|
// Set defines a function to determine the unique ID of an item so that
|
|
// a proper set can be built.
|
|
Set SchemaSetFunc
|
|
|
|
// ComputedWhen is a set of queries on the configuration. Whenever any
|
|
// of these things is changed, it will require a recompute (this requires
|
|
// that Computed is set to true).
|
|
//
|
|
// NOTE: This currently does not work.
|
|
ComputedWhen []string
|
|
|
|
// ConflictsWith is a set of schema keys that conflict with this schema.
|
|
// This will only check that they're set in the _config_. This will not
|
|
// raise an error for a malfunctioning resource that sets a conflicting
|
|
// key.
|
|
ConflictsWith []string
|
|
|
|
// When Deprecated is set, this attribute is deprecated.
|
|
//
|
|
// A deprecated field still works, but will probably stop working in near
|
|
// future. This string is the message shown to the user with instructions on
|
|
// how to address the deprecation.
|
|
Deprecated string
|
|
|
|
// When Removed is set, this attribute has been removed from the schema
|
|
//
|
|
// Removed attributes can be left in the Schema to generate informative error
|
|
// messages for the user when they show up in resource configurations.
|
|
// This string is the message shown to the user with instructions on
|
|
// what do to about the removed attribute.
|
|
Removed string
|
|
|
|
// ValidateFunc allows individual fields to define arbitrary validation
|
|
// logic. It is yielded the provided config value as an interface{} that is
|
|
// guaranteed to be of the proper Schema type, and it can yield warnings or
|
|
// errors based on inspection of that value.
|
|
//
|
|
// ValidateFunc is honored only when the schema's Type is set to TypeInt,
|
|
// TypeFloat, TypeString, TypeBool, or TypeMap. It is ignored for all other types.
|
|
ValidateFunc SchemaValidateFunc
|
|
|
|
// Sensitive ensures that the attribute's value does not get displayed in
|
|
// logs or regular output. It should be used for passwords or other
|
|
// secret fields. Future versions of Terraform may encrypt these
|
|
// values.
|
|
Sensitive bool
|
|
}
|
|
|
|
// SchemaConfigMode is used to influence how a schema item is mapped into a
|
|
// corresponding configuration construct, using the ConfigMode field of
|
|
// Schema.
|
|
type SchemaConfigMode int
|
|
|
|
const (
|
|
SchemaConfigModeAuto SchemaConfigMode = iota
|
|
SchemaConfigModeAttr
|
|
SchemaConfigModeBlock
|
|
)
|
|
|
|
// SchemaDiffSuppressFunc is a function which can be used to determine
|
|
// whether a detected diff on a schema element is "valid" or not, and
|
|
// suppress it from the plan if necessary.
|
|
//
|
|
// Return true if the diff should be suppressed, false to retain it.
|
|
type SchemaDiffSuppressFunc func(k, old, new string, d *ResourceData) bool
|
|
|
|
// SchemaDefaultFunc is a function called to return a default value for
|
|
// a field.
|
|
type SchemaDefaultFunc func() (interface{}, error)
|
|
|
|
// EnvDefaultFunc is a helper function that returns the value of the
|
|
// given environment variable, if one exists, or the default value
|
|
// otherwise.
|
|
func EnvDefaultFunc(k string, dv interface{}) SchemaDefaultFunc {
|
|
return func() (interface{}, error) {
|
|
if v := os.Getenv(k); v != "" {
|
|
return v, nil
|
|
}
|
|
|
|
return dv, nil
|
|
}
|
|
}
|
|
|
|
// MultiEnvDefaultFunc is a helper function that returns the value of the first
|
|
// environment variable in the given list that returns a non-empty value. If
|
|
// none of the environment variables return a value, the default value is
|
|
// returned.
|
|
func MultiEnvDefaultFunc(ks []string, dv interface{}) SchemaDefaultFunc {
|
|
return func() (interface{}, error) {
|
|
for _, k := range ks {
|
|
if v := os.Getenv(k); v != "" {
|
|
return v, nil
|
|
}
|
|
}
|
|
return dv, nil
|
|
}
|
|
}
|
|
|
|
// SchemaSetFunc is a function that must return a unique ID for the given
|
|
// element. This unique ID is used to store the element in a hash.
|
|
type SchemaSetFunc func(interface{}) int
|
|
|
|
// SchemaStateFunc is a function used to convert some type to a string
|
|
// to be stored in the state.
|
|
type SchemaStateFunc func(interface{}) string
|
|
|
|
// SchemaValidateFunc is a function used to validate a single field in the
|
|
// schema.
|
|
type SchemaValidateFunc func(interface{}, string) ([]string, []error)
|
|
|
|
func (s *Schema) GoString() string {
|
|
return fmt.Sprintf("*%#v", *s)
|
|
}
|
|
|
|
// Returns a default value for this schema by either reading Default or
|
|
// evaluating DefaultFunc. If neither of these are defined, returns nil.
|
|
func (s *Schema) DefaultValue() (interface{}, error) {
|
|
if s.Default != nil {
|
|
return s.Default, nil
|
|
}
|
|
|
|
if s.DefaultFunc != nil {
|
|
defaultValue, err := s.DefaultFunc()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error loading default: %s", err)
|
|
}
|
|
return defaultValue, nil
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
// Returns a zero value for the schema.
|
|
func (s *Schema) ZeroValue() interface{} {
|
|
// If it's a set then we'll do a bit of extra work to provide the
|
|
// right hashing function in our empty value.
|
|
if s.Type == TypeSet {
|
|
setFunc := s.Set
|
|
if setFunc == nil {
|
|
// Default set function uses the schema to hash the whole value
|
|
elem := s.Elem
|
|
switch t := elem.(type) {
|
|
case *Schema:
|
|
setFunc = HashSchema(t)
|
|
case *Resource:
|
|
setFunc = HashResource(t)
|
|
default:
|
|
panic("invalid set element type")
|
|
}
|
|
}
|
|
return &Set{F: setFunc}
|
|
} else {
|
|
return s.Type.Zero()
|
|
}
|
|
}
|
|
|
|
func (s *Schema) finalizeDiff(d *terraform.ResourceAttrDiff, customized bool) *terraform.ResourceAttrDiff {
|
|
if d == nil {
|
|
return d
|
|
}
|
|
|
|
if s.Type == TypeBool {
|
|
normalizeBoolString := func(s string) string {
|
|
switch s {
|
|
case "0":
|
|
return "false"
|
|
case "1":
|
|
return "true"
|
|
}
|
|
return s
|
|
}
|
|
d.Old = normalizeBoolString(d.Old)
|
|
d.New = normalizeBoolString(d.New)
|
|
}
|
|
|
|
if s.Computed && !d.NewRemoved && d.New == "" {
|
|
// Computed attribute without a new value set
|
|
d.NewComputed = true
|
|
}
|
|
|
|
if s.ForceNew {
|
|
// ForceNew, mark that this field is requiring new under the
|
|
// following conditions, explained below:
|
|
//
|
|
// * Old != New - There is a change in value. This field
|
|
// is therefore causing a new resource.
|
|
//
|
|
// * NewComputed - This field is being computed, hence a
|
|
// potential change in value, mark as causing a new resource.
