terraform/terraform/diff.go

900 lines
22 KiB
Go

package terraform
import (
"bufio"
"bytes"
"fmt"
"reflect"
"regexp"
"sort"
"strings"
"sync"
"github.com/hashicorp/terraform/addrs"
"github.com/mitchellh/copystructure"
)
// DiffChangeType is an enum with the kind of changes a diff has planned.
type DiffChangeType byte
const (
DiffInvalid DiffChangeType = iota
DiffNone
DiffCreate
DiffUpdate
DiffDestroy
DiffDestroyCreate
// DiffRefresh is only used in the UI for displaying diffs.
// Managed resource reads never appear in plan, and when data source
// reads appear they are represented as DiffCreate in core before
// transforming to DiffRefresh in the UI layer.
DiffRefresh // TODO: Actually use DiffRefresh in core too, for less confusion
)
// multiVal matches the index key to a flatmapped set, list or map
var multiVal = regexp.MustCompile(`\.(#|%)$`)
// Diff tracks the changes that are necessary to apply a configuration
// to an existing infrastructure.
type Diff struct {
// Modules contains all the modules that have a diff
Modules []*ModuleDiff
}
// Prune cleans out unused structures in the diff without affecting
// the behavior of the diff at all.
//
// This is not safe to call concurrently. This is safe to call on a
// nil Diff.
func (d *Diff) Prune() {
if d == nil {
return
}
// Prune all empty modules
newModules := make([]*ModuleDiff, 0, len(d.Modules))
for _, m := range d.Modules {
// If the module isn't empty, we keep it
if !m.Empty() {
newModules = append(newModules, m)
}
}
if len(newModules) == 0 {
newModules = nil
}
d.Modules = newModules
}
// AddModule adds the module with the given path to the diff.
//
// This should be the preferred method to add module diffs since it
// allows us to optimize lookups later as well as control sorting.
func (d *Diff) AddModule(path addrs.ModuleInstance) *ModuleDiff {
// Lower the new-style address into a legacy-style address.
// This requires that none of the steps have instance keys, which is
// true for all addresses at the time of implementing this because
// "count" and "for_each" are not yet implemented for modules.
legacyPath := make([]string, len(path))
for i, step := range path {
if step.InstanceKey != addrs.NoKey {
// FIXME: Once the rest of Terraform is ready to use count and
// for_each, remove all of this and just write the addrs.ModuleInstance
// value itself into the ModuleState.
panic("diff cannot represent modules with count or for_each keys")
}
legacyPath[i] = step.Name
}
m := &ModuleDiff{Path: legacyPath}
m.init()
d.Modules = append(d.Modules, m)
return m
}
// ModuleByPath is used to lookup the module diff for the given path.
// This should be the preferred lookup mechanism as it allows for future
// lookup optimizations.
func (d *Diff) ModuleByPath(path addrs.ModuleInstance) *ModuleDiff {
if d == nil {
return nil
}
for _, mod := range d.Modules {
if mod.Path == nil {
panic("missing module path")
}
modPath := normalizeModulePath(mod.Path)
if modPath.String() == path.String() {
return mod
}
}
return nil
}
// RootModule returns the ModuleState for the root module
func (d *Diff) RootModule() *ModuleDiff {
root := d.ModuleByPath(addrs.RootModuleInstance)
if root == nil {
panic("missing root module")
}
return root
}
// Empty returns true if the diff has no changes.
func (d *Diff) Empty() bool {
if d == nil {
return true
}
for _, m := range d.Modules {
if !m.Empty() {
return false
}
}
return true
}
// Equal compares two diffs for exact equality.
