2023-05-02 10:33:06 -05:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2017-01-18 22:50:45 -06:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
2018-10-18 14:41:05 -05:00
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"os"
|
2017-01-18 22:50:45 -06:00
|
|
|
"strings"
|
|
|
|
|
2021-05-17 14:07:38 -05:00
|
|
|
"github.com/hashicorp/terraform/internal/command/arguments"
|
|
|
|
"github.com/hashicorp/terraform/internal/command/clistate"
|
|
|
|
"github.com/hashicorp/terraform/internal/command/views"
|
2021-05-17 14:43:35 -05:00
|
|
|
"github.com/hashicorp/terraform/internal/states/statefile"
|
|
|
|
"github.com/hashicorp/terraform/internal/states/statemgr"
|
2022-08-30 17:27:15 -05:00
|
|
|
"github.com/hashicorp/terraform/internal/terraform"
|
|
|
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
2017-01-18 22:50:45 -06:00
|
|
|
"github.com/mitchellh/cli"
|
|
|
|
)
|
|
|
|
|
|
|
|
// StatePushCommand is a Command implementation that shows a single resource.
|
|
|
|
type StatePushCommand struct {
|
2017-03-01 09:10:47 -06:00
|
|
|
Meta
|
2017-01-18 22:50:45 -06:00
|
|
|
StateMeta
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *StatePushCommand) Run(args []string) int {
|
2020-04-01 14:01:08 -05:00
|
|
|
args = c.Meta.process(args)
|
2017-01-18 22:50:45 -06:00
|
|
|
var flagForce bool
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
cmdFlags := c.Meta.ignoreRemoteVersionFlagSet("state push")
|
2017-01-18 22:50:45 -06:00
|
|
|
cmdFlags.BoolVar(&flagForce, "force", false, "")
|
2018-11-21 08:35:27 -06:00
|
|
|
cmdFlags.BoolVar(&c.Meta.stateLock, "lock", true, "lock state")
|
|
|
|
cmdFlags.DurationVar(&c.Meta.stateLockTimeout, "lock-timeout", 0, "lock timeout")
|
2017-01-18 22:50:45 -06:00
|
|
|
if err := cmdFlags.Parse(args); err != nil {
|
2019-08-16 07:31:21 -05:00
|
|
|
c.Ui.Error(fmt.Sprintf("Error parsing command-line flags: %s\n", err.Error()))
|
|
|
|
return 1
|
2017-01-18 22:50:45 -06:00
|
|
|
}
|
|
|
|
args = cmdFlags.Args()
|
|
|
|
|
|
|
|
if len(args) != 1 {
|
2018-10-26 12:08:46 -05:00
|
|
|
c.Ui.Error("Exactly one argument expected.\n")
|
|
|
|
return cli.RunResultHelp
|
2017-01-18 22:50:45 -06:00
|
|
|
}
|
|
|
|
|
2022-03-31 12:42:42 -05:00
|
|
|
if diags := c.Meta.checkRequiredVersion(); diags != nil {
|
|
|
|
c.showDiagnostics(diags)
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2018-10-18 14:41:05 -05:00
|
|
|
// Determine our reader for the input state. This is the filepath
|
|
|
|
// or stdin if "-" is given.
|
|
|
|
var r io.Reader = os.Stdin
|
|
|
|
if args[0] != "-" {
|
|
|
|
f, err := os.Open(args[0])
|
|
|
|
if err != nil {
|
|
|
|
c.Ui.Error(err.Error())
|
|
|
|
return 1
|
|
|
|
}
|
2017-03-01 15:10:48 -06:00
|
|
|
|
2018-10-18 14:41:05 -05:00
|
|
|
// Note: we don't need to defer a Close here because we do a close
|
|
|
|
// automatically below directly after the read.
|
2017-03-01 15:10:48 -06:00
|
|
|
|
2018-10-18 14:41:05 -05:00
|
|
|
r = f
|
|
|
|
}
|
2017-03-01 15:10:48 -06:00
|
|
|
|
2018-10-18 14:41:05 -05:00
|
|
|
// Read the state
|
|
|
|
srcStateFile, err := statefile.Read(r)
|
|
|
|
if c, ok := r.(io.Closer); ok {
|
|
|
|
// Close the reader if possible right now since we're done with it.