|
|
d.RequiresNew = d.Old != d.New || d.NewComputed
|
|
}
|
|
|
|
if d.NewRemoved {
|
|
return d
|
|
}
|
|
|
|
if s.Computed {
|
|
// FIXME: This is where the customized bool from getChange finally
|
|
// comes into play. It allows the previously incorrect behavior
|
|
// of an empty string being used as "unset" when the value is
|
|
// computed. This should be removed once we can properly
|
|
// represent an unset/nil value from the configuration.
|
|
if !customized {
|
|
if d.Old != "" && d.New == "" {
|
|
// This is a computed value with an old value set already,
|
|
// just let it go.
|
|
return nil
|
|
}
|
|
}
|
|
|
|
if d.New == "" && !d.NewComputed {
|
|
// Computed attribute without a new value set
|
|
d.NewComputed = true
|
|
}
|
|
}
|
|
|
|
if s.Sensitive {
|
|
// Set the Sensitive flag so output is hidden in the UI
|
|
d.Sensitive = true
|
|
}
|
|
|
|
return d
|
|
}
|
|
|
|
// InternalMap is used to aid in the transition to the new schema types and
|
|
// protocol. The name is not meant to convey any usefulness, as this is not to
|
|
// be used directly by any providers.
|
|
type InternalMap = schemaMap
|
|
|
|
// schemaMap is a wrapper that adds nice functions on top of schemas.
|
|
type schemaMap map[string]*Schema
|
|
|
|
func (m schemaMap) panicOnError() bool {
|
|
if os.Getenv(PanicOnErr) != "" {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Data returns a ResourceData for the given schema, state, and diff.
|
|
//
|
|
// The diff is optional.
|
|
func (m schemaMap) Data(
|
|
s *terraform.InstanceState,
|
|
d *terraform.InstanceDiff) (*ResourceData, error) {
|
|
return &ResourceData{
|
|
schema: m,
|
|
state: s,
|
|
diff: d,
|
|
panicOnError: m.panicOnError(),
|
|
}, nil
|
|
}
|
|
|
|
// DeepCopy returns a copy of this schemaMap. The copy can be safely modified
|
|
// without affecting the original.
|
|
func (m *schemaMap) DeepCopy() schemaMap {
|
|
copy, err := copystructure.Config{Lock: true}.Copy(m)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return *copy.(*schemaMap)
|
|
}
|
|
|
|
// Diff returns the diff for a resource given the schema map,
|
|
// state, and configuration.
|
|
func (m schemaMap) Diff(
|
|
s *terraform.InstanceState,
|
|
c *terraform.ResourceConfig,
|
|
customizeDiff CustomizeDiffFunc,
|
|
meta interface{},
|
|
handleRequiresNew bool) (*terraform.InstanceDiff, error) {
|
|
result := new(terraform.InstanceDiff)
|
|
result.Attributes = make(map[string]*terraform.ResourceAttrDiff)
|
|
|
|
// Make sure to mark if the resource is tainted
|
|
if s != nil {
|
|
result.DestroyTainted = s.Tainted
|
|
}
|
|
|
|
d := &ResourceData{
|
|
schema: m,
|
|
state: s,
|
|
config: c,
|
|
panicOnError: m.panicOnError(),
|
|
}
|
|
|
|
for k, schema := range m {
|
|
err := m.diff(k, schema, result, d, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
// Remove any nil diffs just to keep things clean
|
|
for k, v := range result.Attributes {
|
|
if v == nil {
|
|
delete(result.Attributes, k)
|
|
}
|
|
}
|
|
|
|
// If this is a non-destroy diff, call any custom diff logic that has been
|
|
// defined.
|
|
if !result.DestroyTainted && customizeDiff != nil {
|
|
mc := m.DeepCopy()
|
|
rd := newResourceDiff(mc, c, s, result)
|
|
if err := customizeDiff(rd, meta); err != nil {
|
|
return nil, err
|
|
}
|
|
for _, k := range rd.UpdatedKeys() {
|
|
err := m.diff(k, mc[k], result, rd, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
}
|
|
|
|
if handleRequiresNew {
|
|
// If the diff requires a new resource, then we recompute the diff
|
|
// so we have the complete new resource diff, and preserve the
|
|
// RequiresNew fields where necessary so the user knows exactly what
|
|
// caused that.
|
|
if result.RequiresNew() {
|
|
// Create the new diff
|
|
result2 := new(terraform.InstanceDiff)
|
|
result2.Attributes = make(map[string]*terraform.ResourceAttrDiff)
|
|
|
|
// Preserve the DestroyTainted flag
|
|
result2.DestroyTainted = result.DestroyTainted
|
|
|
|
// Reset the data to not contain state. We have to call init()
|
|
// again in order to reset the FieldReaders.
|
|
d.state = nil
|
|
d.init()
|
|
|
|
// Perform the diff again
|
|
for k, schema := range m {
|
|
err := m.diff(k, schema, result2, d, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
// Re-run customization
|
|
if !result2.DestroyTainted && customizeDiff != nil {
|
|
mc := m.DeepCopy()
|
|
rd := newResourceDiff(mc, c, d.state, result2)
|
|
if err := customizeDiff(rd, meta); err != nil {
|
|
return nil, err
|
|
}
|
|
for _, k := range rd.UpdatedKeys() {
|
|
err := m.diff(k, mc[k], result2, rd, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
}
|
|
|
|
// Force all the fields to not force a new since we know what we
|
|
// want to force new.
|
|
for k, attr := range result2.Attributes {
|
|
if attr == nil {
|
|
continue
|
|
}
|
|
|
|
if attr.RequiresNew {
|
|
attr.RequiresNew = false
|
|
}
|
|
|
|
if s != nil {
|
|
attr.Old = s.Attributes[k]
|
|
}
|
|
}
|
|
|
|
// Now copy in all the requires new diffs...
|
|
for k, attr := range result.Attributes {
|
|
if attr == nil {
|
|
continue
|
|
}
|
|
|
|
newAttr, ok := result2.Attributes[k]
|
|
if !ok {
|
|
newAttr = attr
|
|
}
|
|
|
|
if attr.RequiresNew {
|
|
newAttr.RequiresNew = true
|
|
}
|
|
|
|
result2.Attributes[k] = newAttr
|
|
}
|
|
|
|
// And set the diff!
|
|
result = result2
|
|
}
|
|
|
|
}
|
|
|
|
// Go through and detect all of the ComputedWhens now that we've
|
|
// finished the diff.
|
|
// TODO
|
|
|
|
if result.Empty() {
|
|
// If we don't have any diff elements, just return nil
|
|
return nil, nil
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
// Input implements the terraform.ResourceProvider method by asking
|
|
// for input for required configuration keys that don't have a value.
|
|
func (m schemaMap) Input(
|
|
input terraform.UIInput,
|
|
c *terraform.ResourceConfig) (*terraform.ResourceConfig, error) {
|
|
keys := make([]string, 0, len(m))
|
|
for k, _ := range m {
|
|
keys = append(keys, k)
|
|
}
|
|
sort.Strings(keys)
|
|
|
|
for _, k := range keys {
|
|
v := m[k]
|
|
|
|
// Skip things that don't require config, if that is even valid
|
|
// for a provider schema.