//
// This is different from the Same comparison that is supported which
// checks for operation equality taking into account computed values. Equal
// instead checks for exact equality.
func (d *Diff) Equal(d2 *Diff) bool {
// If one is nil, they must both be nil
if d == nil || d2 == nil {
return d == d2
}
// Sort the modules
sort.Sort(moduleDiffSort(d.Modules))
sort.Sort(moduleDiffSort(d2.Modules))
// Copy since we have to modify the module destroy flag to false so
// we don't compare that. TODO: delete this when we get rid of the
// destroy flag on modules.
dCopy := d.DeepCopy()
d2Copy := d2.DeepCopy()
for _, m := range dCopy.Modules {
m.Destroy = false
}
for _, m := range d2Copy.Modules {
m.Destroy = false
}
// Use DeepEqual
return reflect.DeepEqual(dCopy, d2Copy)
}
// DeepCopy performs a deep copy of all parts of the Diff, making the
// resulting Diff safe to use without modifying this one.
func (d *Diff) DeepCopy() *Diff {
copy, err := copystructure.Config{Lock: true}.Copy(d)
if err != nil {
panic(err)
}
return copy.(*Diff)
}
func (d *Diff) String() string {
var buf bytes.Buffer
keys := make([]string, 0, len(d.Modules))
lookup := make(map[string]*ModuleDiff)
for _, m := range d.Modules {
addr := normalizeModulePath(m.Path)
key := addr.String()
keys = append(keys, key)
lookup[key] = m
}
sort.Strings(keys)
for _, key := range keys {
m := lookup[key]
mStr := m.String()
// If we're the root module, we just write the output directly.
if reflect.DeepEqual(m.Path, rootModulePath) {
buf.WriteString(mStr + "\n")
continue
}
buf.WriteString(fmt.Sprintf("%s:\n", key))
s := bufio.NewScanner(strings.NewReader(mStr))
for s.Scan() {
buf.WriteString(fmt.Sprintf(" %s\n", s.Text()))
}
}
return strings.TrimSpace(buf.String())
}
func (d *Diff) init() {
if d.Modules == nil {
rootDiff := &ModuleDiff{Path: rootModulePath}
d.Modules = []*ModuleDiff{rootDiff}
}
for _, m := range d.Modules {
m.init()
}
}
// ModuleDiff tracks the differences between resources to apply within
// a single module.
type ModuleDiff struct {
Path []string
Resources map[string]*InstanceDiff
Destroy bool // Set only by the destroy plan
}
func (d *ModuleDiff) init() {
if d.Resources == nil {
d.Resources = make(map[string]*InstanceDiff)
}
for _, r := range d.Resources {
r.init()
}
}
// ChangeType returns the type of changes that the diff for this
// module includes.
//
// At a module level, this will only be DiffNone, DiffUpdate, DiffDestroy, or
// DiffCreate. If an instance within the module has a DiffDestroyCreate
// then this will register as a DiffCreate for a module.
func (d *ModuleDiff) ChangeType() DiffChangeType {
result := DiffNone
for _, r := range d.Resources {
change := r.ChangeType()
switch change {
case DiffCreate, DiffDestroy:
if result == DiffNone {
result = change
}
case DiffDestroyCreate, DiffUpdate:
result = DiffUpdate
}
}
return result
}
// Empty returns true if the diff has no changes within this module.
func (d *ModuleDiff) Empty() bool {
if d.Destroy {
return false
}
if len(d.Resources) == 0 {
return true
}
for _, rd := range d.Resources {
if !rd.Empty() {
return false
}
}
return true
}
// Instances returns the instance diffs for the id given. This can return
// multiple instance diffs if there are counts within the resource.
func (d *ModuleDiff) Instances(id string) []*InstanceDiff {
var result []*InstanceDiff
for k, diff := range d.Resources {
if k == id || strings.HasPrefix(k, id+".") {
if !diff.Empty() {
result = append(result, diff)
}
}
}
return result
}
// IsRoot says whether or not this module diff is for the root module.
func (d *ModuleDiff) IsRoot() bool {
return reflect.DeepEqual(d.Path, rootModulePath)
}
// String outputs the diff in a long but command-line friendly output
// format that users can read to quickly inspect a diff.
