Commit Graph

3183 Commits

Author SHA1 Message Date
Pam Selle
d626a7787d Add integration test in context_validate 2020-11-20 11:16:07 -05:00
Pam Selle
b1e229ef6c Give test types cty types 2020-11-20 10:44:37 -05:00
Pam Selle
578a3d89d1 Unmark values before provider validate call
Unmark values before calling provider's validate
function, this was not tested as the mock
provider does not use Marshall. Update mock
provider funcs to marshall and error if there
was an error in marshalling
2020-11-19 18:04:33 -05:00
Alisdair McDiarmid
1c7f412d13 terraform: Unmark provider configuration arguments
Before configuring a provider, we need to unmark the configuration
object, in case it includes any sensitive values. This is required
because configuration occurs over gRPC, which doesn't support sensitive
marks.
2020-11-16 13:13:20 -05:00
Martin Atkins
c8843642c8 lang: allow functions to be subject to experiments
So far all of our language experiments have been new constructs handled
statically up in the configs package, but functions are another common
extention point where experiments could be useful to gather feedback and
so this intends to pass the information down into the right place to allow
for that to happen, even though as of this commit there are no
experimental functions to use it.
2020-11-13 17:25:16 -08:00
hhofs
5b99a56fde
communicator/ssh: Add support for Windows targets (#26865) 2020-11-12 10:00:48 -05:00
Alisdair McDiarmid
45671a354d configs: Fix provider lookup local name mismatch
When a resource has no `provider` argument specified, its provider is
derived from the implied provider type based on the resource type. For
example, a `boop_instance` resource has an implied provider local name
of `boop`. Correspondingly, its provider configuration is specified with
a `provider "boop"` block.

However, users can use the `required_providers` configuration to give a
different local name to a given provider than its defined type. For
example, a provider may be published at `foobar/beep`, but provide
resources such as `boop_instance`. The most convenient way to use this
provider is with a `required_providers` map:

terraform {
  required_providers {
    boop = {
      source = "foobar/beep"
    }
  }
}

Once that local name is defined, it is used for provider configuration
(a `provider "boop"` block, not `provider "beep"`). It should also be
used when looking up a resource's provider configuration or provider.

This commit fixes a bug with this edge case, where previously we were
looking up the local provider configuration block using the resource's
assigned provider type. Instead, if no provider argument is specified,
we should be using the implied provider type, as that is what binds the
resource to the local provider configuration.
2020-11-10 15:25:02 -05:00
Alisdair McDiarmid
10cc25fc21 terraform: Compare locks and provider requirements
When building a context, we read the dependency locks and ensure that
the provider requirements from the configuration can be satisfied.
If the configured requirements change such that the locks need to be
updated, we explain this and recommend running "terraform init".

This check is ignored for any providers which are locally marked as in
development. This includes unmanaged providers and those listed in the
provider installation `dev_overrides` block.
2020-11-06 12:58:52 -05:00
Pam Selle
fd52bf21e8 Mark variables as sensitive (if relevant) in validate
Ensure that variables are marked in the validate walk
so that appropriate diags will surface at validate
rather than surprising users at apply
2020-11-05 16:09:10 -05:00
James Bardin
cb541be377
Merge pull request #26810 from hashicorp/jbardin/validate-ignore-changes
Allow null attributes to be referenced in ignore_changes
2020-11-05 08:29:26 -05:00
Martin Atkins
ae3c0c6a4a lang/funcs: Remove the deprecated "list" and "map" functions
Prior to Terraform 0.12 these two functions were the only way to construct
literal lists and maps (respectively) in HIL expressions. Terraform 0.12,
by switching to HCL 2, introduced first-class syntax for constructing
tuple and object values, which can then be converted into list and map
values using the tolist and tomap type conversion functions.

We marked both of these functions as deprecated in the Terraform v0.12
release and have since then mentioned in the docs that they will be
removed in a future Terraform version. The "terraform 0.12upgrade" tool
from Terraform v0.12 also included a rule to automatically rewrite uses
of these functions into equivalent new syntax.

The main motivation for removing these now is just to get this change made
prior to Terraform 1.0. as we'll be doing with various other deprecations.
However, a specific reason for these two functions in particular is that
their existence is what caused us to invent the idea of a "type expression"
as a distinct kind of expression in Terraform v0.12, and so removing them
now would allow potentially  unifying type expressions with value
expressions in a future release.