|
|
// Required XOR Optional must always be true to validate, so we only
|
|
// need to check one.
|
|
if v.Optional {
|
|
continue
|
|
}
|
|
|
|
// Deprecated fields should never prompt
|
|
if v.Deprecated != "" {
|
|
continue
|
|
}
|
|
|
|
// Skip things that have a value of some sort already
|
|
if _, ok := c.Raw[k]; ok {
|
|
continue
|
|
}
|
|
|
|
// Skip if it has a default value
|
|
defaultValue, err := v.DefaultValue()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("%s: error loading default: %s", k, err)
|
|
}
|
|
if defaultValue != nil {
|
|
continue
|
|
}
|
|
|
|
var value interface{}
|
|
switch v.Type {
|
|
case TypeBool, TypeInt, TypeFloat, TypeSet, TypeList:
|
|
continue
|
|
case TypeString:
|
|
value, err = m.inputString(input, k, v)
|
|
default:
|
|
panic(fmt.Sprintf("Unknown type for input: %#v", v.Type))
|
|
}
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf(
|
|
"%s: %s", k, err)
|
|
}
|
|
|
|
c.Config[k] = value
|
|
}
|
|
|
|
return c, nil
|
|
}
|
|
|
|
// Validate validates the configuration against this schema mapping.
|
|
func (m schemaMap) Validate(c *terraform.ResourceConfig) ([]string, []error) {
|
|
return m.validateObject("", m, c)
|
|
}
|
|
|
|
// InternalValidate validates the format of this schema. This should be called
|
|
// from a unit test (and not in user-path code) to verify that a schema
|
|
// is properly built.
|
|
func (m schemaMap) InternalValidate(topSchemaMap schemaMap) error {
|
|
return m.internalValidate(topSchemaMap, false)
|
|
}
|
|
|
|
func (m schemaMap) internalValidate(topSchemaMap schemaMap, attrsOnly bool) error {
|
|
if topSchemaMap == nil {
|
|
topSchemaMap = m
|
|
}
|
|
for k, v := range m {
|
|
if v.Type == TypeInvalid {
|
|
return fmt.Errorf("%s: Type must be specified", k)
|
|
}
|
|
|
|
if v.Optional && v.Required {
|
|
return fmt.Errorf("%s: Optional or Required must be set, not both", k)
|
|
}
|
|
|
|
if v.Required && v.Computed {
|
|
return fmt.Errorf("%s: Cannot be both Required and Computed", k)
|
|
}
|
|
|
|
if !v.Required && !v.Optional && !v.Computed {
|
|
return fmt.Errorf("%s: One of optional, required, or computed must be set", k)
|
|
}
|
|
|
|
computedOnly := v.Computed && !v.Optional
|
|
|
|
switch v.ConfigMode {
|
|
case SchemaConfigModeBlock:
|
|
if _, ok := v.Elem.(*Resource); !ok {
|
|
return fmt.Errorf("%s: ConfigMode of block is allowed only when Elem is *schema.Resource", k)
|
|
}
|
|
if attrsOnly {
|
|
return fmt.Errorf("%s: ConfigMode of block cannot be used in child of schema with ConfigMode of attribute", k)
|
|
}
|
|
if computedOnly {
|
|
return fmt.Errorf("%s: ConfigMode of block cannot be used for computed schema", k)
|
|
}
|
|
case SchemaConfigModeAttr:
|
|
// anything goes
|
|
case SchemaConfigModeAuto:
|
|
// Since "Auto" for Elem: *Resource would create a nested block,
|
|
// and that's impossible inside an attribute, we require it to be
|
|
// explicitly overridden as mode "Attr" for clarity.
|
|
if _, ok := v.Elem.(*Resource); ok {
|
|
if attrsOnly {
|
|
return fmt.Errorf("%s: in *schema.Resource with ConfigMode of attribute, so must also have ConfigMode of attribute", k)
|
|
}
|
|
}
|
|
default:
|
|
return fmt.Errorf("%s: invalid ConfigMode value", k)
|
|
}
|
|
|
|
if v.Computed && v.Default != nil {
|
|
return fmt.Errorf("%s: Default must be nil if computed", k)
|
|
}
|
|
|
|
if v.Required && v.Default != nil {
|
|
return fmt.Errorf("%s: Default cannot be set with Required", k)
|
|
}
|
|
|
|
if len(v.ComputedWhen) > 0 && !v.Computed {
|
|
return fmt.Errorf("%s: ComputedWhen can only be set with Computed", k)
|
|
}
|
|
|
|
if len(v.ConflictsWith) > 0 && v.Required {
|
|
return fmt.Errorf("%s: ConflictsWith cannot be set with Required", k)
|
|
}
|
|
|
|
if len(v.ConflictsWith) > 0 {
|
|
for _, key := range v.ConflictsWith {
|
|
parts := strings.Split(key, ".")
|
|
sm := topSchemaMap
|
|
var target *Schema
|
|
for _, part := range parts {
|
|
// Skip index fields
|
|
if _, err := strconv.Atoi(part); err == nil {
|
|
continue
|
|
}
|
|
|
|
var ok bool
|
|
if target, ok = sm[part]; !ok {
|
|
return fmt.Errorf("%s: ConflictsWith references unknown attribute (%s)", k, key)
|
|
}
|
|
|
|
if subResource, ok := target.Elem.(*Resource); ok {
|
|
sm = schemaMap(subResource.Schema)
|
|
}
|
|
}
|
|
if target == nil {
|
|
return fmt.Errorf("%s: ConflictsWith cannot find target attribute (%s), sm: %#v", k, key, sm)
|
|
}
|
|
if target.Required {
|
|
return fmt.Errorf("%s: ConflictsWith cannot contain Required attribute (%s)", k, key)
|
|
}
|
|
|
|
if len(target.ComputedWhen) > 0 {
|
|
return fmt.Errorf("%s: ConflictsWith cannot contain Computed(When) attribute (%s)", k, key)
|
|
}
|
|
}
|
|
}
|
|
|
|
if v.Type == TypeList || v.Type == TypeSet {
|
|
if v.Elem == nil {
|
|
return fmt.Errorf("%s: Elem must be set for lists", k)
|
|
}
|
|
|
|
if v.Default != nil {
|
|
return fmt.Errorf("%s: Default is not valid for lists or sets", k)
|
|
}
|
|
|
|
if v.Type != TypeSet && v.Set != nil {
|
|
return fmt.Errorf("%s: Set can only be set for TypeSet", k)
|
|
}
|
|
|
|
switch t := v.Elem.(type) {
|
|
case *Resource:
|
|
attrsOnly := attrsOnly || v.ConfigMode == SchemaConfigModeAttr
|
|
|
|
if err := schemaMap(t.Schema).internalValidate(topSchemaMap, attrsOnly); err != nil {
|
|
return err
|
|
}
|
|
case *Schema:
|
|
bad := t.Computed || t.Optional || t.Required
|
|
if bad {
|
|
return fmt.Errorf(
|
|
"%s: Elem must have only Type set", k)
|
|
}
|
|
}
|
|
} else {
|
|
if v.MaxItems > 0 || v.MinItems > 0 {
|
|
return fmt.Errorf("%s: MaxItems and MinItems are only supported on lists or sets", k)
|
|
}
|
|
}
|
|
|
|
// Computed-only field
|
|
if v.Computed && !v.Optional {
|
|
if v.ValidateFunc != nil {
|
|
return fmt.Errorf("%s: ValidateFunc is for validating user input, "+
|
|
"there's nothing to validate on computed-only field", k)
|
|
}
|
|
if v.DiffSuppressFunc != nil {
|
|
return fmt.Errorf("%s: DiffSuppressFunc is for suppressing differences"+
|
|
" between config and state representation. "+
|
|
"There is no config for computed-only field, nothing to compare.", k)
|
|
}
|
|
}
|
|
|
|
if v.ValidateFunc != nil {
|
|
switch v.Type {
|
|
case TypeList, TypeSet:
|
|
return fmt.Errorf("%s: ValidateFunc is not yet supported on lists or sets.", k)
|
|
}
|
|
}
|
|
|
|
if v.Deprecated == "" && v.Removed == "" {
|
|
if !isValidFieldName(k) {
|
|
return fmt.Errorf("%s: Field name may only contain lowercase alphanumeric characters & underscores.", k)
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func isValidFieldName(name string) bool {
|
|
re := regexp.MustCompile("^[a-z0-9_]+$")
|
|
return re.MatchString(name)
|
|
}
|
|
|
|
// resourceDiffer is an interface that is used by the private diff functions.
