Commit Graph

77 Commits

Author SHA1 Message Date
Martin Atkins
4d53eaa6df state: more robust handling of state Serial
Previously we relied on a constellation of coincidences for everything to
work out correctly with state serials. In particular, callers needed to
be very careful about mutating states (or not) because many different bits
of code shared pointers to the same objects.

Here we move to a model where all of the state managers always use
distinct instances of state, copied when WriteState is called. This means
that they are truly a snapshot of the state as it was at that call, even
if the caller goes on mutating the state that was passed.

We also adjust the handling of serials so that the state managers ignore
any serials in incoming states and instead just treat each Persist as
the next version after what was most recently Refreshed.

(An exception exists for when nothing has been refreshed, e.g. because
we are writing a state to a location for the first time. In that case
we _do_ trust the caller, since the given state is either a new state
or it's a copy of something we're migrating from elsewhere with its
state and lineage intact.)

The intent here is to allow the rest of Terraform to not worry about
serials and state identity, and instead just treat the state as a mutable
structure. We'll just snapshot it occasionally, when WriteState is called,
and deal with serials _only_ at persist time.

This is intended as a more robust version of , which was a quick
hotfix to an issue that resulted from our previous slopping handling
of state serials but arguably makes the problem worse by depending on
an additional coincidental behavior of the local backend's apply
implementation.
2017-07-05 12:34:30 -07:00
Sander van Harmelen
3d0073e05c core: fix a crash by suggesting a different approach to solve ()
* Revert , ,  and 

These PR’s are all related to issue  for which I would like to propose a different solution then the one currently implemented.

* A different approach to solve 

This approach has (IMHO) a few advantages with regards to the solution currently implemented. I will elaborate on this in the PR.
2017-04-14 22:32:30 +02:00
James Bardin
3f49227b72 add state an context tests
Make sure duplicate depends_on entries are pruned from existing states
on read.

Make sure new state built from configs with multiple references to the
same resource only add it once to the Dependencies.
2017-04-08 15:37:15 -04:00
James Bardin
41ec5b3bd2 missing defaults in sort
Need to properly catch some sort cases around 0-1 indexing.
This can cause output to shift slightly, resulting in an intermittent
test failure.
2017-02-25 16:50:24 -05:00
Mitchell Hashimoto
41d2c145b2
terraform: State.Equal needs to use reflect for rich types
Due to the change to `interface{}` we need to use `reflect.DeepEqual`
here. With the restriction of primitive types this should always be
safe. We'll never get functions, channels, etc.
2017-02-23 14:00:40 -08:00
Mitchell Hashimoto
3342aa580c
terraform: InstanceState.Meta is value type interface{}
This changes the type of values in Meta for InstanceState to
`interface{}`. They were `string` before.

This will allow richer structures to be persisted to this without
flatmapping them (down with flatmap!). The documentation clearly states
that only primitives/collections are allowed here.

The only thing using this was helper/schema for schema versioning.
Appropriate type checking was added to make this change safe.

The timeout work @catsby is doing will use this for a richer structure.
2017-02-23 10:44:05 -08:00
Mitchell Hashimoto
c6d0333dc0
flatmap: mark computed list as a computed value in Expand
Fixes 

The fix is in flatmap for this but the entire issue is a bit more
complex. Given a schema with a computed set, if you reference it like
this:

    lookup(attr[0], "field")

And "attr" contains a computed set within it, it would panic even though
"field" is available. There were a couple avenues I could've taken to
fix this:

1.) Any complex value containing any unknown value at any point is
entirely unknown.

2.) Only the specific part of the complex value is unknown.

I took route 2 so that the above works without any computed (since
"name" is not computed but something else is). This may actually have an
effect on other parts of Terraform configs, however those similar
configs would've simply crashed previously so it shouldn't break any
pre-existing configs.
2017-02-23 10:03:59 -08:00
James Bardin
92cea2478d Add test for nil *os.File in ReadState 2017-02-09 16:06:07 -05:00
Mitchell Hashimoto
523801dcc2
terraform: support backends in the state 2017-01-26 14:33:49 -08:00
James Bardin
89259a1b00 Fix the removal of empty containers from a flatmap
Removal of empty nested containers from a flatmap would sometimes fail a
sanity check when removed in the wrong order. This would only fail
sometimes due to map iteration. There was also an off-by-one error in
the prefix check which could match the incorrect keys.
2017-01-20 16:23:10 -05:00
James Bardin
2820845f8c Remove 0 counts from flatmap during MergeDiff
When a InstanceState is merged with an InstanceDiff, any maps arrays or
sets that no longer exist are shown as empty with a count of 0. If these
are left in the flatmap structure, they will cause errors during
expansion because their existing in the map affects the counts for
parent structures.
2017-01-17 15:49:50 -05:00
Mitchell Hashimoto
cfb440ea60
terraform: don't prune state on init()
Init should only _add_ values, not remove them.