func (d *ModuleDiff) String() string {
var buf bytes.Buffer
names := make([]string, 0, len(d.Resources))
for name, _ := range d.Resources {
names = append(names, name)
}
sort.Strings(names)
for _, name := range names {
rdiff := d.Resources[name]
crud := "UPDATE"
switch {
case rdiff.RequiresNew() && (rdiff.GetDestroy() || rdiff.GetDestroyTainted()):
crud = "DESTROY/CREATE"
case rdiff.GetDestroy() || rdiff.GetDestroyDeposed():
crud = "DESTROY"
case rdiff.RequiresNew():
crud = "CREATE"
}
extra := ""
if !rdiff.GetDestroy() && rdiff.GetDestroyDeposed() {
extra = " (deposed only)"
}
buf.WriteString(fmt.Sprintf(
"%s: %s%s\n",
crud,
name,
extra))
keyLen := 0
rdiffAttrs := rdiff.CopyAttributes()
keys := make([]string, 0, len(rdiffAttrs))
for key, _ := range rdiffAttrs {
if key == "id" {
continue
}
keys = append(keys, key)
if len(key) > keyLen {
keyLen = len(key)
}
}
sort.Strings(keys)
for _, attrK := range keys {
attrDiff, _ := rdiff.GetAttribute(attrK)
v := attrDiff.New
u := attrDiff.Old
if attrDiff.NewComputed {
v = "<computed>"
}
if attrDiff.Sensitive {
u = "<sensitive>"
v = "<sensitive>"
}
updateMsg := ""
if attrDiff.RequiresNew {
updateMsg = " (forces new resource)"
} else if attrDiff.Sensitive {
updateMsg = " (attribute changed)"
}
buf.WriteString(fmt.Sprintf(
" %s:%s %#v => %#v%s\n",
attrK,
strings.Repeat(" ", keyLen-len(attrK)),
u,
v,
updateMsg))
}
}
return buf.String()
}
// InstanceDiff is the diff of a resource from some state to another.
type InstanceDiff struct {
mu sync.Mutex
Attributes map[string]*ResourceAttrDiff
Destroy bool
DestroyDeposed bool
DestroyTainted bool
// Meta is a simple K/V map that is stored in a diff and persisted to
// plans but otherwise is completely ignored by Terraform core. It is
// meant to be used for additional data a resource may want to pass through.
// The value here must only contain Go primitives and collections.
Meta map[string]interface{}
}
func (d *InstanceDiff) Lock() { d.mu.Lock() }
func (d *InstanceDiff) Unlock() { d.mu.Unlock() }
// ResourceAttrDiff is the diff of a single attribute of a resource.
type ResourceAttrDiff struct {
Old string // Old Value
New string // New Value
NewComputed bool // True if new value is computed (unknown currently)
NewRemoved bool // True if this attribute is being removed
NewExtra interface{} // Extra information for the provider
RequiresNew bool // True if change requires new resource
Sensitive bool // True if the data should not be displayed in UI output
Type DiffAttrType
}
// Empty returns true if the diff for this attr is neutral
func (d *ResourceAttrDiff) Empty() bool {
return d.Old == d.New && !d.NewComputed && !d.NewRemoved
}
func (d *ResourceAttrDiff) GoString() string {
return fmt.Sprintf("*%#v", *d)
}
// DiffAttrType is an enum type that says whether a resource attribute
// diff is an input attribute (comes from the configuration) or an
// output attribute (comes as a result of applying the configuration). An
// example input would be "ami" for AWS and an example output would be
// "private_ip".
type DiffAttrType byte
const (
DiffAttrUnknown DiffAttrType = iota
DiffAttrInput
DiffAttrOutput
)
func (d *InstanceDiff) init() {
if d.Attributes == nil {
d.Attributes = make(map[string]*ResourceAttrDiff)
}
}
func NewInstanceDiff() *InstanceDiff {
return &InstanceDiff{Attributes: make(map[string]*ResourceAttrDiff)}
}
func (d *InstanceDiff) Copy() (*InstanceDiff, error) {
if d == nil {
return nil, nil
}
dCopy, err := copystructure.Config{Lock: true}.Copy(d)
if err != nil {
return nil, err
}
return dCopy.(*InstanceDiff), nil
}
// ChangeType returns the DiffChangeType represented by the diff
// for this single instance.