|
|
// This helps facilitate diff logic for both ResourceData and ResoureDiff with
|
|
// minimal divergence in code.
|
|
type resourceDiffer interface {
|
|
diffChange(string) (interface{}, interface{}, bool, bool, bool)
|
|
Get(string) interface{}
|
|
GetChange(string) (interface{}, interface{})
|
|
GetOk(string) (interface{}, bool)
|
|
HasChange(string) bool
|
|
Id() string
|
|
}
|
|
|
|
func (m schemaMap) diff(
|
|
k string,
|
|
schema *Schema,
|
|
diff *terraform.InstanceDiff,
|
|
d resourceDiffer,
|
|
all bool) error {
|
|
|
|
unsupressedDiff := new(terraform.InstanceDiff)
|
|
unsupressedDiff.Attributes = make(map[string]*terraform.ResourceAttrDiff)
|
|
|
|
var err error
|
|
switch schema.Type {
|
|
case TypeBool, TypeInt, TypeFloat, TypeString:
|
|
err = m.diffString(k, schema, unsupressedDiff, d, all)
|
|
case TypeList:
|
|
err = m.diffList(k, schema, unsupressedDiff, d, all)
|
|
case TypeMap:
|
|
err = m.diffMap(k, schema, unsupressedDiff, d, all)
|
|
case TypeSet:
|
|
err = m.diffSet(k, schema, unsupressedDiff, d, all)
|
|
default:
|
|
err = fmt.Errorf("%s: unknown type %#v", k, schema.Type)
|
|
}
|
|
|
|
for attrK, attrV := range unsupressedDiff.Attributes {
|
|
switch rd := d.(type) {
|
|
case *ResourceData:
|
|
if schema.DiffSuppressFunc != nil && attrV != nil &&
|
|
schema.DiffSuppressFunc(attrK, attrV.Old, attrV.New, rd) {
|
|
// If this attr diff is suppressed, we may still need it in the
|
|
// overall diff if it's contained within a set. Rather than
|
|
// dropping the diff, make it a NOOP.
|
|
if !all {
|
|
continue
|
|
}
|
|
|
|
attrV = &terraform.ResourceAttrDiff{
|
|
Old: attrV.Old,
|
|
New: attrV.Old,
|
|
}
|
|
}
|
|
}
|
|
diff.Attributes[attrK] = attrV
|
|
}
|
|
|
|
return err
|
|
}
|
|
|
|
func (m schemaMap) diffList(
|
|
k string,
|
|
schema *Schema,
|
|
diff *terraform.InstanceDiff,
|
|
d resourceDiffer,
|
|
all bool) error {
|
|
o, n, _, computedList, customized := d.diffChange(k)
|
|
if computedList {
|
|
n = nil
|
|
}
|
|
nSet := n != nil
|
|
|
|
// If we have an old value and no new value is set or will be
|
|
// computed once all variables can be interpolated and we're
|
|
// computed, then nothing has changed.
|
|
if o != nil && n == nil && !computedList && schema.Computed {
|
|
return nil
|
|
}
|
|
|
|
if o == nil {
|
|
o = []interface{}{}
|
|
}
|
|
if n == nil {
|
|
n = []interface{}{}
|
|
}
|
|
if s, ok := o.(*Set); ok {
|
|
o = s.List()
|
|
}
|
|
if s, ok := n.(*Set); ok {
|
|
n = s.List()
|
|
}
|
|
os := o.([]interface{})
|
|
vs := n.([]interface{})
|
|
|
|
// If the new value was set, and the two are equal, then we're done.
|
|
// We have to do this check here because sets might be NOT
|
|
// reflect.DeepEqual so we need to wait until we get the []interface{}
|
|
if !all && nSet && reflect.DeepEqual(os, vs) {
|
|
return nil
|
|
}
|
|
|
|
// Get the counts
|
|
oldLen := len(os)
|
|
newLen := len(vs)
|
|
oldStr := strconv.FormatInt(int64(oldLen), 10)
|
|
|
|
// If the whole list is computed, then say that the # is computed
|
|
if computedList {
|
|
diff.Attributes[k+".#"] = &terraform.ResourceAttrDiff{
|
|
Old: oldStr,
|
|
NewComputed: true,
|
|
RequiresNew: schema.ForceNew,
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// If the counts are not the same, then record that diff
|
|
changed := oldLen != newLen
|
|
computed := oldLen == 0 && newLen == 0 && schema.Computed
|
|
if changed || computed || all {
|
|
countSchema := &Schema{
|
|
Type: TypeInt,
|
|
Computed: schema.Computed,
|
|
ForceNew: schema.ForceNew,
|
|
}
|
|
|
|
newStr := ""
|
|
if !computed {
|
|
newStr = strconv.FormatInt(int64(newLen), 10)
|
|
} else {
|
|
oldStr = ""
|
|
}
|
|
|
|
diff.Attributes[k+".#"] = countSchema.finalizeDiff(
|
|
&terraform.ResourceAttrDiff{
|
|
Old: oldStr,
|
|
New: newStr,
|
|
},
|
|
customized,
|
|
)
|
|
}
|
|
|
|
// Figure out the maximum
|
|
maxLen := oldLen
|
|
if newLen > maxLen {
|
|
maxLen = newLen
|
|
}
|
|
|
|
switch t := schema.Elem.(type) {
|
|
case *Resource:
|
|
// This is a complex resource
|
|
for i := 0; i < maxLen; i++ {
|
|
for k2, schema := range t.Schema {
|
|
subK := fmt.Sprintf("%s.%d.%s", k, i, k2)
|
|
err := m.diff(subK, schema, diff, d, all)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
case *Schema:
|
|
// Copy the schema so that we can set Computed/ForceNew from
|
|
// the parent schema (the TypeList).