|
|
|
|
c.Close()
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
c.Ui.Error(fmt.Sprintf("Error reading source state %q: %s", args[0], err))
|
|
|
|
return 1
|
|
|
|
}
|
2017-01-18 22:50:45 -06:00
|
|
|
|
2018-10-18 14:41:05 -05:00
|
|
|
// Load the backend
|
|
|
|
b, backendDiags := c.Backend(nil)
|
|
|
|
if backendDiags.HasErrors() {
|
|
|
|
c.showDiagnostics(backendDiags)
|
|
|
|
return 1
|
|
|
|
}
|
2017-01-18 22:50:45 -06:00
|
|
|
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
// Determine the workspace name
|
|
|
|
workspace, err := c.Workspace()
|
2020-06-16 11:23:15 -05:00
|
|
|
if err != nil {
|
|
|
|
c.Ui.Error(fmt.Sprintf("Error selecting workspace: %s", err))
|
|
|
|
return 1
|
|
|
|
}
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
|
|
|
|
// Check remote Terraform version is compatible
|
2021-08-24 14:28:12 -05:00
|
|
|
remoteVersionDiags := c.remoteVersionCheck(b, workspace)
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
c.showDiagnostics(remoteVersionDiags)
|
|
|
|
if remoteVersionDiags.HasErrors() {
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the state manager for the currently-selected workspace
|
|
|
|
stateMgr, err := b.StateMgr(workspace)
|
2018-10-18 14:41:05 -05:00
|
|
|
if err != nil {
|
|
|
|
c.Ui.Error(fmt.Sprintf("Failed to load destination state: %s", err))
|
|
|
|
return 1
|
|
|
|
}
|
2018-11-20 02:58:59 -06:00
|
|
|
|
|
|
|
if c.stateLock {
|
2021-02-16 06:19:22 -06:00
|
|
|
stateLocker := clistate.NewLocker(c.stateLockTimeout, views.NewStateLocker(arguments.ViewHuman, c.View))
|
|
|
|
if diags := stateLocker.Lock(stateMgr, "state-push"); diags.HasErrors() {
|
|
|
|
c.showDiagnostics(diags)
|
2018-11-20 02:58:59 -06:00
|
|
|
return 1
|
|
|
|
}
|
2021-02-16 06:19:22 -06:00
|
|
|
defer func() {
|
|
|
|
if diags := stateLocker.Unlock(); diags.HasErrors() {
|
|
|
|
c.showDiagnostics(diags)
|
|
|
|
}
|
|
|
|
}()
|
2018-11-20 02:58:59 -06:00
|
|
|
}
|
|
|
|
|
2018-10-18 14:41:05 -05:00
|
|
|
if err := stateMgr.RefreshState(); err != nil {
|
2018-10-22 08:52:53 -05:00
|
|
|
c.Ui.Error(fmt.Sprintf("Failed to refresh destination state: %s", err))
|
2018-10-18 14:41:05 -05:00
|
|
|
return 1
|
|
|
|
}
|
2017-01-18 22:50:45 -06:00
|
|
|
|
2018-11-13 18:48:59 -06:00
|
|
|
if srcStateFile == nil {
|
|
|
|
// We'll push a new empty state instead
|
|
|
|
srcStateFile = statemgr.NewStateFile()
|
2018-10-18 14:41:05 -05:00
|
|
|
}
|
2017-01-18 22:50:45 -06:00
|
|
|
|
2018-11-13 18:48:59 -06:00
|
|
|
// Import it, forcing through the lineage/serial if requested and possible.
|
|
|
|
if err := statemgr.Import(srcStateFile, stateMgr, flagForce); err != nil {
|
|
|
|
c.Ui.Error(fmt.Sprintf("Failed to write state: %s", err))
|
|
|
|
return 1
|
|
|
|
}
|
2022-08-25 14:57:40 -05:00
|
|
|
|
|
|
|
// Get schemas, if possible, before writing state
|
2022-08-29 11:10:03 -05:00
|
|
|
var schemas *terraform.Schemas
|
2022-08-30 17:52:51 -05:00
|
|
|
var diags tfdiags.Diagnostics
|
2022-08-29 11:10:03 -05:00
|
|
|
if isCloudMode(b) {
|
2022-08-30 17:01:44 -05:00
|
|
|
schemas, diags = c.MaybeGetSchemas(srcStateFile.State, nil)
|
2022-08-25 14:57:40 -05:00
|
|
|
}
|
2022-08-26 14:17:37 -05:00
|
|
|
|
2018-10-18 14:41:05 -05:00
|
|
|
if err := stateMgr.WriteState(srcStateFile.State); err != nil {
|
|
|
|
c.Ui.Error(fmt.Sprintf("Failed to write state: %s", err))
|
|
|
|
return 1
|
|
|
|
}
|
2022-08-25 14:57:40 -05:00
|
|
|
if err := stateMgr.PersistState(schemas); err != nil {
|
2018-10-22 08:52:53 -05:00
|
|
|
c.Ui.Error(fmt.Sprintf("Failed to persist state: %s", err))
|
2018-10-18 14:41:05 -05:00
|
|
|
return 1
|
|
|
|
}
|
2017-01-18 22:50:45 -06:00
|
|
|
|
2022-08-30 17:52:51 -05:00
|
|
|
c.showDiagnostics(diags)
|
2017-01-18 22:50:45 -06:00
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *StatePushCommand) Help() string {
|
|
|
|
helpText := `
|
2021-02-22 08:25:56 -06:00
|
|
|
Usage: terraform [global options] state push [options] PATH
|
2017-01-18 22:50:45 -06:00
|
|
|
|
|
|
|
Update remote state from a local state file at PATH.
|
|
|
|
|
|
|
|
This command "pushes" a local state and overwrites remote state
|
|
|
|
with a local state file. The command will protect you against writing
|
|
|
|
an older serial or a different state file lineage unless you specify the
|
|
|
|
"-force" flag.
|
|
|
|
|
|
|
|
This command works with local state (it will overwrite the local
|
|
|
|
state), but is less useful for this use case.
|
|
|
|
|
2017-03-01 15:10:48 -06:00
|
|
|
If PATH is "-", then this command will read the state to push from stdin.
|
|
|
|
Data from stdin is not streamed to the backend: it is loaded completely
|
|
|
|
(until pipe close), verified, and then pushed.
|
|
|
|
|
2017-01-18 22:50:45 -06:00
|
|
|
Options:
|
|
|
|
|
|
|
|
-force Write the state even if lineages don't match or the
|
|
|
|
remote serial is higher.
|
|
|
|
|
2021-05-12 11:05:03 -05:00
|
|
|
-lock=false Don't hold a state lock during the operation. This is
|
|
|
|
dangerous if others might concurrently run commands
|
|
|
|
against the same workspace.
|
2018-11-21 08:35:27 -06:00
|
|
|
|
|
|
|
-lock-timeout=0s Duration to retry a state lock.
|
|
|
|
|
2017-01-18 22:50:45 -06:00
|
|
|
`
|
|
|
|
return strings.TrimSpace(helpText)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *StatePushCommand) Synopsis() string {
|
|
|
|
return "Update remote state from a local state file"
|
|
|
|
}
|