2024-02-08 03:48:59 -06:00
|
|
|
// Copyright (c) The OpenTofu Authors
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
// Copyright (c) 2023 HashiCorp, Inc.
|
2023-05-02 10:33:06 -05:00
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2018-10-31 10:45:03 -05:00
|
|
|
package remote
|
|
|
|
|
|
|
|
import (
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
"context"
|
|
|
|
"fmt"
|
2018-10-31 10:45:03 -05:00
|
|
|
"reflect"
|
|
|
|
"strings"
|
|
|
|
"testing"
|
|
|
|
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
tfe "github.com/hashicorp/go-tfe"
|
|
|
|
version "github.com/hashicorp/go-version"
|
2019-10-11 04:34:26 -05:00
|
|
|
"github.com/hashicorp/terraform-svchost/disco"
|
2023-09-20 06:35:35 -05:00
|
|
|
"github.com/opentofu/opentofu/internal/backend"
|
2024-03-04 08:25:14 -06:00
|
|
|
"github.com/opentofu/opentofu/internal/encryption"
|
2024-01-17 05:02:27 -06:00
|
|
|
"github.com/opentofu/opentofu/internal/states/statemgr"
|
2023-09-20 06:35:35 -05:00
|
|
|
"github.com/opentofu/opentofu/internal/tfdiags"
|
|
|
|
tfversion "github.com/opentofu/opentofu/version"
|
2018-10-31 10:45:03 -05:00
|
|
|
"github.com/zclconf/go-cty/cty"
|
2018-11-15 13:26:46 -06:00
|
|
|
|
2023-09-20 06:35:35 -05:00
|
|
|
backendLocal "github.com/opentofu/opentofu/internal/backend/local"
|
2018-10-31 10:45:03 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestRemote(t *testing.T) {
|
2024-03-04 08:25:14 -06:00
|
|
|
var _ backend.Enhanced = New(nil, encryption.StateEncryptionDisabled())
|
|
|
|
var _ backend.CLI = New(nil, encryption.StateEncryptionDisabled())
|
2018-10-31 10:45:03 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemote_backendDefault(t *testing.T) {
|
2019-02-06 02:36:42 -06:00
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
2018-10-31 10:45:03 -05:00
|
|
|
backend.TestBackendStates(t, b)
|
|
|
|
backend.TestBackendStateLocks(t, b, b)
|
|
|
|
backend.TestBackendStateForceUnlock(t, b, b)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemote_backendNoDefault(t *testing.T) {
|
2019-02-06 02:36:42 -06:00
|
|
|
b, bCleanup := testBackendNoDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
2018-10-31 10:45:03 -05:00
|
|
|
backend.TestBackendStates(t, b)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemote_config(t *testing.T) {
|
|
|
|
cases := map[string]struct {
|
|
|
|
config cty.Value
|
|
|
|
confErr string
|
|
|
|
valErr string
|
|
|
|
}{
|
2018-11-15 13:26:46 -06:00
|
|
|
"with_a_nonexisting_organization": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
2023-12-12 10:22:39 -06:00
|
|
|
"hostname": cty.StringVal(mockedBackendHost),
|
2018-11-15 13:26:46 -06:00
|
|
|
"organization": cty.StringVal("nonexisting"),
|
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
2023-12-12 10:22:39 -06:00
|
|
|
confErr: "organization \"nonexisting\" at host " + mockedBackendHost + " not found",
|
2018-11-15 13:26:46 -06:00
|
|
|
},
|
2023-09-06 05:54:39 -05:00
|
|
|
"with_a_missing_hostname": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"hostname": cty.NullVal(cty.String),
|
|
|
|
"organization": cty.StringVal("oracle"),
|
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
|
|
|
confErr: `Hostname is required for the remote backend`,
|
|
|
|
},
|
2018-11-15 13:26:46 -06:00
|
|
|
"with_an_unknown_host": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"hostname": cty.StringVal("nonexisting.local"),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2018-11-15 13:26:46 -06:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
2018-12-10 04:06:05 -06:00
|
|
|
confErr: "Failed to request discovery document",
|
2018-11-15 13:26:46 -06:00
|
|
|
},
|
2020-02-05 10:48:10 -06:00
|
|
|
// localhost advertises TFE services, but has no token in the credentials
|
|
|
|
"without_a_token": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"hostname": cty.StringVal("localhost"),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2020-02-05 10:48:10 -06:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
2023-09-21 07:38:46 -05:00
|
|
|
confErr: "tofu login localhost",
|
2020-02-05 10:48:10 -06:00
|
|
|
},
|
2018-10-31 10:45:03 -05:00
|
|
|
