mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-21 14:12:57 -06:00
ea8ad0b15a
The cloud package intends to implement a new integration for Terraform Cloud/Enterprise. The purpose of this integration is to better support TFC users; it will shed some overly generic UX and architecture, behavior changes that are otherwise backwards incompatible in the remote backend, and technical debt - all of which are vestiges from before Terraform Cloud existed. This initial commit is largely a porting of the existing 'remote' backend, which will serve as an underlying implementation detail and not be a typical user-level backend. This is because to re-implement the literal backend interface is orthogonal to the purpose of this integration, and can always be migrated away from later. As this backend is considered an implementation detail, it will not be registered as a declarable backend. Within these changes it is, for easy of initial development and a clean diff.
183 lines
4.4 KiB
Go
183 lines
4.4 KiB
Go
package cloud
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto/md5"
|
|
"encoding/base64"
|
|
"fmt"
|
|
|
|
tfe "github.com/hashicorp/go-tfe"
|
|
"github.com/hashicorp/terraform/internal/states/remote"
|
|
"github.com/hashicorp/terraform/internal/states/statefile"
|
|
"github.com/hashicorp/terraform/internal/states/statemgr"
|
|
)
|
|
|
|
type remoteClient struct {
|
|
client *tfe.Client
|
|
lockInfo *statemgr.LockInfo
|
|
organization string
|
|
runID string
|
|
stateUploadErr bool
|
|
workspace *tfe.Workspace
|
|
forcePush bool
|
|
}
|
|
|
|
// Get the remote state.
|
|
func (r *remoteClient) Get() (*remote.Payload, error) {
|
|
ctx := context.Background()
|
|
|
|
sv, err := r.client.StateVersions.Current(ctx, r.workspace.ID)
|
|
if err != nil {
|
|
if err == tfe.ErrResourceNotFound {
|
|
// If no state exists, then return nil.
|
|
return nil, nil
|
|
}
|
|
return nil, fmt.Errorf("Error retrieving state: %v", err)
|
|
}
|
|
|
|
state, err := r.client.StateVersions.Download(ctx, sv.DownloadURL)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error downloading state: %v", err)
|
|
}
|
|
|
|
// If the state is empty, then return nil.
|
|
if len(state) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
// Get the MD5 checksum of the state.
|
|
sum := md5.Sum(state)
|
|
|
|
return &remote.Payload{
|
|
Data: state,
|
|
MD5: sum[:],
|
|
}, nil
|
|
}
|
|
|
|
// Put the remote state.
|
|
func (r *remoteClient) Put(state []byte) error {
|
|
ctx := context.Background()
|
|
|
|
// Read the raw state into a Terraform state.
|
|
stateFile, err := statefile.Read(bytes.NewReader(state))
|
|
if err != nil {
|
|
return fmt.Errorf("Error reading state: %s", err)
|
|
}
|
|
|
|
options := tfe.StateVersionCreateOptions{
|
|
Lineage: tfe.String(stateFile.Lineage),
|
|
Serial: tfe.Int64(int64(stateFile.Serial)),
|
|
MD5: tfe.String(fmt.Sprintf("%x", md5.Sum(state))),
|
|
State: tfe.String(base64.StdEncoding.EncodeToString(state)),
|
|
Force: tfe.Bool(r.forcePush),
|
|
}
|
|
|
|
// If we have a run ID, make sure to add it to the options
|
|
// so the state will be properly associated with the run.
|
|
if r.runID != "" {
|
|
options.Run = &tfe.Run{ID: r.runID}
|
|
}
|
|
|
|
// Create the new state.
|
|
_, err = r.client.StateVersions.Create(ctx, r.workspace.ID, options)
|
|
if err != nil {
|
|
r.stateUploadErr = true
|
|
return fmt.Errorf("Error uploading state: %v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Delete the remote state.
|
|
func (r *remoteClient) Delete() error {
|
|
err := r.client.Workspaces.Delete(context.Background(), r.organization, r.workspace.Name)
|
|
if err != nil && err != tfe.ErrResourceNotFound {
|
|
return fmt.Errorf("Error deleting workspace %s: %v", r.workspace.Name, err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// EnableForcePush to allow the remote client to overwrite state
|
|
// by implementing remote.ClientForcePusher
|
|
func (r *remoteClient) EnableForcePush() {
|
|
r.forcePush = true
|
|
}
|
|
|
|
// Lock the remote state.
|
|
func (r *remoteClient) Lock(info *statemgr.LockInfo) (string, error) {
|
|
ctx := context.Background()
|
|
|
|
lockErr := &statemgr.LockError{Info: r.lockInfo}
|
|
|
|
// Lock the workspace.
|
|
_, err := r.client.Workspaces.Lock(ctx, r.workspace.ID, tfe.WorkspaceLockOptions{
|
|
Reason: tfe.String("Locked by Terraform"),
|
|
})
|
|
if err != nil {
|
|
if err == tfe.ErrWorkspaceLocked {
|
|
lockErr.Info = info
|
|
err = fmt.Errorf("%s (lock ID: \"%s/%s\")", err, r.organization, r.workspace.Name)
|
|
}
|
|
lockErr.Err = err
|
|
return "", lockErr
|
|
}
|
|
|
|
r.lockInfo = info
|
|
|
|
return r.lockInfo.ID, nil
|
|
}
|
|
|
|
// Unlock the remote state.
|
|
func (r *remoteClient) Unlock(id string) error {
|
|
ctx := context.Background()
|
|
|
|
// We first check if there was an error while uploading the latest
|
|
// state. If so, we will not unlock the workspace to prevent any
|
|
// changes from being applied until the correct state is uploaded.
|
|
if r.stateUploadErr {
|
|
return nil
|
|
}
|
|
|
|
lockErr := &statemgr.LockError{Info: r.lockInfo}
|
|
|
|
// With lock info this should be treated as a normal unlock.
|
|
if r.lockInfo != nil {
|
|
// Verify the expected lock ID.
|
|
if r.lockInfo.ID != id {
|
|
lockErr.Err = fmt.Errorf("lock ID does not match existing lock")
|
|
return lockErr
|
|
}
|
|
|
|
// Unlock the workspace.
|
|
_, err := r.client.Workspaces.Unlock(ctx, r.workspace.ID)
|
|
if err != nil {
|
|
lockErr.Err = err
|
|
return lockErr
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Verify the optional force-unlock lock ID.
|
|
if r.organization+"/"+r.workspace.Name != id {
|
|
lockErr.Err = fmt.Errorf(
|
|
"lock ID %q does not match existing lock ID \"%s/%s\"",
|
|
id,
|
|
r.organization,
|
|
r.workspace.Name,
|
|
)
|
|
return lockErr
|
|
}
|
|
|
|
// Force unlock the workspace.
|
|
_, err := r.client.Workspaces.ForceUnlock(ctx, r.workspace.ID)
|
|
if err != nil {
|
|
lockErr.Err = err
|
|
return lockErr
|
|
}
|
|
|
|
return nil
|
|
}
|