|
|
t2 := *t
|
|
t2.ForceNew = schema.ForceNew
|
|
|
|
// This is just a primitive element, so go through each and
|
|
// just diff each.
|
|
for i := 0; i < maxLen; i++ {
|
|
subK := fmt.Sprintf("%s.%d", k, i)
|
|
err := m.diff(subK, &t2, diff, d, all)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
default:
|
|
return fmt.Errorf("%s: unknown element type (internal)", k)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m schemaMap) diffMap(
|
|
k string,
|
|
schema *Schema,
|
|
diff *terraform.InstanceDiff,
|
|
d resourceDiffer,
|
|
all bool) error {
|
|
prefix := k + "."
|
|
|
|
// First get all the values from the state
|
|
var stateMap, configMap map[string]string
|
|
o, n, _, nComputed, customized := d.diffChange(k)
|
|
if err := mapstructure.WeakDecode(o, &stateMap); err != nil {
|
|
return fmt.Errorf("%s: %s", k, err)
|
|
}
|
|
if err := mapstructure.WeakDecode(n, &configMap); err != nil {
|
|
return fmt.Errorf("%s: %s", k, err)
|
|
}
|
|
|
|
// Keep track of whether the state _exists_ at all prior to clearing it
|
|
stateExists := o != nil
|
|
|
|
// Delete any count values, since we don't use those
|
|
delete(configMap, "%")
|
|
delete(stateMap, "%")
|
|
|
|
// Check if the number of elements has changed.
|
|
oldLen, newLen := len(stateMap), len(configMap)
|
|
changed := oldLen != newLen
|
|
if oldLen != 0 && newLen == 0 && schema.Computed {
|
|
changed = false
|
|
}
|
|
|
|
// It is computed if we have no old value, no new value, the schema
|
|
// says it is computed, and it didn't exist in the state before. The
|
|
// last point means: if it existed in the state, even empty, then it
|
|
// has already been computed.
|
|
computed := oldLen == 0 && newLen == 0 && schema.Computed && !stateExists
|
|
|
|
// If the count has changed or we're computed, then add a diff for the
|
|
// count. "nComputed" means that the new value _contains_ a value that
|
|
// is computed. We don't do granular diffs for this yet, so we mark the
|
|
// whole map as computed.
|
|
if changed || computed || nComputed {
|
|
countSchema := &Schema{
|
|
Type: TypeInt,
|
|
Computed: schema.Computed || nComputed,
|
|
ForceNew: schema.ForceNew,
|
|
}
|
|
|
|
oldStr := strconv.FormatInt(int64(oldLen), 10)
|
|
newStr := ""
|
|
if !computed && !nComputed {
|
|
newStr = strconv.FormatInt(int64(newLen), 10)
|
|
} else {
|
|
oldStr = ""
|
|
}
|
|
|
|
diff.Attributes[k+".%"] = countSchema.finalizeDiff(
|
|
&terraform.ResourceAttrDiff{
|
|
Old: oldStr,
|
|
New: newStr,
|
|
},
|
|
customized,
|
|
)
|
|
}
|
|
|
|
// If the new map is nil and we're computed, then ignore it.
|
|
if n == nil && schema.Computed {
|
|
return nil
|
|
}
|
|
|
|
// Now we compare, preferring values from the config map
|
|
for k, v := range configMap {
|
|
old, ok := stateMap[k]
|
|
delete(stateMap, k)
|
|
|
|
if old == v && ok && !all {
|
|
continue
|
|
}
|
|
|
|
diff.Attributes[prefix+k] = schema.finalizeDiff(
|
|
&terraform.ResourceAttrDiff{
|
|
Old: old,
|
|
New: v,
|
|
},
|
|
customized,
|
|
)
|
|
}
|
|
for k, v := range stateMap {
|
|
diff.Attributes[prefix+k] = schema.finalizeDiff(
|
|
&terraform.ResourceAttrDiff{
|
|
Old: v,
|
|
NewRemoved: true,
|
|
},
|
|
customized,
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m schemaMap) diffSet(
|
|
k string,
|
|
schema *Schema,
|
|
diff *terraform.InstanceDiff,
|
|
d resourceDiffer,
|
|
all bool) error {
|
|
|
|
o, n, _, computedSet, customized := d.diffChange(k)
|
|
if computedSet {
|
|
n = nil
|
|
}
|
|
nSet := n != nil
|
|
|
|
// If we have an old value and no new value is set or will be
|
|
// computed once all variables can be interpolated and we're
|
|
// computed, then nothing has changed.
|
|
if o != nil && n == nil && !computedSet && schema.Computed {
|
|
return nil
|
|
}
|
|
|
|
if o == nil {
|
|
o = schema.ZeroValue().(*Set)
|
|
}
|
|
if n == nil {
|
|
n = schema.ZeroValue().(*Set)
|
|
}
|
|
os := o.(*Set)
|
|
ns := n.(*Set)
|
|
|
|
// If the new value was set, compare the listCode's to determine if
|
|
// the two are equal. Comparing listCode's instead of the actual values
|
|
// is needed because there could be computed values in the set which
|
|
// would result in false positives while comparing.
|
|
if !all && nSet && reflect.DeepEqual(os.listCode(), ns.listCode()) {
|
|
return nil
|
|
}
|
|
|
|
// Get the counts
|
|
oldLen := os.Len()
|
|
newLen := ns.Len()
|
|
oldStr := strconv.Itoa(oldLen)
|
|
newStr := strconv.Itoa(newLen)
|
|
|
|
// Build a schema for our count
|
|
countSchema := &Schema{
|
|
Type: TypeInt,
|
|
Computed: schema.Computed,
|
|
ForceNew: schema.ForceNew,
|
|
}
|
|
|
|
// If the set computed then say that the # is computed
|
|
if computedSet || schema.Computed && !nSet {
|
|
// If # already exists, equals 0 and no new set is supplied, there
|
|
// is nothing to record in the diff
|
|
count, ok := d.GetOk(k + ".#")
|
|
if ok && count.(int) == 0 && !nSet && !computedSet {
|
|
return nil
|
|
}
|
|
|
|
// Set the count but make sure that if # does not exist, we don't
|
|
// use the zeroed value
|
|
countStr := strconv.Itoa(count.(int))
|
|
if !ok {
|
|
countStr = ""
|
|
}
|
|
|
|
diff.Attributes[k+".#"] = countSchema.finalizeDiff(
|
|
&terraform.ResourceAttrDiff{
|
|
Old: countStr,
|
|
NewComputed: true,
|
|
},
|
|
customized,
|
|
)
|
|
return nil
|
|
}
|
|
|
|
// If the counts are not the same, then record that diff
|
|
changed := oldLen != newLen
|
|
if changed || all {
|
|
diff.Attributes[k+".#"] = countSchema.finalizeDiff(
|
|
&terraform.ResourceAttrDiff{
|
|
Old: oldStr,
|
|
New: newStr,
|
|
},
|
|
customized,
|
|
)
|
|
}
|
|
|
|
// Build the list of codes that will make up our set. This is the
|
|
// removed codes as well as all the codes in the new codes.