func (d *InstanceDiff) ChangeType() DiffChangeType {
if d.Empty() {
return DiffNone
}
if d.RequiresNew() && (d.GetDestroy() || d.GetDestroyTainted()) {
return DiffDestroyCreate
}
if d.GetDestroy() || d.GetDestroyDeposed() {
return DiffDestroy
}
if d.RequiresNew() {
return DiffCreate
}
return DiffUpdate
}
// Empty returns true if this diff encapsulates no changes.
func (d *InstanceDiff) Empty() bool {
if d == nil {
return true
}
d.mu.Lock()
defer d.mu.Unlock()
return !d.Destroy &&
!d.DestroyTainted &&
!d.DestroyDeposed &&
len(d.Attributes) == 0
}
// Equal compares two diffs for exact equality.
//
// This is different from the Same comparison that is supported which
// checks for operation equality taking into account computed values. Equal
// instead checks for exact equality.
func (d *InstanceDiff) Equal(d2 *InstanceDiff) bool {
// If one is nil, they must both be nil
if d == nil || d2 == nil {
return d == d2
}
// Use DeepEqual
return reflect.DeepEqual(d, d2)
}
// DeepCopy performs a deep copy of all parts of the InstanceDiff
func (d *InstanceDiff) DeepCopy() *InstanceDiff {
copy, err := copystructure.Config{Lock: true}.Copy(d)
if err != nil {
panic(err)
}
return copy.(*InstanceDiff)
}
func (d *InstanceDiff) GoString() string {
return fmt.Sprintf("*%#v", InstanceDiff{
Attributes: d.Attributes,
Destroy: d.Destroy,
DestroyTainted: d.DestroyTainted,
DestroyDeposed: d.DestroyDeposed,
})
}
// RequiresNew returns true if the diff requires the creation of a new
// resource (implying the destruction of the old).
func (d *InstanceDiff) RequiresNew() bool {
if d == nil {
return false
}
d.mu.Lock()
defer d.mu.Unlock()
return d.requiresNew()
}
func (d *InstanceDiff) requiresNew() bool {
if d == nil {
return false
}
if d.DestroyTainted {
return true
}
for _, rd := range d.Attributes {
if rd != nil && rd.RequiresNew {
return true
}
}
return false
}
func (d *InstanceDiff) GetDestroyDeposed() bool {
d.mu.Lock()
defer d.mu.Unlock()
return d.DestroyDeposed
}
func (d *InstanceDiff) SetDestroyDeposed(b bool) {
d.mu.Lock()
defer d.mu.Unlock()
d.DestroyDeposed = b
}
// These methods are properly locked, for use outside other InstanceDiff
// methods but everywhere else within the terraform package.
// TODO refactor the locking scheme
func (d *InstanceDiff) SetTainted(b bool) {
d.mu.Lock()
defer d.mu.Unlock()
d.DestroyTainted = b
}
func (d *InstanceDiff) GetDestroyTainted() bool {
d.mu.Lock()
defer d.mu.Unlock()
return d.DestroyTainted
}
func (d *InstanceDiff) SetDestroy(b bool) {
d.mu.Lock()
defer d.mu.Unlock()
d.Destroy = b
}
func (d *InstanceDiff) GetDestroy() bool {
d.mu.Lock()
defer d.mu.Unlock()
return d.Destroy
}
func (d *InstanceDiff) SetAttribute(key string, attr *ResourceAttrDiff) {
d.mu.Lock()
defer d.mu.Unlock()
d.Attributes[key] = attr
}
func (d *InstanceDiff) DelAttribute(key string) {
d.mu.Lock()
defer d.mu.Unlock()
delete(d.Attributes, key)
}
func (d *InstanceDiff) GetAttribute(key string) (*ResourceAttrDiff, bool) {
d.mu.Lock()
defer d.mu.Unlock()
attr, ok := d.Attributes[key]
return attr, ok
}
func (d *InstanceDiff) GetAttributesLen() int {
d.mu.Lock()
defer d.mu.Unlock()
return len(d.Attributes)
}
// Safely copies the Attributes map
func (d *InstanceDiff) CopyAttributes() map[string]*ResourceAttrDiff {
d.mu.Lock()
defer d.mu.Unlock()
attrs := make(map[string]*ResourceAttrDiff)
for k, v := range d.Attributes {
attrs[k] = v
}
return attrs
}
// Same checks whether or not two InstanceDiff's are the "same". When
// we say "same", it is not necessarily exactly equal. Instead, it is
// just checking that the same attributes are changing, a destroy
// isn't suddenly happening, etc.
