Commit Graph

64 Commits

Author SHA1 Message Date
1garo
d869923103
Review and order locked struct fields (#1493)
Signed-off-by: 1garo <alevardai427@gmail.com>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
2024-04-25 10:25:13 -04:00
Christian Mesh
586c45fe5a
Refactor encryption configuration (#1387)
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
2024-03-13 10:58:52 -04:00
Christian Mesh
5ab6167bbf
Initial wiring of encryption through the command package (#1316)
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
2024-03-07 08:55:57 -05:00
Christian Mesh
2f5dcd5c0a
Integrate Encryption into State Backends (#1288)
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
2024-03-04 09:25:14 -05:00
namgyalangmo
cb2e9119aa
Update copyright notice (#1232)
Signed-off-by: namgyalangmo <75657887+namgyalangmo@users.noreply.github.com>
2024-02-08 09:48:59 +00:00
Jon Johnson
cf0d953dc1
statemgr: Make Filesystem impl "correct" and fast (#579)
Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
2024-01-03 10:28:17 -05:00
Christian Mesh
abd324ea7c
Revert "Fixes #898: Replace hashicorp and terraform references" (#995) 2023-12-11 15:10:03 -05:00
Janos
15bef1428a
Fixes #898: Replace hashicorp and terraform references (#973)
Signed-off-by: Janos Bonic <86970079+janosdebugs@users.noreply.github.com>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
2023-12-08 08:03:09 -05:00
James Humphries
9c24b6183a
Revert PRs that introduced propogating contexts (#835)
Co-authored-by: Dmitry Kisler <admin@dkisler.com>
2023-11-08 21:09:14 +00:00
Marcin Wyszynski
772ac1fc35
Pass context to all statemgr.Locker operations (#789)
Signed-off-by: Marcin Wyszynski <marcin.pixie@gmail.com>
2023-10-25 14:22:11 +02:00
Marcin Wyszynski
275dd116f9
Pass context to all remote.Client operations (#786)
Signed-off-by: Marcin Wyszynski <marcin.pixie@gmail.com>
2023-10-25 12:37:58 +02:00
Marcin Wyszynski
925db6dbc5
Make backend.DeleteWorkspace accept a context (#782)
Signed-off-by: Marcin Wyszynski <marcin.pixie@gmail.com>
2023-10-24 16:55:03 +02:00
RLRabinowitz
e0ecd2ebb3
Use registry.opentofu.org as the default registry (#379)
Signed-off-by: RLRabinowitz <rlrabinowitz2@gmail.com>
2023-10-03 10:49:38 +03:00
Lars Lehtonen
69f3c97db7
internal/states/statefile: TestReadErrNoState() (#440) 2023-09-26 21:45:17 +03:00
Dmitry Kisler
a127607a85
Rename terraform to tofu in GoString method and docstrings (#576)
Signed-off-by: Dmitry Kisler <admin@dkisler.com>
2023-09-26 19:09:27 +02:00
Yaron Yarimi
794e3413bb
Rename opentf package to tofu (#466) 2023-09-20 15:16:53 +03:00
Elbaz
8aad786548
Update internal/states folder to OpenTofu (#465) 2023-09-20 14:53:01 +03:00
Yaron Yarimi
c8acedd885
Rename github.com/placeholderplaceholderplaceholder/opentf to github.com/opentofu/opentofu (#461) 2023-09-20 14:35:35 +03:00
Lars Lehtonen
9e94fa8860
Missed Wrapped Errors (#441) 2023-09-19 10:10:18 +03:00
Lars Lehtonen
b65a5fd7a8
Multi Package Wrap Errors (#414) 2023-09-18 15:53:49 +03:00
Elbaz
e8c1c3a700
Backport from 1.5.x: Ignore unknown check results on decode (#374) 2023-09-10 14:58:09 +03:00
Adrian Mester
408470481e
internal/states: deprecate io/ioutil (#320) 2023-09-07 12:18:43 +03:00
Lars Lehtonen
f9f1ca43f2
internal/states/statemgr: handle ignored errors (#277)
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
Co-authored-by: Kuba Martin <kubam@spacelift.io>
2023-09-05 23:16:22 +02:00
RLRabinowitz
90dce4dd3c go fmt, change import order 2023-08-28 14:22:54 +03:00
RLRabinowitz
42e7c5b25c Replace internal/terraform -> internal/opentf 2023-08-28 14:21:34 +03:00
Marcin Wyszynski
26c2e3a4d1
Adapt user-facing usages of terraform in internal/states (#133) 2023-08-23 12:37:04 +02:00
Kuba Martin
ebcf7455eb
Rename root module name. (#4)
* Rename module name from "github.com/hashicorp/terraform" to "github.com/placeholderplaceholderplaceholder/opentf".

