mirror of
https://github.com/opentofu/opentofu.git
synced 2024-12-29 10:21:01 -06:00
558 lines
18 KiB
Go
558 lines
18 KiB
Go
package terraform
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
"sort"
|
|
|
|
"github.com/hashicorp/hcl/v2"
|
|
"github.com/hashicorp/terraform/internal/addrs"
|
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
|
"github.com/hashicorp/terraform/internal/dag"
|
|
"github.com/hashicorp/terraform/internal/lang"
|
|
)
|
|
|
|
// GraphNodeReferenceable must be implemented by any node that represents
|
|
// a Terraform thing that can be referenced (resource, module, etc.).
|
|
//
|
|
// Even if the thing has no name, this should return an empty list. By
|
|
// implementing this and returning a non-nil result, you say that this CAN
|
|
// be referenced and other methods of referencing may still be possible (such
|
|
// as by path!)
|
|
type GraphNodeReferenceable interface {
|
|
GraphNodeModulePath
|
|
|
|
// ReferenceableAddrs returns a list of addresses through which this can be
|
|
// referenced.
|
|
ReferenceableAddrs() []addrs.Referenceable
|
|
}
|
|
|
|
// GraphNodeReferencer must be implemented by nodes that reference other
|
|
// Terraform items and therefore depend on them.
|
|
type GraphNodeReferencer interface {
|
|
GraphNodeModulePath
|
|
|
|
// References returns a list of references made by this node, which
|
|
// include both a referenced address and source location information for
|
|
// the reference.
|
|
References() []*addrs.Reference
|
|
}
|
|
|
|
type GraphNodeAttachDependencies interface {
|
|
GraphNodeConfigResource
|
|
AttachDependencies([]addrs.ConfigResource)
|
|
}
|
|
|
|
// graphNodeDependsOn is implemented by resources that need to expose any
|
|
// references set via DependsOn in their configuration.
|
|
type graphNodeDependsOn interface {
|
|
GraphNodeReferencer
|
|
DependsOn() []*addrs.Reference
|
|
}
|
|
|
|
// graphNodeAttachDataResourceDependsOn records all resources that are transitively
|
|
// referenced through depends_on in the configuration. This is used by data
|
|
// resources to determine if they can be read during the plan, or if they need
|
|
// to be further delayed until apply.
|
|
// We can only use an addrs.ConfigResource address here, because modules are
|
|
// not yet expended in the graph. While this will cause some extra data
|
|
// resources to show in the plan when their depends_on references may be in
|
|
// unrelated module instances, the fact that it only happens when there are any
|
|
// resource updates pending means we can still avoid the problem of the
|
|
// "perpetual diff"
|
|
type graphNodeAttachDataResourceDependsOn interface {
|
|
GraphNodeConfigResource
|
|
graphNodeDependsOn
|
|
|
|
// AttachDataResourceDependsOn stores the discovered dependencies in the
|
|
// resource node for evaluation later.
|
|
//
|
|
// The force parameter indicates that even if there are no dependencies,
|
|
// force the data source to act as though there are for refresh purposes.
|
|
// This is needed because yet-to-be-created resources won't be in the
|
|
// initial refresh graph, but may still be referenced through depends_on.
|
|
AttachDataResourceDependsOn(deps []addrs.ConfigResource, force bool)
|
|
}
|
|
|
|
// GraphNodeReferenceOutside is an interface that can optionally be implemented.
|
|
// A node that implements it can specify that its own referenceable addresses
|
|
// and/or the addresses it references are in a different module than the
|
|
// node itself.
|
|
//
|
|
// Any referenceable addresses returned by ReferenceableAddrs are interpreted
|
|
// relative to the returned selfPath.
|
|
//
|
|
// Any references returned by References are interpreted relative to the
|
|
// returned referencePath.
|
|
//
|
|
// It is valid but not required for either of these paths to match what is
|
|
// returned by method Path, though if both match the main Path then there
|
|
// is no reason to implement this method.
|
|
//
|
|
// The primary use-case for this is the nodes representing module input
|
|
// variables, since their expressions are resolved in terms of their calling
|
|
// module, but they are still referenced from their own module.
|
|
type GraphNodeReferenceOutside interface {
|
|
// ReferenceOutside returns a path in which any references from this node
|
|
// are resolved.