"with_a_name": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"hostname": cty.NullVal(cty.String),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2018-10-31 10:45:03 -05:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
|
|
|
},
|
|
|
|
"with_a_prefix": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"hostname": cty.NullVal(cty.String),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2018-10-31 10:45:03 -05:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.NullVal(cty.String),
|
|
|
|
"prefix": cty.StringVal("my-app-"),
|
|
|
|
}),
|
|
|
|
}),
|
|
|
|
},
|
|
|
|
"without_either_a_name_and_a_prefix": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"hostname": cty.NullVal(cty.String),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2018-10-31 10:45:03 -05:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.NullVal(cty.String),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
|
|
|
valErr: `Either workspace "name" or "prefix" is required`,
|
|
|
|
},
|
|
|
|
"with_both_a_name_and_a_prefix": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"hostname": cty.NullVal(cty.String),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2018-10-31 10:45:03 -05:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.StringVal("my-app-"),
|
|
|
|
}),
|
|
|
|
}),
|
|
|
|
valErr: `Only one of workspace "name" or "prefix" is allowed`,
|
|
|
|
},
|
2020-06-05 08:11:44 -05:00
|
|
|
"null config": {
|
|
|
|
config: cty.NullVal(cty.EmptyObject),
|
|
|
|
},
|
2018-10-31 10:45:03 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range cases {
|
2023-12-11 14:10:03 -06:00
|
|
|
s := testServer(t)
|
2024-03-04 08:25:14 -06:00
|
|
|
b := New(testDisco(s), encryption.StateEncryptionDisabled())
|
2018-10-31 10:45:03 -05:00
|
|
|
|
|
|
|
// Validate
|
2023-11-08 15:09:14 -06:00
|
|
|
_, valDiags := b.PrepareConfig(tc.config)
|
2018-12-10 04:06:05 -06:00
|
|
|
if (valDiags.Err() != nil || tc.valErr != "") &&
|
|
|
|
(valDiags.Err() == nil || !strings.Contains(valDiags.Err().Error(), tc.valErr)) {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatalf("%s: unexpected validation result: %v", name, valDiags.Err())
|
|
|
|
}
|
|
|
|
|
|
|
|
// Configure
|
2023-11-08 15:09:14 -06:00
|
|
|
confDiags := b.Configure(tc.config)
|
2018-12-13 16:12:36 -06:00
|
|
|
if (confDiags.Err() != nil || tc.confErr != "") &&
|
|
|
|
(confDiags.Err() == nil || !strings.Contains(confDiags.Err().Error(), tc.confErr)) {
|
2018-11-15 13:26:46 -06:00
|
|
|
t.Fatalf("%s: unexpected configure result: %v", name, confDiags.Err())
|
2018-10-31 10:45:03 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-12-15 14:28:35 -06:00
|
|
|
func TestRemote_versionConstraints(t *testing.T) {
|
|
|
|
cases := map[string]struct {
|
|
|
|
config cty.Value
|
|
|
|
prerelease string
|
|
|
|
version string
|
|
|
|
result string
|
|
|
|
}{
|
|
|
|
"compatible version": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
2023-12-12 10:22:39 -06:00
|
|
|
"hostname": cty.StringVal(mockedBackendHost),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2018-12-15 14:28:35 -06:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
|
|
|
version: "0.11.1",
|
|
|
|
},
|
|
|
|
"version too old": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
2023-12-12 10:22:39 -06:00
|
|
|
"hostname": cty.StringVal(mockedBackendHost),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2018-12-15 14:28:35 -06:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
2019-02-06 02:36:42 -06:00
|
|
|
version: "0.0.1",
|
2023-09-21 07:38:46 -05:00
|
|
|
result: "upgrade OpenTofu to >= 0.1.0",
|
2018-12-15 14:28:35 -06:00
|
|
|
},
|
|
|
|
"version too new": {
|
|
|
|
config: cty.ObjectVal(map[string]cty.Value{
|
2023-12-12 10:22:39 -06:00
|
|
|
"hostname": cty.StringVal(mockedBackendHost),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2018-12-15 14:28:35 -06:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}),
|
2019-02-06 02:36:42 -06:00
|
|
|
version: "10.0.1",
|
2023-09-21 07:38:46 -05:00
|
|
|
result: "downgrade OpenTofu to <= 10.0.0",
|
2018-12-15 14:28:35 -06:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
// Save and restore the actual version.