We do not have any current specific plans to make that change, but one
potential motivation for doing so would be to take another attempt at a
generalized "convert" function which takes a type as one of its arguments.
Our previous attempt to implement such a function was foiled by the fact
that Terraform's expression validator doesn't have any way to know to
treat one argument of a particular function as special, and so it was
generating incorrect error messages. We won't necessarily do that, but
having these "list" and "map" functions out of the way leaves the option
open.
2020-11-04 17:05:59 -08:00
James Bardin
99db18388a return diagnostics from resource validation
Return diagnostics rather than an error, since the EvalNodes have been
removed and the caller has been updated.

IgnoreWarnings was no longer used.
2020-11-04 16:56:17 -05:00
James Bardin
e7b2d98ca3 Use prepared config in provider.Configure
Core is only using the PrepareProviderConfig call for the validation
part of the method, but we should be re-validating the final config
immediately before Configure.

This change elects to not start using the PreparedConfig here, since
there is no useful reason for it at this point, and it would
introduce a functional difference between terraform releases that can be
avoided.
2020-11-04 12:53:00 -05:00
James Bardin
96b099cf35 allow nil config attributes in ignore_changes
The validation for ignore_changes was too broad, and makes it difficult
to ignore changes in an attribute that the user does not want to set.
While the goal of ignore_changes is to prevent changes in the
configuration alone, we don't intend to break the use-case of ignoring
drift from the provider. Since we cannot easily narrow the validation to
only detect computed attributes at the moment, we can drop this error
altogether for now.
2020-11-04 11:03:12 -05:00
Martin Atkins
d03a774def core: Fix typo in for_each sensitive error message
Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
2020-10-29 09:07:48 -07:00
Martin Atkins
e2c64bc255 core: Annotate for_each errors with expression info
Our diagnostics model allows for optionally annotating an error or warning
with information about the expression and eval context it was generated
from, which the diagnostic renderer for the UI will then use to give the
user some additional hints about what values may have contributed to the
error.

We previously didn't have those annotations on the results of evaluating
for_each expressions though, because in that case we were using the helper
function to evaluate an expression in one shot and thus we didn't ever
have a reference to the EvalContext in order to include it in the
diagnostic values.

Now, at the expense of having to handle the evaluation at a slightly lower
level of abstraction, we'll annotate all of the for_each error messages
with source expression information. This is valuable because we see users
often confused as to how their complex for_each expressions ended up being
invalid, and hopefully giving some information about what the inputs were
will allow more users to self-solve.
2020-10-29 09:07:48 -07:00
James Bardin
73474327a0 fix the rpc diags tests
These weren't quite done, but got lost in the huge PR.
2020-10-28 17:40:36 -04:00
James Bardin
d1ac382ec9
Merge pull request #26738 from hashicorp/jbardin/eval-diagnostics
Eval diagnostics
2020-10-28 17:21:18 -04:00
James Bardin
b8bed97ef4 test for RPC warnings with no errors 2020-10-28 14:51:04 -04:00
James Bardin
95f30451d9 get rid of EvalEarlyExitError
This was mostly unused now, since we no longer needed to interrupt a
series of eval node executions.

The exception was the stopHook, which is still used to halt execution
when there's an interrupt. Since interrupting execution should not
complete successfully, we use a normal opaque error to halt everything,
and return it to the UI.

We can work on coalescing or hiding these if necessary in a separate PR.
2020-10-28 14:40:30 -04:00
James Bardin
988059d533 make GraphNodeExecutable return diagnostics 2020-10-28 13:47:04 -04:00
James Bardin
77cabe187d last Evals without diagnostics 2020-10-28 12:32:49 -04:00
James Bardin
786a7291bf remove unused EvalValidateCount 2020-10-28 12:26:37 -04:00
James Bardin
c81fd833bb add diags to eval_state 2020-10-28 12:23:03 -04:00
James Bardin
524505830f add diags to eval_refresh 2020-10-28 12:03:00 -04:00
James Bardin
64491df856 add diags to data eval 2020-10-28 11:57:45 -04:00
James Bardin
b42aad5856 add diags to eval_diff 2020-10-28 11:46:07 -04:00
James Bardin
fe9c93b9f9 handle wrapped EvalEarlyExitErrors 2020-10-28 10:59:32 -04:00
James Bardin
477111e6b6 change apply Eval methods to use diags 2020-10-27 18:16:28 -04:00
Pam Selle
bd70bc63eb Add provider sensitivity propagation experiment
Rolls back marking attributes providers mark as sensitive
to an `experiment` and adds associated docs and adjustments
to the upgrade guide.
2020-10-26 15:05:22 -04:00
Pam Selle
c9e362bb5f
Merge pull request #26653 from hashicorp/pselle/getresource
Return marked After values in GetResource
2020-10-23 12:28:03 -04:00
James Bardin
820e641b97 do not return warnings as errors from eval
Warnings alone cannot be returned from eval nodes, since are still
treated as errors.
2020-10-23 10:39:30 -04:00
James Bardin
73627e4dc3 don't read data sources that are to be removed
We can directly remove orphaned data sources from the refesh state.
2020-10-22 10:15:22 -04:00
James Bardin
72e81de0fc update tests
Some tests could not handle reading orphaned resources. It also turns
out the ReadResource mock never returned the correct state in the
default case at all.
2020-10-22 09:46:42 -04:00
James Bardin
ddb2bbf4e9 Read orphaned resources during plan
This forces orphaned resources to be re-read during planning, removing
them from the state if they no longer exist.