|
|
ReferenceOutside() (selfPath, referencePath addrs.Module)
|
|
}
|
|
|
|
// ReferenceTransformer is a GraphTransformer that connects all the
|
|
// nodes that reference each other in order to form the proper ordering.
|
|
type ReferenceTransformer struct{}
|
|
|
|
func (t *ReferenceTransformer) Transform(g *Graph) error {
|
|
// Build a reference map so we can efficiently look up the references
|
|
vs := g.Vertices()
|
|
m := NewReferenceMap(vs)
|
|
|
|
// Find the things that reference things and connect them
|
|
for _, v := range vs {
|
|
if _, ok := v.(GraphNodeDestroyer); ok {
|
|
// destroy nodes references are not connected, since they can only
|
|
// use their own state.
|
|
continue
|
|
}
|
|
|
|
parents := m.References(v)
|
|
parentsDbg := make([]string, len(parents))
|
|
for i, v := range parents {
|
|
parentsDbg[i] = dag.VertexName(v)
|
|
}
|
|
log.Printf(
|
|
"[DEBUG] ReferenceTransformer: %q references: %v",
|
|
dag.VertexName(v), parentsDbg)
|
|
|
|
for _, parent := range parents {
|
|
// A destroy plan relies solely on the state, so we only need to
|
|
// ensure that temporary values are connected to get the evaluation
|
|
// order correct. Any references to destroy nodes will cause
|
|
// cycles, because they are connected in reverse order.
|
|
if _, ok := parent.(GraphNodeDestroyer); ok {
|
|
continue
|
|
}
|
|
|
|
if !graphNodesAreResourceInstancesInDifferentInstancesOfSameModule(v, parent) {
|
|
g.Connect(dag.BasicEdge(v, parent))
|
|
} else {
|
|
log.Printf("[TRACE] ReferenceTransformer: skipping %s => %s inter-module-instance dependency", dag.VertexName(v), dag.VertexName(parent))
|
|
}
|
|
}
|
|
|
|
if len(parents) > 0 {
|
|
continue
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
type depMap map[string]addrs.ConfigResource
|
|
|
|
// add stores the vertex if it represents a resource in the
|
|
// graph.
|
|
func (m depMap) add(v dag.Vertex) {
|
|
// we're only concerned with resources which may have changes that
|
|
// need to be applied.
|
|
switch v := v.(type) {
|
|
case GraphNodeResourceInstance:
|
|
instAddr := v.ResourceInstanceAddr()
|
|
addr := instAddr.ContainingResource().Config()
|
|
m[addr.String()] = addr
|
|
case GraphNodeConfigResource:
|
|
addr := v.ResourceAddr()
|
|
m[addr.String()] = addr
|
|
}
|
|
}
|
|
|
|
// attachDataResourceDependsOnTransformer records all resources transitively
|
|
// referenced through a configuration depends_on.
|
|
type attachDataResourceDependsOnTransformer struct {
|
|
}
|
|
|
|
func (t attachDataResourceDependsOnTransformer) Transform(g *Graph) error {
|
|
// First we need to make a map of referenceable addresses to their vertices.
|
|
// This is very similar to what's done in ReferenceTransformer, but we keep
|
|
// implementation separate as they may need to change independently.
|
|
vertices := g.Vertices()
|
|
refMap := NewReferenceMap(vertices)
|
|
|
|
for _, v := range vertices {
|
|
depender, ok := v.(graphNodeAttachDataResourceDependsOn)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
// Only data need to attach depends_on, so they can determine if they
|
|
// are eligible to be read during plan.
|
|
if depender.ResourceAddr().Resource.Mode != addrs.DataResourceMode {
|
|
continue
|
|
}
|
|
|
|
// depMap will only add resource references then dedupe
|
|
deps := make(depMap)
|
|
dependsOnDeps, fromModule := refMap.dependsOn(g, depender)
|
|
for _, dep := range dependsOnDeps {
|
|
// any the dependency
|
|
deps.add(dep)
|
|
}
|
|
|
|
res := make([]addrs.ConfigResource, 0, len(deps))
|
|
for _, d := range deps {
|
|
res = append(res, d)
|
|
}
|
|
|
|
log.Printf("[TRACE] attachDataDependenciesTransformer: %s depends on %s", depender.ResourceAddr(), res)
|
|
depender.AttachDataResourceDependsOn(res, fromModule)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// AttachDependenciesTransformer records all resource dependencies for each
|
|
// instance, and attaches the addresses to the node itself. Managed resource
|
|
// will record these in the state for proper ordering of destroy operations.