Signed-off-by: Jakub Martin <kubam@spacelift.io>

* Gofmt.

Signed-off-by: Jakub Martin <kubam@spacelift.io>

* Regenerate protobuf.

Signed-off-by: Jakub Martin <kubam@spacelift.io>

* Fix comments.

Signed-off-by: Jakub Martin <kubam@spacelift.io>

* Undo issue and pull request link changes.

Signed-off-by: Jakub Martin <kubam@spacelift.io>

* Undo comment changes.

Signed-off-by: Jakub Martin <kubam@spacelift.io>

* Fix comment.

Signed-off-by: Jakub Martin <kubam@spacelift.io>

* Undo some link changes.

Signed-off-by: Jakub Martin <kubam@spacelift.io>

* make generate && make protobuf

Signed-off-by: Jakub Martin <kubam@spacelift.io>

---------

Signed-off-by: Jakub Martin <kubam@spacelift.io>
2023-08-17 14:45:11 +02:00
Nick Fagerlund
f98f920b67 Add error wrapper types to highlight bad plan/state data
This commit uses Go's error wrapping features to transparently add some optional
info to certain planfile/state read errors. Specifically, we wrap errors when we
think we've identified the file type but are somehow unable to use it.

Callers that aren't interested in what we think about our input can just ignore
the wrapping; callers that ARE interested can use `errors.As()`.
2023-07-24 14:12:44 -04:00
Liam Cervante
c9bc7e8479
Add input validation into the 'checks' outputs and tracking (#33481) 2023-07-10 11:33:45 +01:00
Martin Atkins
efdc6e52bc cloud: Skip intermediate state snapshots in Terraform Cloud/Enterprise
We've seen some concern about the additional storage usage implied by
creating intermediate state snapshots for particularly long apply phases
that can arise when managing a large number of resource instances together
in a single workspace.

This is an initial coarse approach to solving that concern, just restoring
the original behavior when running inside Terraform Cloud or Enterprise
for now and not creating snapshots at all.

This is here as a solution of last resort in case we cannot find a better
compromise before the v1.5.0 final release. Hopefully a future commit
will implement a more subtle take on this which still gets some of the
benefits when running in a Terraform Enterprise environment but in a way
that will hopefully be less concerning for Terraform Enterprise
administrators.

This does not affect any other state storage implementation except the
Terraform Cloud integration and the "remote" backend's state storage when
running inside a TFC/TFE-driven remote execution environment.
2023-05-23 15:25:48 -07:00
hashicorp-copywrite[bot]
325d18262e [COMPLIANCE] Add Copyright and License Headers 2023-05-02 15:33:06 +00:00
Liam Cervante
978263efe9
Checks: Introduce check blocks into the terraform node and transform graph (#32735)
* Add support for scoped resources

* refactor existing checks addrs and add check block addr

* Add configuration for check blocks

* introduce check blocks into the terraform node and transform  graph

* address comments

* address comments

* don't execute checks during destroy operations

* don't even include check nodes for destroy operations
2023-03-23 16:07:31 +01:00
James Bardin
2d9e3da983
Update internal/states/remote/state.go
Fix from review