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
p := tfversion.Prerelease
|
|
|
|
v := tfversion.Version
|
2018-12-15 14:28:35 -06:00
|
|
|
defer func() {
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
tfversion.Prerelease = p
|
|
|
|
tfversion.Version = v
|
2018-12-15 14:28:35 -06:00
|
|
|
}()
|
|
|
|
|
|
|
|
for name, tc := range cases {
|
2023-12-11 14:10:03 -06:00
|
|
|
s := testServer(t)
|
2024-03-04 08:25:14 -06:00
|
|
|
b := New(testDisco(s), encryption.StateEncryptionDisabled())
|
2018-12-15 14:28:35 -06:00
|
|
|
|
2023-12-11 14:10:03 -06:00
|
|
|
// Set the version for this test.
|
|
|
|
tfversion.Prerelease = tc.prerelease
|
|
|
|
tfversion.Version = tc.version
|
|
|
|
|
|
|
|
// Validate
|
|
|
|
_, valDiags := b.PrepareConfig(tc.config)
|
|
|
|
if valDiags.HasErrors() {
|
|
|
|
t.Fatalf("%s: unexpected validation result: %v", name, valDiags.Err())
|
|
|
|
}
|
|
|
|
|
|
|
|
// Configure
|
|
|
|
confDiags := b.Configure(tc.config)
|
|
|
|
if (confDiags.Err() != nil || tc.result != "") &&
|
|
|
|
(confDiags.Err() == nil || !strings.Contains(confDiags.Err().Error(), tc.result)) {
|
|
|
|
t.Fatalf("%s: unexpected configure result: %v", name, confDiags.Err())
|
|
|
|
}
|
2018-12-15 14:28:35 -06:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-15 13:26:46 -06:00
|
|
|
func TestRemote_localBackend(t *testing.T) {
|
2019-02-06 02:36:42 -06:00
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
2018-10-31 10:45:03 -05:00
|
|
|
|
2018-11-15 13:26:46 -06:00
|
|
|
local, ok := b.local.(*backendLocal.Local)
|
|
|
|
if !ok {
|
|
|
|
t.Fatalf("expected b.local to be \"*local.Local\", got: %T", b.local)
|
2018-10-31 10:45:03 -05:00
|
|
|
}
|
|
|
|
|
2018-11-15 13:26:46 -06:00
|
|
|
remote, ok := local.Backend.(*Remote)
|
|
|
|
if !ok {
|
|
|
|
t.Fatalf("expected local.Backend to be *remote.Remote, got: %T", remote)
|
2018-10-31 10:45:03 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemote_addAndRemoveWorkspacesDefault(t *testing.T) {
|
2019-02-06 02:36:42 -06:00
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.Workspaces(); err != backend.ErrWorkspacesNotSupported {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatalf("expected error %v, got %v", backend.ErrWorkspacesNotSupported, err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.StateMgr(backend.DefaultStateName); err != nil {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatalf("expected no error, got %v", err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.StateMgr("prod"); err != backend.ErrWorkspacesNotSupported {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatalf("expected error %v, got %v", backend.ErrWorkspacesNotSupported, err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if err := b.DeleteWorkspace(backend.DefaultStateName, true); err != nil {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatalf("expected no error, got %v", err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if err := b.DeleteWorkspace("prod", true); err != backend.ErrWorkspacesNotSupported {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatalf("expected error %v, got %v", backend.ErrWorkspacesNotSupported, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemote_addAndRemoveWorkspacesNoDefault(t *testing.T) {
|
2019-02-06 02:36:42 -06:00
|
|
|
b, bCleanup := testBackendNoDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
states, err := b.Workspaces()
|
2018-10-31 10:45:03 -05:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expectedWorkspaces := []string(nil)
|
|
|
|
if !reflect.DeepEqual(states, expectedWorkspaces) {
|
|
|
|
t.Fatalf("expected states %#+v, got %#+v", expectedWorkspaces, states)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.StateMgr(backend.DefaultStateName); err != backend.ErrDefaultWorkspaceNotSupported {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatalf("expected error %v, got %v", backend.ErrDefaultWorkspaceNotSupported, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expectedA := "test_A"
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.StateMgr(expectedA); err != nil {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
states, err = b.Workspaces()
|
2018-10-31 10:45:03 -05:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expectedWorkspaces = append(expectedWorkspaces, expectedA)
|
|
|
|
if !reflect.DeepEqual(states, expectedWorkspaces) {
|
|
|
|
t.Fatalf("expected %#+v, got %#+v", expectedWorkspaces, states)