|
|
type AttachDependenciesTransformer struct {
|
|
}
|
|
|
|
func (t AttachDependenciesTransformer) Transform(g *Graph) error {
|
|
for _, v := range g.Vertices() {
|
|
attacher, ok := v.(GraphNodeAttachDependencies)
|
|
if !ok {
|
|
continue
|
|
}
|
|
selfAddr := attacher.ResourceAddr()
|
|
|
|
ans, err := g.Ancestors(v)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// dedupe addrs when there's multiple instances involved, or
|
|
// multiple paths in the un-reduced graph
|
|
depMap := map[string]addrs.ConfigResource{}
|
|
for _, d := range ans {
|
|
var addr addrs.ConfigResource
|
|
|
|
switch d := d.(type) {
|
|
case GraphNodeResourceInstance:
|
|
instAddr := d.ResourceInstanceAddr()
|
|
addr = instAddr.ContainingResource().Config()
|
|
case GraphNodeConfigResource:
|
|
addr = d.ResourceAddr()
|
|
default:
|
|
continue
|
|
}
|
|
|
|
if addr.Equal(selfAddr) {
|
|
continue
|
|
}
|
|
depMap[addr.String()] = addr
|
|
}
|
|
|
|
deps := make([]addrs.ConfigResource, 0, len(depMap))
|
|
for _, d := range depMap {
|
|
deps = append(deps, d)
|
|
}
|
|
sort.Slice(deps, func(i, j int) bool {
|
|
return deps[i].String() < deps[j].String()
|
|
})
|
|
|
|
log.Printf("[TRACE] AttachDependenciesTransformer: %s depends on %s", attacher.ResourceAddr(), deps)
|
|
attacher.AttachDependencies(deps)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func isDependableResource(v dag.Vertex) bool {
|
|
switch v.(type) {
|
|
case GraphNodeResourceInstance:
|
|
return true
|
|
case GraphNodeConfigResource:
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// ReferenceMap is a structure that can be used to efficiently check
|
|
// for references on a graph, mapping internal reference keys (as produced by
|
|
// the mapKey method) to one or more vertices that are identified by each key.
|
|
type ReferenceMap map[string][]dag.Vertex
|
|
|
|
// References returns the set of vertices that the given vertex refers to,
|
|
// and any referenced addresses that do not have corresponding vertices.
|
|
func (m ReferenceMap) References(v dag.Vertex) []dag.Vertex {
|
|
rn, ok := v.(GraphNodeReferencer)
|
|
if !ok {
|
|
return nil
|
|
}
|
|
|
|
var matches []dag.Vertex
|
|
|
|
for _, ref := range rn.References() {
|
|
subject := ref.Subject
|
|
|
|
key := m.referenceMapKey(v, subject)
|
|
if _, exists := m[key]; !exists {
|
|
// If what we were looking for was a ResourceInstance then we
|
|
// might be in a resource-oriented graph rather than an
|
|
// instance-oriented graph, and so we'll see if we have the
|
|
// resource itself instead.
|
|
switch ri := subject.(type) {
|
|
case addrs.ResourceInstance:
|
|
subject = ri.ContainingResource()
|
|
case addrs.ResourceInstancePhase:
|
|
subject = ri.ContainingResource()
|
|
case addrs.ModuleCallInstanceOutput:
|
|
subject = ri.ModuleCallOutput()
|
|
case addrs.ModuleCallInstance:
|
|
subject = ri.Call
|
|
default:
|
|
log.Printf("[INFO] ReferenceTransformer: reference not found: %q", subject)
|
|
continue
|
|
}
|
|
key = m.referenceMapKey(v, subject)
|
|
}
|
|
vertices := m[key]
|
|
for _, rv := range vertices {
|
|
// don't include self-references
|
|
if rv == v {
|
|
continue
|
|
}
|
|
matches = append(matches, rv)
|
|
}
|
|
}
|
|
|
|
return matches
|
|
}
|
|
|
|
// dependsOn returns the set of vertices that the given vertex refers to from
|
|
// the configured depends_on. The bool return value indicates if depends_on was
|
|
// found in a parent module configuration.