Co-authored-by: Nathan Mische <nmische@gmail.com>
2023-02-07 17:35:56 -05:00
Joshua Feierman
d45ebfbdef chore: clean-up tests & logging 2023-02-01 13:54:59 -05:00
Joshua Feierman
2576544db8 fix: remote state behavior
This makes the behavior of remote state consistent with local state in regards to the initial serial number of the generated / pushed state. Previously remote state's initial push would have a serial number of 0, whereas local state had a serial of > 0. This causes issues with the logic around, for example, ensuring that a plan file cannot be applied if state is stale (see https://github.com/hashicorp/terraform/issues/30670 for example).
2023-02-01 13:54:40 -05:00
Joshua Feierman
68e227d93d wip: refactored tests 2023-02-01 13:34:42 -05:00
Joshua Feierman
09e0dffe6c wip: failing unit test for condition 2023-02-01 13:34:42 -05:00
James Bardin
eae246cfb5 normalize empty CheckResults fields in stateV4
Ensure that empty check results are normalized in state serialization to
prevent unexpected state changes from being written.

Because there is no consistent empty, null and omit_empty usage for
state structs, there's no good way to create a test which will fail
for future additions.
2022-11-01 16:18:38 -04:00
megan07
cb340207d8
Merge pull request #31698 from hashicorp/megan_tf563
Send the JSON state representation to Cloud backend (when available)
2022-08-30 18:10:45 -05:00
Martin Atkins
0e4e9f7706 addrs: Be explicit about checkable object address kinds
Previously we were attempting to infer the checkable object address kind
of a given address by whether it included "output" in the position where
a resource type name would otherwise go.

That was already potentially risky because we've historically not
prevented a resource type named "output", and it's also a
forward-compatibility hazard in case we introduce additional object kinds
with entirely-new addressing schemes in future.

Given that, we'll instead always be explicit about what kind of address
we're storing in a wire or file format, so that we can make sure to always
use the intended parser when reading an address back into memory, or
return an error if we encounter a kind we're not familiar with.
2022-08-26 15:47:29 -07:00
Martin Atkins
d63871f70d core: Propagate check results accurately from plan to apply
In an earlier commit we changed the states.CheckResults model to
explicitly model the config object vs. dynamic checkable object hierarchy,
but neglected to update the logic in Terraform Core to take that into
account when propagating the object expansion decisions from the plan
phase to the apply phase. That meant that we were incorrectly classifying
zero-instance resources always as having an unknown number of instances,
rather than possibly being known to have zero instances.

This now follows the two-level heirarchy of the data structure, which has
the nice side-effect that we can remove some of the special-case methods
from checks.State that we were using to bulk-load data: the data is now
shaped in the appropriate way to reload the data using the same method
the plan phase would've used to record the results in the first place.
2022-08-26 15:47:29 -07:00
Martin Atkins
6de3b1bd16 states/statefile: Serialize check results into state snapshots
This allows us to retain check results from one run into the next, so that
we can react to status changes between runs and potentially report e.g.
that a previously-failing check has now been fixed, or that a
previously-failing check is "still failing" so that an operator can get
a hint as to whether a problem is something they've just introduced or if
it was already an active problem before they made a change.
2022-08-26 15:47:29 -07:00
Martin Atkins
9e4861adbb states: Two-level representation of check results
A significant goal of the design changes around checks in earlier commits
(with the introduction of package "checks") was to allow us to
differentiate between a configuration object that we didn't expand at all
due to an upstream error, which has _unknown_ check status, and a
configuration object that expanded to zero dynamic objects, which
therefore has a _passing_ check status.

However, our initial lowering of checks.State into states.CheckResults
stayed with the older model of just recording each leaf check in isolation,
without any tracking of the containers.