|
|
|
|
}
|
|
|
|
|
|
|
|
expectedB := "test_B"
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.StateMgr(expectedB); err != nil {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
states, err = b.Workspaces()
|
2018-10-31 10:45:03 -05:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expectedWorkspaces = append(expectedWorkspaces, expectedB)
|
|
|
|
if !reflect.DeepEqual(states, expectedWorkspaces) {
|
|
|
|
t.Fatalf("expected %#+v, got %#+v", expectedWorkspaces, states)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if err := b.DeleteWorkspace(backend.DefaultStateName, true); err != backend.ErrDefaultWorkspaceNotSupported {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatalf("expected error %v, got %v", backend.ErrDefaultWorkspaceNotSupported, err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if err := b.DeleteWorkspace(expectedA, true); err != nil {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
states, err = b.Workspaces()
|
2018-10-31 10:45:03 -05:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expectedWorkspaces = []string{expectedB}
|
|
|
|
if !reflect.DeepEqual(states, expectedWorkspaces) {
|
|
|
|
t.Fatalf("expected %#+v got %#+v", expectedWorkspaces, states)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
if err := b.DeleteWorkspace(expectedB, true); err != nil {
|
2018-10-31 10:45:03 -05:00
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
states, err = b.Workspaces()
|
2018-10-31 10:45:03 -05:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expectedWorkspaces = []string(nil)
|
|
|
|
if !reflect.DeepEqual(states, expectedWorkspaces) {
|
|
|
|
t.Fatalf("expected %#+v, got %#+v", expectedWorkspaces, states)
|
|
|
|
}
|
|
|
|
}
|
2018-12-14 12:31:42 -06:00
|
|
|
|
|
|
|
func TestRemote_checkConstraints(t *testing.T) {
|
2019-02-06 02:36:42 -06:00
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
2018-12-14 12:31:42 -06:00
|
|
|
|
|
|
|
cases := map[string]struct {
|
|
|
|
constraints *disco.Constraints
|
|
|
|
prerelease string
|
|
|
|
version string
|
|
|
|
result string
|
|
|
|
}{
|
|
|
|
"compatible version": {
|
|
|
|
constraints: &disco.Constraints{
|
|
|
|
Minimum: "0.11.0",
|
|
|
|
Maximum: "0.11.11",
|
|
|
|
},
|
|
|
|
version: "0.11.1",
|
|
|
|
result: "",
|
|
|
|
},
|
|
|
|
"version too old": {
|
|
|
|
constraints: &disco.Constraints{
|
|
|
|
Minimum: "0.11.0",
|
|
|
|
Maximum: "0.11.11",
|
|
|
|
},
|
|
|
|
version: "0.10.1",
|
2023-09-21 07:38:46 -05:00
|
|
|
result: "upgrade OpenTofu to >= 0.11.0",
|
2018-12-14 12:31:42 -06:00
|
|
|
},
|
|
|
|
"version too new": {
|
|
|
|
constraints: &disco.Constraints{
|
|
|
|
Minimum: "0.11.0",
|
|
|
|
Maximum: "0.11.11",
|
|
|
|
},
|
|
|
|
version: "0.12.0",
|
2023-09-21 07:38:46 -05:00
|
|
|
result: "downgrade OpenTofu to <= 0.11.11",
|
2018-12-14 12:31:42 -06:00
|
|
|
},
|
|
|
|
"version excluded - ordered": {
|
|
|
|
constraints: &disco.Constraints{
|
|
|
|
Minimum: "0.11.0",
|
|
|
|
Excluding: []string{"0.11.7", "0.11.8"},
|
|
|
|
Maximum: "0.11.11",
|
|
|
|
},
|
|
|
|
version: "0.11.7",
|
2023-09-21 07:38:46 -05:00
|
|
|
result: "upgrade OpenTofu to > 0.11.8",
|
2018-12-14 12:31:42 -06:00
|
|
|
},
|
|
|
|
"version excluded - unordered": {
|
|
|
|
constraints: &disco.Constraints{
|
|
|
|
Minimum: "0.11.0",
|
|
|
|
Excluding: []string{"0.11.8", "0.11.6"},
|
|
|
|
Maximum: "0.11.11",
|
|
|
|
},
|
|
|
|
version: "0.11.6",
|
2023-09-21 07:38:46 -05:00
|
|
|
result: "upgrade OpenTofu to > 0.11.8",
|
2018-12-14 12:31:42 -06:00
|
|
|
},
|
|
|
|
"list versions": {
|
|
|
|
constraints: &disco.Constraints{
|
|
|
|
Minimum: "0.11.0",
|
|
|
|
Maximum: "0.11.11",
|
|
|
|
},
|
|
|
|
version: "0.10.1",
|
2018-12-19 10:28:32 -06:00
|
|
|
result: "versions >= 0.11.0, <= 0.11.11.",
|
2018-12-14 12:31:42 -06:00
|
|
|
},
|
|
|
|
"list exclusion": {
|
|
|
|
constraints: &disco.Constraints{
|
|
|
|
Minimum: "0.11.0",
|
|
|
|
Excluding: []string{"0.11.6"},
|
|
|
|
Maximum: "0.11.11",
|
|
|
|
},
|
|
|
|
version: "0.11.6",
|
|
|
|
result: "excluding version 0.11.6.",
|
|
|
|
},
|
|
|
|
"list exclusions": {
|
|
|
|
constraints: &disco.Constraints{
|
|
|
|
Minimum: "0.11.0",
|
|
|
|
Excluding: []string{"0.11.8", "0.11.6"},
|
|
|
|
Maximum: "0.11.11",
|
|
|
|
},
|
|
|
|
version: "0.11.6",
|
|
|
|
result: "excluding versions 0.11.6, 0.11.8.",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2018-12-15 14:28:35 -06:00
|
|
|
// Save and restore the actual version.