During graph execution, there are steps that expect that a state isn't
being actively pruned out from under it. Namely: writing deposed states.

Writing deposed states has no way to handle if a state changes
underneath it because the only way to uniquely identify a deposed state
is its index in the deposed array. When destroying deposed resources, we
set the value to `<nil>`. If the array is pruned before the next deposed
destroy, then the indexes have changed, and this can cause a crash.

This PR does the following (with more details below):

  * `init()` no longer prunes.

  * `ReadState()` always prunes before returning. I can't think of a
    scenario where this is unsafe since generally we can always START
    from a pruned state, its just causing problems to prune
    mid-execution.

  * Exported State APIs updated to be robust against nil ModuleStates.

Instead, I think we should adopt the following semantics for init/prune
in our structures that support it (Diff, for example). By having
consistent semantics around these functions, we can avoid this in the
future and have set expectations working with them.

  * `init()` (in anything) will only ever be additive, and won't change
    ordering or existing values. It won't remove values.

  * `prune()` is destructive, expectedly.

  * Functions on a structure must not assume a pruned structure 100% of
    the time. They must be robust to handle nils. This is especially
    important because in many cases values such as `Modules` in state
    are exported so end users can simply modify them outside of the
    exported APIs.

This PR may expose us to unknown crashes but I've tried to cover our
cases in exposed APIs by checking for nil.
2016-12-02 11:48:34 -05:00
James Bardin
def55e52ca An empty module in state can panic
An empty module, or a module with an empty path can panic during graph
traversal. Make sure we clear these out when reading and writing the
state.
2016-11-18 17:59:07 -05:00
James Nugent
afe2d7b65b Merge pull request from dtolnay/conflict
core: Allow refresh of local state with no resources
2016-10-14 11:00:46 -05:00
James Bardin
816c04309c Filter nil Deposed values during State init
The Deposed slice wasn't being normalized and nil values could be read
in from a state file. Filter out the nils during init. There is
still a bug in copystructure, but that will be addressed separately.
2016-10-13 13:46:40 -04:00
James Bardin
fe4799bd68 Add failing test for nil IsntanceState in State
A nil InstanceState within State/Modules/Resources/Deposed will panic
during a deep copy. The panic needs to be fixed in copystructure, but
the nil probably should have been normalized out before we got here too.
2016-10-13 11:16:03 -04:00
Mitchell Hashimoto
ea342b793b
Update reflectwalk vendor to fix State.DeepCopy
The real reasoning for this can be found in , , and . All
these vendor updates aim to fix that issue, with minor adjustments
2016-09-27 19:52:12 -07:00
David Tolnay
61185f083c Merge branch hashicorp/master into dtolnay/conflict 2016-09-07 19:17:22 -07:00
Mitchell Hashimoto
3376611ad0
terraform: Validate validates single module states 2016-08-24 18:42:13 -07:00
James Nugent
f933b2cf16 Merge pull request from hashicorp/fix-state-rm
core: Add `terraform state rm` command
2016-08-16 19:10:17 +01:00
Mitchell Hashimoto
0a2fd1a5e5 terraform: filtering on name actually matches name 2016-08-15 14:36:23 -05:00
James Bardin
cdb80f68a8 Ensure better state normalization
Fix checksum issue with remote state

If we read a state file with "null" objects in a module and they become
initialized to an empty map the state file may be written out with empty
objects rather than "null", changing the checksum. If we can detect
this, increment the serial number to prevent a conflict in atlas.

Our fakeAtlas test server now needs to decode the state directly rather
than using the ReadState function, so as to be able to read the state
unaltered.

The terraform.State data structures have initialization spread out
throughout the package. More thoroughly initialize State during
ReadState, and add a call to init() during WriteState as another
normalization safeguard.

Expose State.init through an exported Init() method, so that a new State
can be completely realized outside of the terraform package.
Additionally, the internal init now completely walks all internal state
structures ensuring that all maps and slices are initialized.  While it
was mentioned before that the `init()` methods are problematic with too
many call sites, expanding this out better exposes the entry points that
will need to be refactored later for improved concurrency handling.