|
|
codes := make([][]string, 2)
|
|
codes[0] = os.Difference(ns).listCode()
|
|
codes[1] = ns.listCode()
|
|
for _, list := range codes {
|
|
for _, code := range list {
|
|
switch t := schema.Elem.(type) {
|
|
case *Resource:
|
|
// This is a complex resource
|
|
for k2, schema := range t.Schema {
|
|
subK := fmt.Sprintf("%s.%s.%s", k, code, k2)
|
|
err := m.diff(subK, schema, diff, d, true)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
case *Schema:
|
|
// Copy the schema so that we can set Computed/ForceNew from
|
|
// the parent schema (the TypeSet).
|
|
t2 := *t
|
|
t2.ForceNew = schema.ForceNew
|
|
|
|
// This is just a primitive element, so go through each and
|
|
// just diff each.
|
|
subK := fmt.Sprintf("%s.%s", k, code)
|
|
err := m.diff(subK, &t2, diff, d, true)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
default:
|
|
return fmt.Errorf("%s: unknown element type (internal)", k)
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m schemaMap) diffString(
|
|
k string,
|
|
schema *Schema,
|
|
diff *terraform.InstanceDiff,
|
|
d resourceDiffer,
|
|
all bool) error {
|
|
var originalN interface{}
|
|
var os, ns string
|
|
o, n, _, computed, customized := d.diffChange(k)
|
|
if schema.StateFunc != nil && n != nil {
|
|
originalN = n
|
|
n = schema.StateFunc(n)
|
|
}
|
|
nraw := n
|
|
if nraw == nil && o != nil {
|
|
nraw = schema.Type.Zero()
|
|
}
|
|
if err := mapstructure.WeakDecode(o, &os); err != nil {
|
|
return fmt.Errorf("%s: %s", k, err)
|
|
}
|
|
if err := mapstructure.WeakDecode(nraw, &ns); err != nil {
|
|
return fmt.Errorf("%s: %s", k, err)
|
|
}
|
|
|
|
if os == ns && !all && !computed {
|
|
// They're the same value. If there old value is not blank or we
|
|
// have an ID, then return right away since we're already setup.
|
|
if os != "" || d.Id() != "" {
|
|
return nil
|
|
}
|
|
|
|
// Otherwise, only continue if we're computed
|
|
if !schema.Computed {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
removed := false
|
|
if o != nil && n == nil && !computed {
|
|
removed = true
|
|
}
|
|
if removed && schema.Computed {
|
|
return nil
|
|
}
|
|
|
|
diff.Attributes[k] = schema.finalizeDiff(
|
|
&terraform.ResourceAttrDiff{
|
|
Old: os,
|
|
New: ns,
|
|
NewExtra: originalN,
|
|
NewRemoved: removed,
|
|
NewComputed: computed,
|
|
},
|
|
customized,
|
|
)
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m schemaMap) inputString(
|
|
input terraform.UIInput,
|
|
k string,
|
|
schema *Schema) (interface{}, error) {
|
|
result, err := input.Input(context.Background(), &terraform.InputOpts{
|
|
Id: k,
|
|
Query: k,
|
|
Description: schema.Description,
|
|
Default: schema.InputDefault,
|
|
})
|
|
|
|
return result, err
|
|
}
|
|
|
|
func (m schemaMap) validate(
|
|
k string,
|
|
schema *Schema,
|
|
c *terraform.ResourceConfig) ([]string, []error) {
|
|
raw, ok := c.Get(k)
|
|
if !ok && schema.DefaultFunc != nil {
|
|
// We have a dynamic default. Check if we have a value.
|
|
var err error
|
|
raw, err = schema.DefaultFunc()
|
|
if err != nil {
|
|
return nil, []error{fmt.Errorf(
|
|
"%q, error loading default: %s", k, err)}
|
|
}
|
|
|
|
// We're okay as long as we had a value set
|
|
ok = raw != nil
|
|
}
|
|
if !ok {
|
|
if schema.Required {
|
|
return nil, []error{fmt.Errorf(
|
|
"%q: required field is not set", k)}
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
if !schema.Required && !schema.Optional {
|
|
// This is a computed-only field
|
|
return nil, []error{fmt.Errorf(
|
|
"%q: this field cannot be set", k)}
|
|
}
|
|
|
|
// If the value is unknown then we can't validate it yet.
|
|
// In particular, this avoids spurious type errors where downstream
|
|
// validation code sees UnknownVariableValue as being just a string.
|
|
// The SDK has to allow the unknown value through initially, so that
|
|
// Required fields set via an interpolated value are accepted.
|
|
if !isWhollyKnown(raw) {
|
|
if schema.Deprecated != "" {
|
|
return []string{fmt.Sprintf("%q: [DEPRECATED] %s", k, schema.Deprecated)}, nil
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
err := m.validateConflictingAttributes(k, schema, c)
|
|
if err != nil {
|
|
return nil, []error{err}
|
|
}
|
|
|
|
return m.validateType(k, raw, schema, c)
|
|
}
|
|
|
|
// isWhollyKnown returns false if the argument contains an UnknownVariableValue
|
|
func isWhollyKnown(raw interface{}) bool {
|
|
switch raw := raw.(type) {
|
|
case string:
|
|
if raw == hcl2shim.UnknownVariableValue {
|
|
return false
|
|
}
|
|
case []interface{}:
|
|
for _, v := range raw {
|
|
if !isWhollyKnown(v) {
|
|
return false
|
|
}
|
|
}
|
|
case map[string]interface{}:
|
|
for _, v := range raw {
|
|
if !isWhollyKnown(v) {
|
|
return false
|
|
}
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
func (m schemaMap) validateConflictingAttributes(
|
|
k string,
|
|
schema *Schema,
|
|
c *terraform.ResourceConfig) error {
|
|
|
|
if len(schema.ConflictsWith) == 0 {
|
|
return nil
|
|
}
|
|
|
|
for _, conflictingKey := range schema.ConflictsWith {
|
|
if raw, ok := c.Get(conflictingKey); ok {
|
|
if raw == hcl2shim.UnknownVariableValue {
|
|
// An unknown value might become unset (null) once known, so
|
|
// we must defer validation until it's known.
|
|
continue
|
|
}
|
|
return fmt.Errorf(
|
|
"%q: conflicts with %s", k, conflictingKey)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m schemaMap) validateList(
|
|
k string,
|
|
raw interface{},
|
|
schema *Schema,
|
|
c *terraform.ResourceConfig) ([]string, []error) {
|
|
// first check if the list is wholly unknown
|
|
if s, ok := raw.(string); ok {
|
|
if s == hcl2shim.UnknownVariableValue {
|
|
return nil, nil
|
|
}
|
|
}
|
|
|
|
// schemaMap can't validate nil
|
|
if raw == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
// We use reflection to verify the slice because you can't
|
|
// case to []interface{} unless the slice is exactly that type.
|
|
rawV := reflect.ValueOf(raw)
|
|
|
|
// If we support promotion and the raw value isn't a slice, wrap
|
|
// it in []interface{} and check again.