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
p := tfversion.Prerelease
|
|
|
|
v := tfversion.Version
|
2018-12-15 14:28:35 -06:00
|
|
|
defer func() {
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
tfversion.Prerelease = p
|
|
|
|
tfversion.Version = v
|
2018-12-15 14:28:35 -06:00
|
|
|
}()
|
|
|
|
|
2018-12-14 12:31:42 -06:00
|
|
|
for name, tc := range cases {
|
2018-12-15 14:28:35 -06:00
|
|
|
// Set the version for this test.
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
tfversion.Prerelease = tc.prerelease
|
|
|
|
tfversion.Version = tc.version
|
2018-12-14 12:31:42 -06:00
|
|
|
|
|
|
|
// Check the constraints.
|
|
|
|
diags := b.checkConstraints(tc.constraints)
|
|
|
|
if (diags.Err() != nil || tc.result != "") &&
|
|
|
|
(diags.Err() == nil || !strings.Contains(diags.Err().Error(), tc.result)) {
|
|
|
|
t.Fatalf("%s: unexpected constraints result: %v", name, diags.Err())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
|
|
|
|
func TestRemote_StateMgr_versionCheck(t *testing.T) {
|
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
|
|
|
// Some fixed versions for testing with. This logic is a simple string
|
|
|
|
// comparison, so we don't need many test cases.
|
|
|
|
v0135 := version.Must(version.NewSemver("0.13.5"))
|
|
|
|
v0140 := version.Must(version.NewSemver("0.14.0"))
|
|
|
|
|
|
|
|
// Save original local version state and restore afterwards
|
|
|
|
p := tfversion.Prerelease
|
|
|
|
v := tfversion.Version
|
|
|
|
s := tfversion.SemVer
|
|
|
|
defer func() {
|
|
|
|
tfversion.Prerelease = p
|
|
|
|
tfversion.Version = v
|
|
|
|
tfversion.SemVer = s
|
|
|
|
}()
|
|
|
|
|
|
|
|
// For this test, the local Terraform version is set to 0.14.0
|
|
|
|
tfversion.Prerelease = ""
|
|
|
|
tfversion.Version = v0140.String()
|
|
|
|
tfversion.SemVer = v0140
|
|
|
|
|
2023-09-21 07:38:46 -05:00
|
|
|
// Update the mock remote workspace OpenTofu version to match the local
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
// Terraform version
|
|
|
|
if _, err := b.client.Workspaces.Update(
|
|
|
|
context.Background(),
|
|
|
|
b.organization,
|
|
|
|
b.workspace,
|
|
|
|
tfe.WorkspaceUpdateOptions{
|
|
|
|
TerraformVersion: tfe.String(v0140.String()),
|
|
|
|
},
|
|
|
|
); err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// This should succeed
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.StateMgr(backend.DefaultStateName); err != nil {
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
t.Fatalf("expected no error, got %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Now change the remote workspace to a different Terraform version
|
|
|
|
if _, err := b.client.Workspaces.Update(
|
|
|
|
context.Background(),
|
|
|
|
b.organization,
|
|
|
|
b.workspace,
|
|
|
|
tfe.WorkspaceUpdateOptions{
|
|
|
|
TerraformVersion: tfe.String(v0135.String()),
|
|
|
|
},
|
|
|
|
); err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// This should fail
|
2023-09-21 07:38:46 -05:00
|
|
|
want := `Remote workspace OpenTofu version "0.13.5" does not match local OpenTofu version "0.14.0"`
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.StateMgr(backend.DefaultStateName); err.Error() != want {
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
t.Fatalf("wrong error\n got: %v\nwant: %v", err.Error(), want)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-01-17 05:02:27 -06:00
|
|
|
func TestRemote_Unlock_ignoreVersion(t *testing.T) {
|
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
|
|
|
// this is set by the unlock command
|
|
|
|
b.IgnoreVersionConflict()
|
|
|
|
|
|
|
|
v111 := version.Must(version.NewSemver("1.1.1"))
|
|
|
|
|
|
|
|
// Save original local version state and restore afterwards
|
|
|
|
p := tfversion.Prerelease
|
|
|
|
v := tfversion.Version
|
|
|
|
s := tfversion.SemVer
|
|
|
|
defer func() {
|
|
|
|
tfversion.Prerelease = p
|
|
|
|
tfversion.Version = v
|
|
|
|
tfversion.SemVer = s
|
|
|
|
}()
|
|
|
|
|
|
|
|
// For this test, the local Terraform version is set to 1.1.1
|
|
|
|
tfversion.Prerelease = ""
|
|
|
|
tfversion.Version = v111.String()
|
|
|
|
tfversion.SemVer = v111
|
|
|
|
|
|
|
|
state, err := b.StateMgr(backend.DefaultStateName)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
lockID, err := state.Lock(statemgr.NewLockInfo())