This needs to be done for a bare `refresh` execution, since Terraform
should remove instances that don't exist and are not in the
configuration from the state. They should also be removed from state so
there is no Delete change planned, as not all providers will gracefully
handle a delete operation on a resource that does not exist.
2020-10-22 09:46:42 -04:00
Pam Selle
c6be76e53c Return marked After values in GetResource
If a change exists for a resource instance,
the After value is returned, however, this value
will not have its marks as it as been encoded.
This Marks the return value so the marks follow
that resource reference.
2020-10-21 16:18:54 -04:00
Alisdair McDiarmid
fb98fc98fa terraform: Fix sensitive values in ignore changes
Because ignore_changes configuration can refer to resource arguments
which are assigned sensitive values, we need to unmark the resource
object before processing.
2020-10-20 12:27:17 -04:00
James Bardin
d9ac57ffae
Merge pull request #26632 from hashicorp/jbardin/logging
Structured logging
2020-10-20 09:23:57 -04:00
Pam Selle
cdebf2820d
Merge pull request #26590 from hashicorp/pselle/sensitivity-providers
Mark attributes providers mark as sensitive
2020-10-19 16:13:39 -04:00
Pam Selle
394e60608c Allocate new copies of paths to avoid append drama
Create new copies of the Path to avoid possible append
related dramas. Also add a test to cover nested block
within blocks
2020-10-19 15:24:14 -04:00
James Bardin
0b31ffa587 use a single log writer
Use a single log writer instance for all std library logging.

Setup the std log writer in the logging package, and remove boilerplate
from test packages.
2020-10-19 14:29:54 -04:00
James Bardin
211edf5d75 use hclog as the default logger
Inject hclog as the default logger in the main binary.
2020-10-19 14:29:54 -04:00
James Bardin
6ca477f042 move helper/logging to internal
remove a dead code file too
2020-10-19 14:27:53 -04:00
Alisdair McDiarmid
5e047b0a0b
Merge pull request #26611 from hashicorp/alisdair/sensitive-values-provisioners
Fixes for sensitive values used as input to provisioners
2020-10-19 13:39:18 -04:00
Pam Selle
02c48f8071 Comment fixing 2020-10-18 13:00:09 -04:00
Alisdair McDiarmid
4f53234d8c terraform: Hide maybe-sensitive provisioner output
If the provisioner configuration includes sensitive values, it's a
reasonable assumption that we should suppress its log output. Obvious
examples where this makes sense include echoing a secret to a file using
local-exec or remote-exec.

This commit adds tests for both logging output from provisioners with
non-sensitive configuration, and suppressing logs for provisioners with
sensitive values in configuration.

Note that we do not suppress logs if connection info contains sensitive
information, as provisioners should not be logging connection
information under any circumstances.
2020-10-16 15:29:44 -04:00
Alisdair McDiarmid
9c580335e3 terraform: Unmark provisioner arguments
If provisioner configuration or connection info includes sensitive
values, we need to unmark them before calling the provisioner. Failing
to do so causes serialization to error.

Unlike resources, we do not need to capture marked paths here, so we
just discard the marks.
2020-10-16 15:12:09 -04:00
Pam Selle
a9823515ec Update context apply test 2020-10-15 17:38:09 -04:00
Pam Selle
a1a46425bd Set and single test coverage 2020-10-15 17:25:53 -04:00
Pam Selle
a5c5d2c28c Cover NestingMap case 2020-10-15 17:19:27 -04:00