The State structures had a mix of `omitempty` fields. Remove omitempty
for all maps and slices as part of this normalization process. Make
Lineage mandatory, which is now explicitly set in some tests.
2016-08-12 11:09:50 -04:00
Trevor Pounds
c4423bba17 Fix state version error message check. 2016-06-27 13:42:44 -07:00
David Tolnay
ff80e7b245
Allow refresh of local state with no resources 2016-06-24 21:54:43 -07:00
Martin Atkins
985fa371dc core: State "Lineage" concept
The lineage of a state is an identifier shared by a set of states whose
serials are meaningfully comparable because they are produced by
progressive Refresh/Apply operations from the same initial empty state.

This is initialized as a type-4 (random) UUID when a new state is
initialized and then preserved on all other changes.

Since states before this change will not have lineage but users may wish
to set a lineage for an existing state in order to get the safety
benefits it will grow to imply, an empty lineage is considered to be
compatible with all lineages.
2016-06-10 07:31:30 -07:00
James Nugent
9554d54116 core: Add test for V2->V3 state upgrade 2016-06-09 11:16:34 +01:00
James Nugent
706ccb7dfe core: Introduce state v3 and upgrade process
This commit makes the current Terraform state version 3 (previously 2),
and a migration process as part of reading v2 state. For the most part
this is unnecessary: helper/schema will deal with upgrading state for
providers written with that framework. However, for providers which
implemented the resource model directly, this gives a best-efforts
attempt at lossless upgrade.

The heuristics used to change the count of a map from the .# key to the
.% key are as follows:

    - if the flat map contains any non-numeric keys, we treat it as a
      map
    - if the map is empty it must be computed or optional, so we remove
      it from state

There is a known edge condition: maps with all-numeric keys are
indistinguishable from sets without access to the schema. They will need
manual conversion or may result in spurious diffs.
2016-06-09 10:49:49 +01:00
James Nugent
49995428fd core: Remove support for V0 state
This removes support for the V0 binary state format which was present in
Terraform prior to 0.3. We still check for the file type and present an
error message explaining to the user that they can upgrade it using a
prior version of Terraform.
2016-06-08 18:38:41 +01:00
Sander van Harmelen
d97b24e3c1
Add tests and fix last issues 2016-05-26 19:56:03 -05:00
James Nugent
3ea3c657b5 core: Use OutputState in JSON instead of map
This commit forward ports the changes made for 0.6.17, in order to store
the type and sensitive flag against outputs.

It also refactors the logic of the import for V0 to V1 state, and
fixes up the call sites of the new format for outputs in V2 state.

Finally we fix up tests which did not previously set a state version
where one is required.
2016-05-18 13:25:20 -05:00
Martin Atkins
844e1abdd3 core: ResourceStateKey understands resource modes
Once a data resource gets into the state, the state system needs to be
able to parse its id to match it with resources in the configuration.
Since data resources live in a separate namespace than managed resources,
the extra "mode" discriminator is required to specify which namespace
we're talking about, just like we do in the resource configuration.
2016-05-14 08:26:36 -07:00
James Nugent
6aac79e194 state: Add support for outputs of multiple types
This commit adds the groundwork for supporting module outputs of types
other than string. In order to do so, the state version is increased
from 1 to 2 (though the "public-facing" state version is actually as the
first state file was binary).

Tests are added to ensure that V2 (1) state is upgraded to V3 (2) state,
though no separate read path is required since the V2 JSON will
unmarshal correctly into the V3 structure.

Outputs in a ModuleState are now of type map[string]interface{}, and a
test covers round-tripping string, []string and map[string]string, which
should cover all of the types in question.

Type switches have been added where necessary to deal with the
interface{} value, but they currently default to panicking when the input
is not a string.
2016-05-10 14:40:12 -04:00
James Nugent
3393492033 Renumber original binary state as V0
This commit rectifies the fact that the original binary state is
referred to as V1 in the source code, but the first version of the JSON
state uses StateVersion: 1. We instead make the code refer to V0 as the
binary state, and V1 as the first version of JSON state.
2016-05-10 14:40:12 -04:00
Mitchell Hashimoto
35c87836b4 core: Add terraform_version to state
This adds a field terraform_version to the state that represents the
Terraform version that wrote that state. If Terraform encounters a state
written by a future version, it will error. You must use at least the
version that wrote that state.

Internally we have fields to override this behavior (StateFutureAllowed),
but I chose not to expose them as CLI flags, since the user can just
modify the state directly. This is tricky, but should be tricky to
represent the horrible disaster that can happen by enabling it.