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// this should succeed since the version conflict is ignored
|
|
|
|
if err = state.Unlock(lockID); err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-12-08 13:46:56 -06:00
|
|
|
func TestRemote_StateMgr_versionCheckLatest(t *testing.T) {
|
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
|
|
|
v0140 := version.Must(version.NewSemver("0.14.0"))
|
|
|
|
|
|
|
|
// Save original local version state and restore afterwards
|
|
|
|
p := tfversion.Prerelease
|
|
|
|
v := tfversion.Version
|
|
|
|
s := tfversion.SemVer
|
|
|
|
defer func() {
|
|
|
|
tfversion.Prerelease = p
|
|
|
|
tfversion.Version = v
|
|
|
|
tfversion.SemVer = s
|
|
|
|
}()
|
|
|
|
|
|
|
|
// For this test, the local Terraform version is set to 0.14.0
|
|
|
|
tfversion.Prerelease = ""
|
|
|
|
tfversion.Version = v0140.String()
|
|
|
|
tfversion.SemVer = v0140
|
|
|
|
|
|
|
|
// Update the remote workspace to the pseudo-version "latest"
|
|
|
|
if _, err := b.client.Workspaces.Update(
|
|
|
|
context.Background(),
|
|
|
|
b.organization,
|
|
|
|
b.workspace,
|
|
|
|
tfe.WorkspaceUpdateOptions{
|
|
|
|
TerraformVersion: tfe.String("latest"),
|
|
|
|
},
|
|
|
|
); err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// This should succeed despite not being a string match
|
2023-11-08 15:09:14 -06:00
|
|
|
if _, err := b.StateMgr(backend.DefaultStateName); err != nil {
|
2020-12-08 13:46:56 -06:00
|
|
|
t.Fatalf("expected no error, got %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
func TestRemote_VerifyWorkspaceTerraformVersion(t *testing.T) {
|
|
|
|
testCases := []struct {
|
2022-03-15 16:42:11 -05:00
|
|
|
local string
|
|
|
|
remote string
|
|
|
|
executionMode string
|
|
|
|
wantErr bool
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
}{
|
2022-03-15 16:42:11 -05:00
|
|
|
{"0.13.5", "0.13.5", "remote", false},
|
|
|
|
{"0.14.0", "0.13.5", "remote", true},
|
|
|
|
{"0.14.0", "0.13.5", "local", false},
|
|
|
|
{"0.14.0", "0.14.1", "remote", false},
|
|
|
|
{"0.14.0", "1.0.99", "remote", false},
|
|
|
|
{"0.14.0", "1.1.0", "remote", false},
|
2022-05-03 13:28:41 -05:00
|
|
|
{"0.14.0", "1.3.0", "remote", true},
|
2022-03-15 16:42:11 -05:00
|
|
|
{"1.2.0", "1.2.99", "remote", false},
|
|
|
|
{"1.2.0", "1.3.0", "remote", true},
|
|
|
|
{"0.15.0", "latest", "remote", false},
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(fmt.Sprintf("local %s, remote %s", tc.local, tc.remote), func(t *testing.T) {
|
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
|
|
|
local := version.Must(version.NewSemver(tc.local))
|
|
|
|
|
|
|
|
// Save original local version state and restore afterwards
|
|
|
|
p := tfversion.Prerelease
|
|
|
|
v := tfversion.Version
|
|
|
|
s := tfversion.SemVer
|
|
|
|
defer func() {
|
|
|
|
tfversion.Prerelease = p
|
|
|
|
tfversion.Version = v
|
|
|
|
tfversion.SemVer = s
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Override local version as specified
|
|
|
|
tfversion.Prerelease = ""
|
|
|
|
tfversion.Version = local.String()
|
|
|
|
tfversion.SemVer = local
|
|
|
|
|
2023-09-21 07:38:46 -05:00
|
|
|
// Update the mock remote workspace OpenTofu version to the
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
// specified remote version
|
|
|
|
if _, err := b.client.Workspaces.Update(
|
2023-11-08 15:09:14 -06:00
|
|
|
context.Background(),
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
b.organization,
|
|
|
|
b.workspace,
|
|
|
|
tfe.WorkspaceUpdateOptions{
|
2022-03-15 16:42:11 -05:00
|
|
|
ExecutionMode: &tc.executionMode,
|
2020-12-08 13:46:56 -06:00
|
|
|
TerraformVersion: tfe.String(tc.remote),
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
},
|
|
|
|
); err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
diags := b.VerifyWorkspaceTerraformVersion(backend.DefaultStateName)
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
if tc.wantErr {
|
|
|
|
if len(diags) != 1 {
|
|
|
|
t.Fatal("expected diag, but none returned")
|
|
|
|
}
|
2023-09-21 07:38:46 -05:00
|
|
|
if got := diags.Err().Error(); !strings.Contains(got, "OpenTofu version mismatch") {
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
t.Fatalf("unexpected error: %s", got)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if len(diags) != 0 {
|
|
|
|