|
|
if schema.PromoteSingle && rawV.Kind() != reflect.Slice {
|
|
raw = []interface{}{raw}
|
|
rawV = reflect.ValueOf(raw)
|
|
}
|
|
|
|
if rawV.Kind() != reflect.Slice {
|
|
return nil, []error{fmt.Errorf(
|
|
"%s: should be a list", k)}
|
|
}
|
|
|
|
// We can't validate list length if this came from a dynamic block.
|
|
// Since there's no way to determine if something was from a dynamic block
|
|
// at this point, we're going to skip validation in the new protocol if
|
|
// there are any unknowns. Validate will eventually be called again once
|
|
// all values are known.
|
|
if isProto5() && !isWhollyKnown(raw) {
|
|
return nil, nil
|
|
}
|
|
|
|
// Validate length
|
|
if schema.MaxItems > 0 && rawV.Len() > schema.MaxItems {
|
|
return nil, []error{fmt.Errorf(
|
|
"%s: attribute supports %d item maximum, config has %d declared", k, schema.MaxItems, rawV.Len())}
|
|
}
|
|
|
|
if schema.MinItems > 0 && rawV.Len() < schema.MinItems {
|
|
return nil, []error{fmt.Errorf(
|
|
"%s: attribute supports %d item as a minimum, config has %d declared", k, schema.MinItems, rawV.Len())}
|
|
}
|
|
|
|
// Now build the []interface{}
|
|
raws := make([]interface{}, rawV.Len())
|
|
for i, _ := range raws {
|
|
raws[i] = rawV.Index(i).Interface()
|
|
}
|
|
|
|
var ws []string
|
|
var es []error
|
|
for i, raw := range raws {
|
|
key := fmt.Sprintf("%s.%d", k, i)
|
|
|
|
// Reify the key value from the ResourceConfig.
|
|
// If the list was computed we have all raw values, but some of these
|
|
// may be known in the config, and aren't individually marked as Computed.
|
|
if r, ok := c.Get(key); ok {
|
|
raw = r
|
|
}
|
|
|
|
var ws2 []string
|
|
var es2 []error
|
|
switch t := schema.Elem.(type) {
|
|
case *Resource:
|
|
// This is a sub-resource
|
|
ws2, es2 = m.validateObject(key, t.Schema, c)
|
|
case *Schema:
|
|
ws2, es2 = m.validateType(key, raw, t, c)
|
|
}
|
|
|
|
if len(ws2) > 0 {
|
|
ws = append(ws, ws2...)
|
|
}
|
|
if len(es2) > 0 {
|
|
es = append(es, es2...)
|
|
}
|
|
}
|
|
|
|
return ws, es
|
|
}
|
|
|
|
func (m schemaMap) validateMap(
|
|
k string,
|
|
raw interface{},
|
|
schema *Schema,
|
|
c *terraform.ResourceConfig) ([]string, []error) {
|
|
// first check if the list is wholly unknown
|
|
if s, ok := raw.(string); ok {
|
|
if s == hcl2shim.UnknownVariableValue {
|
|
return nil, nil
|
|
}
|
|
}
|
|
|
|
// schemaMap can't validate nil
|
|
if raw == nil {
|
|
return nil, nil
|
|
}
|
|
// We use reflection to verify the slice because you can't
|
|
// case to []interface{} unless the slice is exactly that type.
|
|
rawV := reflect.ValueOf(raw)
|
|
switch rawV.Kind() {
|
|
case reflect.String:
|
|
// If raw and reified are equal, this is a string and should
|
|
// be rejected.
|
|
reified, reifiedOk := c.Get(k)
|
|
if reifiedOk && raw == reified && !c.IsComputed(k) {
|
|
return nil, []error{fmt.Errorf("%s: should be a map", k)}
|
|
}
|
|
// Otherwise it's likely raw is an interpolation.
|
|
return nil, nil
|
|
case reflect.Map:
|
|
case reflect.Slice:
|
|
default:
|
|
return nil, []error{fmt.Errorf("%s: should be a map", k)}
|
|
}
|
|
|
|
// If it is not a slice, validate directly
|
|
if rawV.Kind() != reflect.Slice {
|
|
mapIface := rawV.Interface()
|
|
if _, errs := validateMapValues(k, mapIface.(map[string]interface{}), schema); len(errs) > 0 {
|
|
return nil, errs
|
|
}
|
|
if schema.ValidateFunc != nil {
|
|
return schema.ValidateFunc(mapIface, k)
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
// It is a slice, verify that all the elements are maps
|
|
raws := make([]interface{}, rawV.Len())
|
|
for i, _ := range raws {
|
|
raws[i] = rawV.Index(i).Interface()
|
|
}
|
|
|
|
for _, raw := range raws {
|
|
v := reflect.ValueOf(raw)
|
|
if v.Kind() != reflect.Map {
|
|
return nil, []error{fmt.Errorf(
|
|
"%s: should be a map", k)}
|
|
}
|
|
mapIface := v.Interface()
|
|
if _, errs := validateMapValues(k, mapIface.(map[string]interface{}), schema); len(errs) > 0 {
|
|
return nil, errs
|
|
}
|
|
}
|
|
|
|
if schema.ValidateFunc != nil {
|
|
validatableMap := make(map[string]interface{})
|
|
for _, raw := range raws {
|
|
for k, v := range raw.(map[string]interface{}) {
|
|
validatableMap[k] = v
|
|
}
|
|
}
|
|
|
|
return schema.ValidateFunc(validatableMap, k)
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
func validateMapValues(k string, m map[string]interface{}, schema *Schema) ([]string, []error) {
|
|
for key, raw := range m {
|
|
valueType, err := getValueType(k, schema)
|
|
if err != nil {
|
|
return nil, []error{err}
|
|
}
|
|
|
|
switch valueType {
|
|
case TypeBool:
|
|
var n bool
|
|
if err := mapstructure.WeakDecode(raw, &n); err != nil {
|
|
return nil, []error{fmt.Errorf("%s (%s): %s", k, key, err)}
|
|
}
|
|
case TypeInt:
|
|
var n int
|
|
if err := mapstructure.WeakDecode(raw, &n); err != nil {
|
|
return nil, []error{fmt.Errorf("%s (%s): %s", k, key, err)}
|
|
}
|
|
case TypeFloat:
|
|
var n float64
|
|
if err := mapstructure.WeakDecode(raw, &n); err != nil {
|
|
return nil, []error{fmt.Errorf("%s (%s): %s", k, key, err)}
|
|
}
|
|
case TypeString:
|
|
var n string
|
|
if err := mapstructure.WeakDecode(raw, &n); err != nil {
|
|
return nil, []error{fmt.Errorf("%s (%s): %s", k, key, err)}
|
|
}
|
|
default:
|
|
panic(fmt.Sprintf("Unknown validation type: %#v", schema.Type))
|
|
}
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func getValueType(k string, schema *Schema) (ValueType, error) {
|
|
if schema.Elem == nil {
|
|
return TypeString, nil
|
|
}
|
|
if vt, ok := schema.Elem.(ValueType); ok {
|
|
return vt, nil
|
|
}
|
|
|
|
// If a Schema is provided to a Map, we use the Type of that schema
|
|
// as the type for each element in the Map.
