mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-15 19:22:46 -06:00
1097 lines
27 KiB
Go
1097 lines
27 KiB
Go
// The config package is responsible for loading and validating the
|
|
// configuration.
|
|
package config
|
|
|
|
import (
|
|
"fmt"
|
|
"regexp"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/hashicorp/go-multierror"
|
|
"github.com/hashicorp/go-version"
|
|
"github.com/hashicorp/hil"
|
|
"github.com/hashicorp/hil/ast"
|
|
"github.com/hashicorp/terraform/helper/hilmapstructure"
|
|
"github.com/mitchellh/reflectwalk"
|
|
)
|
|
|
|
// NameRegexp is the regular expression that all names (modules, providers,
|
|
// resources, etc.) must follow.
|
|
var NameRegexp = regexp.MustCompile(`(?i)\A[A-Z0-9_][A-Z0-9\-\_]*\z`)
|
|
|
|
// Config is the configuration that comes from loading a collection
|
|
// of Terraform templates.
|
|
type Config struct {
|
|
// Dir is the path to the directory where this configuration was
|
|
// loaded from. If it is blank, this configuration wasn't loaded from
|
|
// any meaningful directory.
|
|
Dir string
|
|
|
|
Terraform *Terraform
|
|
Atlas *AtlasConfig
|
|
Modules []*Module
|
|
ProviderConfigs []*ProviderConfig
|
|
Resources []*Resource
|
|
Variables []*Variable
|
|
Outputs []*Output
|
|
|
|
// The fields below can be filled in by loaders for validation
|
|
// purposes.
|
|
unknownKeys []string
|
|
}
|
|
|
|
// AtlasConfig is the configuration for building in HashiCorp's Atlas.
|
|
type AtlasConfig struct {
|
|
Name string
|
|
Include []string
|
|
Exclude []string
|
|
}
|
|
|
|
// Module is a module used within a configuration.
|
|
//
|
|
// This does not represent a module itself, this represents a module
|
|
// call-site within an existing configuration.
|
|
type Module struct {
|
|
Name string
|
|
Source string
|
|
RawConfig *RawConfig
|
|
}
|
|
|
|
// ProviderConfig is the configuration for a resource provider.
|
|
//
|
|
// For example, Terraform needs to set the AWS access keys for the AWS
|
|
// resource provider.
|
|
type ProviderConfig struct {
|
|
Name string
|
|
Alias string
|
|
RawConfig *RawConfig
|
|
}
|
|
|
|
// A resource represents a single Terraform resource in the configuration.
|
|
// A Terraform resource is something that supports some or all of the
|
|
// usual "create, read, update, delete" operations, depending on
|
|
// the given Mode.
|
|
type Resource struct {
|
|
Mode ResourceMode // which operations the resource supports
|
|
Name string
|
|
Type string
|
|
RawCount *RawConfig
|
|
RawConfig *RawConfig
|
|
Provisioners []*Provisioner
|
|
Provider string
|
|
DependsOn []string
|
|
Lifecycle ResourceLifecycle
|
|
}
|
|
|
|
// Copy returns a copy of this Resource. Helpful for avoiding shared
|
|
// config pointers across multiple pieces of the graph that need to do
|
|
// interpolation.
|
|
func (r *Resource) Copy() *Resource {
|
|
n := &Resource{
|
|
Mode: r.Mode,
|
|
Name: r.Name,
|
|
Type: r.Type,
|
|
RawCount: r.RawCount.Copy(),
|
|
RawConfig: r.RawConfig.Copy(),
|
|
Provisioners: make([]*Provisioner, 0, len(r.Provisioners)),
|
|
Provider: r.Provider,
|
|
DependsOn: make([]string, len(r.DependsOn)),
|
|
Lifecycle: *r.Lifecycle.Copy(),
|
|
}
|
|
for _, p := range r.Provisioners {
|
|
n.Provisioners = append(n.Provisioners, p.Copy())
|
|
}
|
|
copy(n.DependsOn, r.DependsOn)
|
|
return n
|
|
}
|
|
|
|
// ResourceLifecycle is used to store the lifecycle tuning parameters
|
|
// to allow customized behavior
|
|
type ResourceLifecycle struct {
|
|
CreateBeforeDestroy bool `mapstructure:"create_before_destroy"`
|
|
PreventDestroy bool `mapstructure:"prevent_destroy"`
|
|
IgnoreChanges []string `mapstructure:"ignore_changes"`
|
|
}
|
|
|
|
// Copy returns a copy of this ResourceLifecycle
|
|
func (r *ResourceLifecycle) Copy() *ResourceLifecycle {
|
|
n := &ResourceLifecycle{
|
|
CreateBeforeDestroy: r.CreateBeforeDestroy,
|
|
PreventDestroy: r.PreventDestroy,
|
|
IgnoreChanges: make([]string, len(r.IgnoreChanges)),
|
|
}
|
|
copy(n.IgnoreChanges, r.IgnoreChanges)
|
|
return n
|
|
}
|
|
|
|
// Provisioner is a configured provisioner step on a resource.