We didn't have to bump the state format version since the absense of the
field means it was written by version "0.0.0" which will always be
older. In effect though this change will always apply to version 2 of
the state since it appears in 0.7 which bumped the version for other
purposes.
2016-05-10 14:40:11 -04:00
Mitchell Hashimoto
a94b9fdc92 terraform: Internals for state rm command
I decided to split this up from the terraform state rm command to make the diff easier to see. These changes will also be used for terraform state mv.

This adds a `Remove` method to the `*terraform.State` struct. It takes a list of addresses and removes the items matching that list. This leverages the `StateFilter` committed last week to make the view of the world consistent across address lookups.

There is a lot of test duplication here with StateFilter, but in Terraform style: we like it that way.
2016-05-10 14:14:48 -04:00
Paul Hinze
c7f5450a96 command: Add terraform untaint
- [x] Docs
 - [x] Command Unit Tests
 - [x] State Unit Tests

Closes 
2016-03-11 12:38:57 -06:00
James Nugent
bc6107508d Fix additional vet warnings 2016-02-17 11:59:50 -08:00
Paul Hinze
e76fdb92e7 core: fix bug detecting deeply nested module orphans
Context:

As part of building up a Plan, Terraform needs to detect "orphaned"
resources--resources which are present in the state but not in the
config. This happens when config for those resources is removed by the
user, making it Terraform's responsibility to destroy them.

Both state and config are organized by Module into a logical tree, so
the process of finding orphans involves checking for orphaned Resources
in the current module and for orphaned Modules, which themselves will
have all their Resources marked as orphans.

Bug:

In  a problem was exposed where, given a module tree that looked
like this:

```
root
 |
 +-- parent (empty, except for sub-modules)
       |
       +-- child1 (1 resource)
       |
       +-- child2 (1 resource)
```

If `parent` was removed, a bunch of error messages would occur during
the plan. The root cause of this was duplicate orphans appearing for the
resources in child1 and child2.

Fix:

This turned out to be a bug in orphaned module detection. When looking
for deeply nested orphaned modules, root.parent was getting added twice
as an orphaned module to the graph.

Here, we add an additional check to prevent a double add, which
addresses this scenario properly.

Fixes  (the Provisioner side of it was fixed in )
2016-02-09 10:35:46 -06:00
Paul Hinze
a0d3245ee3 core: Orphan addressing / targeting
Instead of trying to skip non-targeted orphans as they are added to
the graph in OrphanTransformer, remove knowledge of targeting from
OrphanTransformer and instead make the orphan resource nodes properly
addressable.

That allows us to use existing logic in TargetTransformer to filter out
the nodes appropriately. This does require adding TargetTransformer to the
list of transforms that run during DynamicExpand so that targeting can
be applied to nodes with expanded counts.

Fixes 
Fixes 
Fixes 
2016-01-19 17:48:44 -06:00
Paul Hinze
05c0998d2d core: store deeply nested modules in a consistent order in the state
We were only comparing the last element of the module, which meant that
deeply nested modules with the same name but different ancestry had an
undefined sort order, which could cause inconsistencies in state
storage and potentially break remote state MD5 checksumming.
2015-10-20 14:35:57 -05:00
Paul Hinze
fca44bdec3 core: state metadata difference should bump serial
Remote state includes MD5-based checksumming to protect against State
conflicts. This can generate improper conflicts with states that differ
only in their Schema version.

We began to see this issue with
https://github.com/hashicorp/terraform/pull/3470 which changes the
"schema_version" of aws_key_pairs.
2015-10-20 12:28:12 -05:00
Mitchell Hashimoto
96a04c16f6 terraform: state ModuleOrphans should return grandchild orphans 2015-07-19 13:41:57 -07:00
Paul Hinze
f51fb5e127 providers/aws: handle empty instancestate in state migration
fixes 
2015-03-26 13:07:04 -05:00
Mitchell Hashimoto
f68f285f72 terraform: test case for higher S1 serial 2015-03-25 15:39:33 -07:00
Mitchell Hashimoto
0d4c7887c5 terraform: don't increment state if one is nil 2015-03-25 15:38:24 -07:00
Mitchell Hashimoto
b3cd1bd5bc terraform: add ResourceState.Taint 2015-02-26 09:58:56 -08:00
Mitchell Hashimoto
57f7507ebd terraform: more state tests, fix a bug 2015-02-23 21:43:54 -08:00
Mitchell Hashimoto
c2bf600603 state: only change serial if changed 2015-02-23 21:26:33 -08:00
Mitchell Hashimoto
330364f668 terraform: State.IsEmpty 2015-02-23 15:13:54 -08:00
Mitchell Hashimoto
6cd5c894e8 terraform: State.IsRemote 2015-02-23 15:13:54 -08:00