t.Fatalf("unexpected diags: %s", diags.Err())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemote_VerifyWorkspaceTerraformVersion_workspaceErrors(t *testing.T) {
|
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
|
|
|
// Attempting to check the version against a workspace which doesn't exist
|
2021-03-15 14:40:51 -05:00
|
|
|
// should result in no errors
|
2023-11-08 15:09:14 -06:00
|
|
|
diags := b.VerifyWorkspaceTerraformVersion("invalid-workspace")
|
2021-03-15 14:40:51 -05:00
|
|
|
if len(diags) != 0 {
|
|
|
|
t.Fatalf("unexpected error: %s", diags.Err())
|
|
|
|
}
|
|
|
|
|
|
|
|
// Use a special workspace ID to trigger a 500 error, which should result
|
|
|
|
// in a failed check
|
2023-11-08 15:09:14 -06:00
|
|
|
diags = b.VerifyWorkspaceTerraformVersion("network-error")
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
if len(diags) != 1 {
|
|
|
|
t.Fatal("expected diag, but none returned")
|
|
|
|
}
|
|
|
|
if got := diags.Err().Error(); !strings.Contains(got, "Error looking up workspace: Workspace read failed") {
|
|
|
|
t.Fatalf("unexpected error: %s", got)
|
|
|
|
}
|
|
|
|
|
2023-09-21 07:38:46 -05:00
|
|
|
// Update the mock remote workspace OpenTofu version to an invalid version
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
if _, err := b.client.Workspaces.Update(
|
|
|
|
context.Background(),
|
|
|
|
b.organization,
|
|
|
|
b.workspace,
|
|
|
|
tfe.WorkspaceUpdateOptions{
|
|
|
|
TerraformVersion: tfe.String("1.0.cheetarah"),
|
|
|
|
},
|
|
|
|
); err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
2023-11-08 15:09:14 -06:00
|
|
|
diags = b.VerifyWorkspaceTerraformVersion(backend.DefaultStateName)
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
|
|
|
|
if len(diags) != 1 {
|
|
|
|
t.Fatal("expected diag, but none returned")
|
|
|
|
}
|
2023-09-21 07:38:46 -05:00
|
|
|
if got := diags.Err().Error(); !strings.Contains(got, "Error looking up workspace: Invalid OpenTofu version") {
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
t.Fatalf("unexpected error: %s", got)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemote_VerifyWorkspaceTerraformVersion_ignoreFlagSet(t *testing.T) {
|
|
|
|
b, bCleanup := testBackendDefault(t)
|
|
|
|
defer bCleanup()
|
|
|
|
|
|
|
|
// If the ignore flag is set, the behaviour changes
|
|
|
|
b.IgnoreVersionConflict()
|
|
|
|
|
|
|
|
// Different local & remote versions to cause an error
|
|
|
|
local := version.Must(version.NewSemver("0.14.0"))
|
|
|
|
remote := version.Must(version.NewSemver("0.13.5"))
|
|
|
|
|
|
|
|
// Save original local version state and restore afterwards
|
|
|
|
p := tfversion.Prerelease
|
|
|
|
v := tfversion.Version
|
|
|
|
s := tfversion.SemVer
|
|
|
|
defer func() {
|
|
|
|
tfversion.Prerelease = p
|
|
|
|
tfversion.Version = v
|
|
|
|
tfversion.SemVer = s
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Override local version as specified
|
|
|
|
tfversion.Prerelease = ""
|
|
|
|
tfversion.Version = local.String()
|
|
|
|
tfversion.SemVer = local
|
|
|
|
|
2023-09-21 07:38:46 -05:00
|
|
|
// Update the mock remote workspace OpenTofu version to the
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
// specified remote version
|
|
|
|
if _, err := b.client.Workspaces.Update(
|
2023-11-08 15:09:14 -06:00
|
|
|
context.Background(),
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
b.organization,
|
|
|
|
b.workspace,
|
|
|
|
tfe.WorkspaceUpdateOptions{
|
|
|
|
TerraformVersion: tfe.String(remote.String()),
|
|
|
|
},
|
|
|
|
); err != nil {
|
|
|
|
t.Fatalf("error: %v", err)
|
|
|
|
}
|
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
diags := b.VerifyWorkspaceTerraformVersion(backend.DefaultStateName)
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
if len(diags) != 1 {
|
|
|
|
t.Fatal("expected diag, but none returned")
|
|
|
|
}
|
|
|
|
|
|
|
|
if got, want := diags[0].Severity(), tfdiags.Warning; got != want {
|
|
|
|
t.Errorf("wrong severity: got %#v, want %#v", got, want)
|
|
|
|
}
|
2023-09-21 07:38:46 -05:00
|
|
|
if got, want := diags[0].Description().Summary, "OpenTofu version mismatch"; got != want {
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
t.Errorf("wrong summary: got %s, want %s", got, want)
|
|
|
|
}
|
2023-12-11 14:10:03 -06:00
|
|
|
wantDetail := "The local OpenTofu version (0.14.0) does not match the configured version for remote workspace hashicorp/prod (0.13.5)."