|
|
if s, ok := schema.Elem.(*Schema); ok {
|
|
return s.Type, nil
|
|
}
|
|
|
|
if _, ok := schema.Elem.(*Resource); ok {
|
|
// TODO: We don't actually support this (yet)
|
|
// but silently pass the validation, until we decide
|
|
// how to handle nested structures in maps
|
|
return TypeString, nil
|
|
}
|
|
return 0, fmt.Errorf("%s: unexpected map value type: %#v", k, schema.Elem)
|
|
}
|
|
|
|
func (m schemaMap) validateObject(
|
|
k string,
|
|
schema map[string]*Schema,
|
|
c *terraform.ResourceConfig) ([]string, []error) {
|
|
raw, _ := c.Get(k)
|
|
|
|
// schemaMap can't validate nil
|
|
if raw == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
if _, ok := raw.(map[string]interface{}); !ok && !c.IsComputed(k) {
|
|
return nil, []error{fmt.Errorf(
|
|
"%s: expected object, got %s",
|
|
k, reflect.ValueOf(raw).Kind())}
|
|
}
|
|
|
|
var ws []string
|
|
var es []error
|
|
for subK, s := range schema {
|
|
key := subK
|
|
if k != "" {
|
|
key = fmt.Sprintf("%s.%s", k, subK)
|
|
}
|
|
|
|
ws2, es2 := m.validate(key, s, c)
|
|
if len(ws2) > 0 {
|
|
ws = append(ws, ws2...)
|
|
}
|
|
if len(es2) > 0 {
|
|
es = append(es, es2...)
|
|
}
|
|
}
|
|
|
|
// Detect any extra/unknown keys and report those as errors.
|
|
if m, ok := raw.(map[string]interface{}); ok {
|
|
for subk, _ := range m {
|
|
if _, ok := schema[subk]; !ok {
|
|
if subk == TimeoutsConfigKey {
|
|
continue
|
|
}
|
|
es = append(es, fmt.Errorf(
|
|
"%s: invalid or unknown key: %s", k, subk))
|
|
}
|
|
}
|
|
}
|
|
|
|
return ws, es
|
|
}
|
|
|
|
func (m schemaMap) validatePrimitive(
|
|
k string,
|
|
raw interface{},
|
|
schema *Schema,
|
|
c *terraform.ResourceConfig) ([]string, []error) {
|
|
|
|
// a nil value shouldn't happen in the old protocol, and in the new
|
|
// protocol the types have already been validated. Either way, we can't
|
|
// reflect on nil, so don't panic.
|
|
if raw == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
// Catch if the user gave a complex type where a primitive was
|
|
// expected, so we can return a friendly error message that
|
|
// doesn't contain Go type system terminology.
|
|
switch reflect.ValueOf(raw).Type().Kind() {
|
|
case reflect.Slice:
|
|
return nil, []error{
|
|
fmt.Errorf("%s must be a single value, not a list", k),
|
|
}
|
|
case reflect.Map:
|
|
return nil, []error{
|
|
fmt.Errorf("%s must be a single value, not a map", k),
|
|
}
|
|
default: // ok
|
|
}
|
|
|
|
if c.IsComputed(k) {
|
|
// If the key is being computed, then it is not an error as
|
|
// long as it's not a slice or map.
|
|
return nil, nil
|
|
}
|
|
|
|
var decoded interface{}
|
|
switch schema.Type {
|
|
case TypeBool:
|
|
// Verify that we can parse this as the correct type
|
|
var n bool
|
|
if err := mapstructure.WeakDecode(raw, &n); err != nil {
|
|
return nil, []error{fmt.Errorf("%s: %s", k, err)}
|
|
}
|
|
decoded = n
|
|
case TypeInt:
|
|
switch {
|
|
case isProto5():
|
|
// We need to verify the type precisely, because WeakDecode will
|
|
// decode a float as an integer.
|
|
|
|
// the config shims only use int for integral number values
|
|
if v, ok := raw.(int); ok {
|
|
decoded = v
|
|
} else {
|
|
return nil, []error{fmt.Errorf("%s: must be a whole number, got %v", k, raw)}
|
|
}
|
|
default:
|
|
// Verify that we can parse this as an int
|
|
var n int
|
|
if err := mapstructure.WeakDecode(raw, &n); err != nil {
|
|
return nil, []error{fmt.Errorf("%s: %s", k, err)}
|
|
}
|
|
decoded = n
|
|
}
|
|
case TypeFloat:
|
|
// Verify that we can parse this as an int
|
|
var n float64
|
|
if err := mapstructure.WeakDecode(raw, &n); err != nil {
|
|
return nil, []error{fmt.Errorf("%s: %s", k, err)}
|
|
}
|
|
decoded = n
|
|
case TypeString:
|
|
// Verify that we can parse this as a string
|
|
var n string
|
|
if err := mapstructure.WeakDecode(raw, &n); err != nil {
|
|
return nil, []error{fmt.Errorf("%s: %s", k, err)}
|
|
}
|
|
decoded = n
|
|
default:
|
|
panic(fmt.Sprintf("Unknown validation type: %#v", schema.Type))
|
|
}
|
|
|
|
if schema.ValidateFunc != nil {
|
|
return schema.ValidateFunc(decoded, k)
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
func (m schemaMap) validateType(
|
|
k string,
|
|
raw interface{},
|
|
schema *Schema,
|
|
c *terraform.ResourceConfig) ([]string, []error) {
|
|
var ws []string
|
|
var es []error
|
|
switch schema.Type {
|
|
case TypeSet, TypeList:
|
|
ws, es = m.validateList(k, raw, schema, c)
|
|
case TypeMap:
|
|
ws, es = m.validateMap(k, raw, schema, c)
|
|
default:
|
|
ws, es = m.validatePrimitive(k, raw, schema, c)
|
|
}
|
|
|
|
if schema.Deprecated != "" {
|
|
ws = append(ws, fmt.Sprintf(
|
|
"%q: [DEPRECATED] %s", k, schema.Deprecated))
|
|
}
|
|
|
|
if schema.Removed != "" {
|
|
es = append(es, fmt.Errorf(
|
|
"%q: [REMOVED] %s", k, schema.Removed))
|
|
}
|
|
|
|
return ws, es
|
|
}
|
|
|
|
// Zero returns the zero value for a type.
|
|
func (t ValueType) Zero() interface{} {
|
|
switch t {
|
|
case TypeInvalid:
|
|
return nil
|
|
case TypeBool:
|
|
return false
|
|
case TypeInt:
|
|
return 0
|
|
case TypeFloat:
|
|
return 0.0
|
|
case TypeString:
|
|
return ""
|
|
case TypeList:
|
|
return []interface{}{}
|
|
case TypeMap:
|
|
return map[string]interface{}{}
|
|
case TypeSet:
|
|
return new(Set)
|
|
case typeObject:
|
|
return map[string]interface{}{}
|
|
default:
|
|
panic(fmt.Sprintf("unknown type %s", t))
|
|
}
|
|
}
|