This commit therefore lightly reworks our representation of check results
in the state and plan with two main goals:
- The results are grouped by the static configuration object they came
  from, and we capture an aggregate status for each of those so that
  we can differentiate an unknown aggregate result from a passing
  aggregate result which has zero dynamic associated objects.
- The granularity of results is whole checkable objects rather than
  individual checks, because checkable objects have durable addresses
  between runs, but individual checks for an object are more of a
  syntactic convenience to make it easier for module authors to declare
  many independent conditions that each have their own error messages.

Since v1.2 exposed some details of our checks model into the JSON plan
output there are some unanswered questions here about how we can shift to
reporting in the two-level heirarchy described above. For now I've
preserved structural compatibility but not semantic compatibility: any
parser that was written against that format should still function but will
now see fewer results. We'll revisit this in a later commit and consider
other structures and what to do about our compatibility constraint on the
v1.2 structure.

Otherwise though, this is an internal-only change which preserves all of
the existing main behaviors of conditions as before, and just gets us
ready to build user-facing features in terms of this new structure.
2022-08-26 15:47:29 -07:00
Martin Atkins
3785619f93 core: Use the new checks package for condition tracking
The "checks" package is an expansion what we previously called
plans.Conditions to accommodate a new requirement that we be able to track
which checks we're expecting to run even if we don't actually get around
to running them, which will be helpful when we start using checks as part
of our module testing story because test reporting tools appreciate there
being a relatively consistent set of test cases from one run to the next.

So far this should be essentially a no-op change from an external
functionality standpoint, aside from some minor adjustments to how we
report some of the error and warning cases from condition evaluation in
light of the fact that the "checks" package can now track errors as a
different outcome than a failure of a valid check.

As is often the case with anything which changes what we track
in the EvalContext and persist between plan and apply, Terraform Core is
pretty brittle and so this had knock-on effects elsewhere too. Again, the
goal is for these changes to not create any material externally-visible
difference, and just to accommodate the new assumption that there will
always be a "checks" object available for tracking during a graph walk.
2022-08-26 15:47:29 -07:00
Megan Bang
4fab46749a update persist state 2022-08-25 14:57:40 -05:00
Martin Atkins
783a07d9e8 build: Use Go 1.19
Go 1.19's "fmt" has some awareness of the new doc comment formatting
conventions and adjusts the presentation of the source comments to make
it clearer how godoc would interpret them. Therefore this commit includes
various updates made by "go fmt" to acheve that.

In line with our usual convention that we make stylistic/grammar/spelling
tweaks typically only when we're "in the area" changing something else
anyway, I also took this opportunity to review most of the comments that
this updated to see if there were any other opportunities to improve them.
2022-08-22 10:59:12 -07:00
Brandon Croft
e1fa690879
style: goimports fixes 2022-07-25 14:51:34 -06:00
Brandon Croft
e794efc31e
better errors from terraform output when cloud is configured 2022-07-25 10:05:20 -06:00
Brandon Croft
c33c8b013f
fix: have terraform output adhere to authorization w/ cloud
Normally, `terraform output` refreshes and reads the entire state in the command package before pulling output values out of it. This doesn't give Terraform Cloud the opportunity to apply the read state outputs org permission and instead applies the read state versions permission.

I decided to expand the state manager interface to provide a separate GetRootOutputValues function in order to give the cloud backend a more nuanced opportunity to fetch just the outputs. This required moving state Refresh/Read code that was previously in the command into the shared backend state as well as the filesystem state packages.
2022-07-25 10:04:43 -06:00
Martin Atkins
69aa0a2b1f states/remote: use t.Run in table-based tests
These tests were originally written long before Go supported subtests
explicitly, but now that we have t.Run we can avoid the prior problem
that one test failing would mask all of the others that followed it.

Now we'll always run all of them, potentially collecting more errors in
a single run so we can have more context to debug with and potentially
fix them all in a single step rather than one by one.
2022-07-21 13:40:56 -07:00