|
|
func (m ReferenceMap) dependsOn(g *Graph, depender graphNodeDependsOn) ([]dag.Vertex, bool) {
|
|
var res []dag.Vertex
|
|
fromModule := false
|
|
|
|
refs := depender.DependsOn()
|
|
|
|
// get any implied dependencies for data sources
|
|
refs = append(refs, m.dataDependsOn(depender)...)
|
|
|
|
// This is where we record that a module has depends_on configured.
|
|
if _, ok := depender.(*nodeExpandModule); ok && len(refs) > 0 {
|
|
fromModule = true
|
|
}
|
|
|
|
for _, ref := range refs {
|
|
subject := ref.Subject
|
|
|
|
key := m.referenceMapKey(depender, subject)
|
|
vertices, ok := m[key]
|
|
if !ok {
|
|
// the ReferenceMap generates all possible keys, so any warning
|
|
// here is probably not useful for this implementation.
|
|
continue
|
|
}
|
|
for _, rv := range vertices {
|
|
// don't include self-references
|
|
if rv == depender {
|
|
continue
|
|
}
|
|
res = append(res, rv)
|
|
|
|
// Check any ancestors for transitive dependencies when we're
|
|
// not pointed directly at a resource. We can't be much more
|
|
// precise here, since in order to maintain our guarantee that data
|
|
// sources will wait for explicit dependencies, if those dependencies
|
|
// happen to be a module, output, or variable, we have to find some
|
|
// upstream managed resource in order to check for a planned
|
|
// change.
|
|
if _, ok := rv.(GraphNodeConfigResource); !ok {
|
|
ans, _ := g.Ancestors(rv)
|
|
for _, v := range ans {
|
|
if isDependableResource(v) {
|
|
res = append(res, v)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
parentDeps, fromParentModule := m.parentModuleDependsOn(g, depender)
|
|
res = append(res, parentDeps...)
|
|
|
|
return res, fromModule || fromParentModule
|
|
}
|
|
|
|
// Return extra depends_on references if this is a data source.
|
|
// For data sources we implicitly treat references to managed resources as
|
|
// depends_on entries. If a data source references a managed resource, even if
|
|
// that reference is resolvable, it stands to reason that the user intends for
|
|
// the data source to require that resource in some way.
|
|
func (m ReferenceMap) dataDependsOn(depender graphNodeDependsOn) []*addrs.Reference {
|
|
var refs []*addrs.Reference
|
|
if n, ok := depender.(GraphNodeConfigResource); ok &&
|
|
n.ResourceAddr().Resource.Mode == addrs.DataResourceMode {
|
|
for _, r := range depender.References() {
|
|
|
|
var resAddr addrs.Resource
|
|
switch s := r.Subject.(type) {
|
|
case addrs.Resource:
|
|
resAddr = s
|
|
case addrs.ResourceInstance:
|
|
resAddr = s.Resource
|
|
r.Subject = resAddr
|
|
}
|
|
|
|
if resAddr.Mode != addrs.ManagedResourceMode {
|
|
// We only want to wait on directly referenced managed resources.
|
|
// Data sources have no external side effects, so normal
|
|
// references to them in the config will suffice for proper
|
|
// ordering.
|
|
continue
|
|
}
|
|
|
|
refs = append(refs, r)
|
|
}
|
|
}
|
|
return refs
|
|
}
|
|
|
|
// parentModuleDependsOn returns the set of vertices that a data sources parent
|
|
// module references through the module call's depends_on. The bool return
|
|
// value indicates if depends_on was found in a parent module configuration.
|
|
func (m ReferenceMap) parentModuleDependsOn(g *Graph, depender graphNodeDependsOn) ([]dag.Vertex, bool) {
|
|
var res []dag.Vertex
|
|
fromModule := false
|
|
|
|
// Look for containing modules with DependsOn.
|
|
// This should be connected directly to the module node, so we only need to
|
|
// look one step away.
|
|
for _, v := range g.DownEdges(depender) {
|
|
// we're only concerned with module expansion nodes here.