func (d *InstanceDiff) Same(d2 *InstanceDiff) (bool, string) {
// we can safely compare the pointers without a lock
switch {
case d == nil && d2 == nil:
return true, ""
case d == nil || d2 == nil:
return false, "one nil"
case d == d2:
return true, ""
}
d.mu.Lock()
defer d.mu.Unlock()
// If we're going from requiring new to NOT requiring new, then we have
// to see if all required news were computed. If so, it is allowed since
// computed may also mean "same value and therefore not new".
oldNew := d.requiresNew()
newNew := d2.RequiresNew()
if oldNew && !newNew {
oldNew = false
// This section builds a list of ignorable attributes for requiresNew
// by removing off any elements of collections going to zero elements.
// For collections going to zero, they may not exist at all in the
// new diff (and hence RequiresNew == false).
ignoreAttrs := make(map[string]struct{})
for k, diffOld := range d.Attributes {
if !strings.HasSuffix(k, ".%") && !strings.HasSuffix(k, ".#") {
continue
}
// This case is in here as a protection measure. The bug that this
// code originally fixed (GH-11349) didn't have to deal with computed
// so I'm not 100% sure what the correct behavior is. Best to leave
// the old behavior.
if diffOld.NewComputed {
continue
}
// We're looking for the case a map goes to exactly 0.
if diffOld.New != "0" {
continue
}
// Found it! Ignore all of these. The prefix here is stripping
// off the "%" so it is just "k."
prefix := k[:len(k)-1]
for k2, _ := range d.Attributes {
if strings.HasPrefix(k2, prefix) {
ignoreAttrs[k2] = struct{}{}
}
}
}
for k, rd := range d.Attributes {
if _, ok := ignoreAttrs[k]; ok {
continue
}
// If the field is requires new and NOT computed, then what
// we have is a diff mismatch for sure. We set that the old
// diff does REQUIRE a ForceNew.
if rd != nil && rd.RequiresNew && !rd.NewComputed {
oldNew = true
break
}
}
}
if oldNew != newNew {
return false, fmt.Sprintf(
"diff RequiresNew; old: %t, new: %t", oldNew, newNew)
}
// Verify that destroy matches. The second boolean here allows us to
// have mismatching Destroy if we're moving from RequiresNew true
// to false above. Therefore, the second boolean will only pass if
// we're moving from Destroy: true to false as well.
if d.Destroy != d2.GetDestroy() && d.requiresNew() == oldNew {
return false, fmt.Sprintf(
"diff: Destroy; old: %t, new: %t", d.Destroy, d2.GetDestroy())
}
// Go through the old diff and make sure the new diff has all the
// same attributes. To start, build up the check map to be all the keys.
checkOld := make(map[string]struct{})
checkNew := make(map[string]struct{})
for k, _ := range d.Attributes {
checkOld[k] = struct{}{}
}
for k, _ := range d2.CopyAttributes() {
checkNew[k] = struct{}{}
}
// Make an ordered list so we are sure the approximated hashes are left
// to process at the end of the loop
keys := make([]string, 0, len(d.Attributes))
for k, _ := range d.Attributes {
keys = append(keys, k)
}
sort.StringSlice(keys).Sort()
for _, k := range keys {
diffOld := d.Attributes[k]
if _, ok := checkOld[k]; !ok {
// We're not checking this key for whatever reason (see where
// check is modified).
