mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-18 20:52:58 -06:00
8d193ad268
Historically the responsibility for making sure that all of the available providers are of suitable versions and match the appropriate checksums has been split rather inexplicably over multiple different layers, with some of the checks happening as late as creating a terraform.Context. We're gradually iterating towards making that all be handled in one place, but in this step we're just cleaning up some old remnants from the main "terraform" package, which is now no longer responsible for any version or checksum verification and instead just assumes it's been provided with suitable factory functions by its caller. We do still have a pre-check here to make sure that we at least have a factory function for each plugin the configuration seems to depend on, because if we don't do that up front then it ends up getting caught instead deep inside the Terraform runtime, often inside a concurrent graph walk and thus it's not deterministic which codepath will happen to catch it on a particular run. As of this commit, this actually does leave some holes in our checks: the command package is using the dependency lock file to make sure we have exactly the provider packages we expect (exact versions and checksums), which is the most crucial part, but we don't yet have any spot where we make sure that the lock file is consistent with the current configuration, and we are no longer preserving the provider checksums as part of a saved plan. Both of those will come in subsequent commits. While it's unusual to have a series of commits that briefly subtracts functionality and then adds back in equivalent functionality later, the lock file checking is the only part that's crucial for security reasons, with everything else mainly just being to give better feedback when folks seem to be using Terraform incorrectly. The other bits are therefore mostly cosmetic and okay to be absent briefly as we work towards a better design that is clearer about where that responsibility belongs.
140 lines
4.1 KiB
Go
140 lines
4.1 KiB
Go
package planfile
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/google/go-cmp/cmp"
|
|
|
|
"github.com/hashicorp/terraform/internal/configs/configload"
|
|
"github.com/hashicorp/terraform/internal/plans"
|
|
"github.com/hashicorp/terraform/internal/states"
|
|
"github.com/hashicorp/terraform/internal/states/statefile"
|
|
tfversion "github.com/hashicorp/terraform/version"
|
|
)
|
|
|
|
func TestRoundtrip(t *testing.T) {
|
|
fixtureDir := filepath.Join("testdata", "test-config")
|
|
loader, err := configload.NewLoader(&configload.Config{
|
|
ModulesDir: filepath.Join(fixtureDir, ".terraform", "modules"),
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
_, snapIn, diags := loader.LoadConfigWithSnapshot(fixtureDir)
|
|
if diags.HasErrors() {
|
|
t.Fatal(diags.Error())
|
|
}
|
|
|
|
// Just a minimal state file so we can test that it comes out again at all.
|
|
// We don't need to test the entire thing because the state file
|
|
// serialization is already tested in its own package.
|
|
stateFileIn := &statefile.File{
|
|
TerraformVersion: tfversion.SemVer,
|
|
Serial: 2,
|
|
Lineage: "abc123",
|
|
State: states.NewState(),
|
|
}
|
|
prevStateFileIn := &statefile.File{
|
|
TerraformVersion: tfversion.SemVer,
|
|
Serial: 1,
|
|
Lineage: "abc123",
|
|
State: states.NewState(),
|
|
}
|
|
|
|
// Minimal plan too, since the serialization of the tfplan portion of the
|
|
// file is tested more fully in tfplan_test.go .
|
|
planIn := &plans.Plan{
|
|
Changes: &plans.Changes{
|
|
Resources: []*plans.ResourceInstanceChangeSrc{},
|
|
Outputs: []*plans.OutputChangeSrc{},
|
|
},
|
|
DriftedResources: []*plans.ResourceInstanceChangeSrc{},
|
|
VariableValues: map[string]plans.DynamicValue{
|
|
"foo": plans.DynamicValue([]byte("foo placeholder")),
|
|
},
|
|
Backend: plans.Backend{
|
|
Type: "local",
|
|
Config: plans.DynamicValue([]byte("config placeholder")),
|
|
Workspace: "default",
|
|
},
|
|
|
|
// Due to some historical oddities in how we've changed modelling over
|
|
// time, we also include the states (without the corresponding file
|
|
// headers) in the plans.Plan object. This is currently ignored by
|
|
// Create but will be returned by ReadPlan and so we need to include
|
|
// it here so that we'll get a match when we compare input and output
|
|
// below.
|
|
PrevRunState: prevStateFileIn.State,
|
|
PriorState: stateFileIn.State,
|
|
}
|
|
|
|
workDir, err := ioutil.TempDir("", "tf-planfile")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
planFn := filepath.Join(workDir, "tfplan")
|
|
|
|
err = Create(planFn, snapIn, prevStateFileIn, stateFileIn, planIn)
|
|
if err != nil {
|
|
t.Fatalf("failed to create plan file: %s", err)
|
|
}
|
|
|
|
pr, err := Open(planFn)
|
|
if err != nil {
|
|
t.Fatalf("failed to open plan file for reading: %s", err)
|
|
}
|
|
|
|
t.Run("ReadPlan", func(t *testing.T) {
|
|
planOut, err := pr.ReadPlan()
|
|
if err != nil {
|
|
t.Fatalf("failed to read plan: %s", err)
|
|
}
|
|
if diff := cmp.Diff(planIn, planOut); diff != "" {
|
|
t.Errorf("plan did not survive round-trip\n%s", diff)
|
|
}
|
|
})
|
|
|
|
t.Run("ReadStateFile", func(t *testing.T) {
|
|
stateFileOut, err := pr.ReadStateFile()
|
|
if err != nil {
|
|
t.Fatalf("failed to read state: %s", err)
|
|
}
|
|
if diff := cmp.Diff(stateFileIn, stateFileOut); diff != "" {
|
|
t.Errorf("state file did not survive round-trip\n%s", diff)
|
|
}
|
|
})
|
|
|
|
t.Run("ReadPrevStateFile", func(t *testing.T) {
|
|
prevStateFileOut, err := pr.ReadPrevStateFile()
|
|
if err != nil {
|
|
t.Fatalf("failed to read state: %s", err)
|
|
}
|
|
if diff := cmp.Diff(prevStateFileIn, prevStateFileOut); diff != "" {
|
|
t.Errorf("state file did not survive round-trip\n%s", diff)
|
|
}
|
|
})
|
|
|
|
t.Run("ReadConfigSnapshot", func(t *testing.T) {
|
|
snapOut, err := pr.ReadConfigSnapshot()
|
|
if err != nil {
|
|
t.Fatalf("failed to read config snapshot: %s", err)
|
|
}
|
|
if diff := cmp.Diff(snapIn, snapOut); diff != "" {
|
|
t.Errorf("config snapshot did not survive round-trip\n%s", diff)
|
|
}
|
|
})
|
|
|
|
t.Run("ReadConfig", func(t *testing.T) {
|
|
// Reading from snapshots is tested in the configload package, so
|
|
// here we'll just test that we can successfully do it, to see if the
|
|
// glue code in _this_ package is correct.
|
|
_, diags := pr.ReadConfig()
|
|
if diags.HasErrors() {
|
|
t.Errorf("when reading config: %s", diags.Err())
|
|
}
|
|
})
|
|
}
|