|
|
mod, ok := v.(*nodeExpandModule)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
deps, fromParentModule := m.dependsOn(g, mod)
|
|
for _, dep := range deps {
|
|
// add the dependency
|
|
res = append(res, dep)
|
|
|
|
// and check any transitive resource dependencies for more resources
|
|
ans, _ := g.Ancestors(dep)
|
|
for _, v := range ans {
|
|
if isDependableResource(v) {
|
|
res = append(res, v)
|
|
}
|
|
}
|
|
}
|
|
fromModule = fromModule || fromParentModule
|
|
}
|
|
|
|
return res, fromModule
|
|
}
|
|
|
|
func (m *ReferenceMap) mapKey(path addrs.Module, addr addrs.Referenceable) string {
|
|
return fmt.Sprintf("%s|%s", path.String(), addr.String())
|
|
}
|
|
|
|
// vertexReferenceablePath returns the path in which the given vertex can be
|
|
// referenced. This is the path that its results from ReferenceableAddrs
|
|
// are considered to be relative to.
|
|
//
|
|
// Only GraphNodeModulePath implementations can be referenced, so this method will
|
|
// panic if the given vertex does not implement that interface.
|
|
func vertexReferenceablePath(v dag.Vertex) addrs.Module {
|
|
sp, ok := v.(GraphNodeModulePath)
|
|
if !ok {
|
|
// Only nodes with paths can participate in a reference map.
|
|
panic(fmt.Errorf("vertexMapKey on vertex type %T which doesn't implement GraphNodeModulePath", sp))
|
|
}
|
|
|
|
if outside, ok := v.(GraphNodeReferenceOutside); ok {
|
|
// Vertex is referenced from a different module than where it was
|
|
// declared.
|
|
path, _ := outside.ReferenceOutside()
|
|
return path
|
|
}
|
|
|
|
// Vertex is referenced from the same module as where it was declared.
|
|
return sp.ModulePath()
|
|
}
|
|
|
|
// vertexReferencePath returns the path in which references _from_ the given
|
|
// vertex must be interpreted.
|
|
//
|
|
// Only GraphNodeModulePath implementations can have references, so this method
|
|
// will panic if the given vertex does not implement that interface.
|
|
func vertexReferencePath(v dag.Vertex) addrs.Module {
|
|
sp, ok := v.(GraphNodeModulePath)
|
|
if !ok {
|
|
// Only nodes with paths can participate in a reference map.
|
|
panic(fmt.Errorf("vertexReferencePath on vertex type %T which doesn't implement GraphNodeModulePath", v))
|
|
}
|
|
|
|
if outside, ok := v.(GraphNodeReferenceOutside); ok {
|
|
// Vertex makes references to objects in a different module than where
|
|
// it was declared.
|
|
_, path := outside.ReferenceOutside()
|
|
return path
|
|
}
|
|
|
|
// Vertex makes references to objects in the same module as where it
|
|
// was declared.
|
|
return sp.ModulePath()
|
|
}
|
|
|
|
// referenceMapKey produces keys for the "edges" map. "referrer" is the vertex
|
|
// that the reference is from, and "addr" is the address of the object being
|
|
// referenced.
|
|
//
|
|
// The result is an opaque string that includes both the address of the given
|
|
// object and the address of the module instance that object belongs to.
|
|
//
|
|
// Only GraphNodeModulePath implementations can be referrers, so this method will
|
|
// panic if the given vertex does not implement that interface.
|
|
func (m *ReferenceMap) referenceMapKey(referrer dag.Vertex, addr addrs.Referenceable) string {
|
|
path := vertexReferencePath(referrer)
|
|
return m.mapKey(path, addr)
|
|
}
|
|
|
|
// NewReferenceMap is used to create a new reference map for the
|
|
// given set of vertices.
|
|
func NewReferenceMap(vs []dag.Vertex) ReferenceMap {
|
|
// Build the lookup table
|
|
m := make(ReferenceMap)
|
|
for _, v := range vs {
|
|
// We're only looking for referenceable nodes
|
|
rn, ok := v.(GraphNodeReferenceable)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
path := vertexReferenceablePath(v)
|
|
|
|
// Go through and cache them
|
|
for _, addr := range rn.ReferenceableAddrs() {
|
|
key := m.mapKey(path, addr)
|
|
m[key] = append(m[key], v)
|
|
}
|
|
}
|
|
|
|
return m
|
|
}
|
|
|
|
// ReferencesFromConfig returns the references that a configuration has
|
|
// based on the interpolated variables in a configuration.
|
|
func ReferencesFromConfig(body hcl.Body, schema *configschema.Block) []*addrs.Reference {
|
|
if body == nil {
|
|
return nil
|
|
}
|
|
refs, _ := lang.ReferencesInBlock(body, schema)
|
|
return refs
|
|
}
|