continue
}
// Remove this key since we'll never hit it again
delete(checkOld, k)
delete(checkNew, k)
_, ok := d2.GetAttribute(k)
if !ok {
// If there's no new attribute, and the old diff expected the attribute
// to be removed, that's just fine.
if diffOld.NewRemoved {
continue
}
// If the last diff was a computed value then the absense of
// that value is allowed since it may mean the value ended up
// being the same.
if diffOld.NewComputed {
ok = true
}
// No exact match, but maybe this is a set containing computed
// values. So check if there is an approximate hash in the key
// and if so, try to match the key.
if strings.Contains(k, "~") {
parts := strings.Split(k, ".")
parts2 := append([]string(nil), parts...)
re := regexp.MustCompile(`^~\d+$`)
for i, part := range parts {
if re.MatchString(part) {
// we're going to consider this the base of a
// computed hash, and remove all longer matching fields
ok = true
parts2[i] = `\d+`
parts2 = parts2[:i+1]
break
}
}
re, err := regexp.Compile("^" + strings.Join(parts2, `\.`))
if err != nil {
return false, fmt.Sprintf("regexp failed to compile; err: %#v", err)
}
for k2, _ := range checkNew {
if re.MatchString(k2) {
delete(checkNew, k2)
}
}
}
// This is a little tricky, but when a diff contains a computed
// list, set, or map that can only be interpolated after the apply
// command has created the dependent resources, it could turn out
// that the result is actually the same as the existing state which
// would remove the key from the diff.
if diffOld.NewComputed && (strings.HasSuffix(k, ".#") || strings.HasSuffix(k, ".%")) {
ok = true
}
// Similarly, in a RequiresNew scenario, a list that shows up in the plan
// diff can disappear from the apply diff, which is calculated from an
// empty state.
if d.requiresNew() && (strings.HasSuffix(k, ".#") || strings.HasSuffix(k, ".%")) {
ok = true
}
if !ok {
return false, fmt.Sprintf("attribute mismatch: %s", k)
}
}
// search for the suffix of the base of a [computed] map, list or set.
match := multiVal.FindStringSubmatch(k)
if diffOld.NewComputed && len(match) == 2 {
matchLen := len(match[1])
// This is a computed list, set, or map, so remove any keys with
// this prefix from the check list.
kprefix := k[:len(k)-matchLen]
for k2, _ := range checkOld {
if strings.HasPrefix(k2, kprefix) {
delete(checkOld, k2)
}
}
for k2, _ := range checkNew {
if strings.HasPrefix(k2, kprefix) {
delete(checkNew, k2)
}
}
}
// We don't compare the values because we can't currently actually
// guarantee to generate the same value two two diffs created from
// the same state+config: we have some pesky interpolation functions
// that do not behave as pure functions (uuid, timestamp) and so they
// can be different each time a diff is produced.
// FIXME: Re-organize our config handling so that we don't re-evaluate
// expressions when we produce a second comparison diff during
// apply (for EvalCompareDiff).
}
// Check for leftover attributes
if len(checkNew) > 0 {
extras := make([]string, 0, len(checkNew))
for attr, _ := range checkNew {
extras = append(extras, attr)
}
return false,
fmt.Sprintf("extra attributes: %s", strings.Join(extras, ", "))
}
return true, ""
}
// moduleDiffSort implements sort.Interface to sort module diffs by path.
type moduleDiffSort []*ModuleDiff
func (s moduleDiffSort) Len() int { return len(s) }
func (s moduleDiffSort) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
func (s moduleDiffSort) Less(i, j int) bool {
a := s[i]
b := s[j]
// If the lengths are different, then the shorter one always wins
if len(a.Path) != len(b.Path) {
return len(a.Path) < len(b.Path)
}
// Otherwise, compare lexically
return strings.Join(a.Path, ".") < strings.Join(b.Path, ".")
}