|
backend: Validate remote backend Terraform version
When using the enhanced remote backend, a subset of all Terraform
operations are supported. Of these, only plan and apply can be executed
on the remote infrastructure (e.g. Terraform Cloud). Other operations
run locally and use the remote backend for state storage.
This causes problems when the local version of Terraform does not match
the configured version from the remote workspace. If the two versions
are incompatible, an `import` or `state mv` operation can cause the
remote workspace to be unusable until a manual fix is applied.
To prevent this from happening accidentally, this commit introduces a
check that the local Terraform version and the configured remote
workspace Terraform version are compatible. This check is skipped for
commands which do not write state, and can also be disabled by the use
of a new command-line flag, `-ignore-remote-version`.
Terraform version compatibility is defined as:
- For all releases before 0.14.0, local must exactly equal remote, as
two different versions cannot share state;
- 0.14.0 to 1.0.x are compatible, as we will not change the state
version number until at least Terraform 1.1.0;
- Versions after 1.1.0 must have the same major and minor versions, as
we will not change the state version number in a patch release.
If the two versions are incompatible, a diagnostic is displayed,
advising that the error can be suppressed with `-ignore-remote-version`.
When this flag is used, the diagnostic is still displayed, but as a
warning instead of an error.
Commands which will not write state can assert this fact by calling the
helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the
checks. Those which can write state should instead call the helper
`meta.remoteBackendVersionCheck`, which will return diagnostics for
display.
In addition to these explicit paths for managing the version check, we
have an implicit check in the remote backend's state manager
initialization method. Both of the above helpers will disable this
check. This fallback is in place to ensure that future code paths which
access state cannot accidentally skip the remote version check.
2020-11-13 15:43:56 -06:00
|
|
|
if got := diags[0].Description().Detail; got != wantDetail {
|
|
|
|
t.Errorf("wrong summary: got %s, want %s", got, wantDetail)
|
|
|
|
}
|
|
|
|
}
|
2023-06-26 12:02:55 -05:00
|
|
|
|
|
|
|
func TestRemote_ServiceDiscoveryAliases(t *testing.T) {
|
2023-12-11 14:10:03 -06:00
|
|
|
s := testServer(t)
|
2024-03-04 08:25:14 -06:00
|
|
|
b := New(testDisco(s), encryption.StateEncryptionDisabled())
|
2023-06-26 12:02:55 -05:00
|
|
|
|
2023-11-08 15:09:14 -06:00
|
|
|
diag := b.Configure(cty.ObjectVal(map[string]cty.Value{
|
2023-12-12 10:22:39 -06:00
|
|
|
"hostname": cty.StringVal(mockedBackendHost),
|
2023-12-11 14:10:03 -06:00
|
|
|
"organization": cty.StringVal("hashicorp"),
|
2023-06-26 12:02:55 -05:00
|
|
|
"token": cty.NullVal(cty.String),
|
|
|
|
"workspaces": cty.ObjectVal(map[string]cty.Value{
|
|
|
|
"name": cty.StringVal("prod"),
|
|
|
|
"prefix": cty.NullVal(cty.String),
|
|
|
|
}),
|
|
|
|
}))
|
|
|
|
if diag.HasErrors() {
|
|
|
|
t.Fatalf("expected no diagnostic errors, got %s", diag.Err())
|
|
|
|
}
|
|
|
|
|
|
|
|
aliases, err := b.ServiceDiscoveryAliases()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("expected no errors, got %s", err)
|
|
|
|
}
|
|
|
|
if len(aliases) != 1 {
|
|
|
|
t.Fatalf("expected 1 alias but got %d", len(aliases))
|
|
|
|
}
|
|
|
|
}
|