|
|
type Provisioner struct {
|
|
Type string
|
|
RawConfig *RawConfig
|
|
ConnInfo *RawConfig
|
|
|
|
When ProvisionerWhen
|
|
OnFailure ProvisionerOnFailure
|
|
}
|
|
|
|
// Copy returns a copy of this Provisioner
|
|
func (p *Provisioner) Copy() *Provisioner {
|
|
return &Provisioner{
|
|
Type: p.Type,
|
|
RawConfig: p.RawConfig.Copy(),
|
|
ConnInfo: p.ConnInfo.Copy(),
|
|
When: p.When,
|
|
OnFailure: p.OnFailure,
|
|
}
|
|
}
|
|
|
|
// Variable is a variable defined within the configuration.
|
|
type Variable struct {
|
|
Name string
|
|
DeclaredType string `mapstructure:"type"`
|
|
Default interface{}
|
|
Description string
|
|
}
|
|
|
|
// Output is an output defined within the configuration. An output is
|
|
// resulting data that is highlighted by Terraform when finished. An
|
|
// output marked Sensitive will be output in a masked form following
|
|
// application, but will still be available in state.
|
|
type Output struct {
|
|
Name string
|
|
DependsOn []string
|
|
Description string
|
|
Sensitive bool
|
|
RawConfig *RawConfig
|
|
}
|
|
|
|
// VariableType is the type of value a variable is holding, and returned
|
|
// by the Type() function on variables.
|
|
type VariableType byte
|
|
|
|
const (
|
|
VariableTypeUnknown VariableType = iota
|
|
VariableTypeString
|
|
VariableTypeList
|
|
VariableTypeMap
|
|
)
|
|
|
|
func (v VariableType) Printable() string {
|
|
switch v {
|
|
case VariableTypeString:
|
|
return "string"
|
|
case VariableTypeMap:
|
|
return "map"
|
|
case VariableTypeList:
|
|
return "list"
|
|
default:
|
|
return "unknown"
|
|
}
|
|
}
|
|
|
|
// ProviderConfigName returns the name of the provider configuration in
|
|
// the given mapping that maps to the proper provider configuration
|
|
// for this resource.
|
|
func ProviderConfigName(t string, pcs []*ProviderConfig) string {
|
|
lk := ""
|
|
for _, v := range pcs {
|
|
k := v.Name
|
|
if strings.HasPrefix(t, k) && len(k) > len(lk) {
|
|
lk = k
|
|
}
|
|
}
|
|
|
|
return lk
|
|
}
|
|
|
|
// A unique identifier for this module.
|
|
func (r *Module) Id() string {
|
|
return fmt.Sprintf("%s", r.Name)
|
|
}
|
|
|
|
// Count returns the count of this resource.
|
|
func (r *Resource) Count() (int, error) {
|
|
v, err := strconv.ParseInt(r.RawCount.Value().(string), 0, 0)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
|
|
return int(v), nil
|
|
}
|
|
|
|
// A unique identifier for this resource.
|
|
func (r *Resource) Id() string {
|
|
switch r.Mode {
|
|
case ManagedResourceMode:
|
|
return fmt.Sprintf("%s.%s", r.Type, r.Name)
|
|
case DataResourceMode:
|
|
return fmt.Sprintf("data.%s.%s", r.Type, r.Name)
|
|
default:
|
|
panic(fmt.Errorf("unknown resource mode %s", r.Mode))
|
|
}
|
|
}
|
|
|
|
// Validate does some basic semantic checking of the configuration.
|
|
func (c *Config) Validate() error {
|
|
if c == nil {
|
|
return nil
|
|
}
|
|
|
|
var errs []error
|
|
|
|
for _, k := range c.unknownKeys {
|
|
errs = append(errs, fmt.Errorf(
|
|
"Unknown root level key: %s", k))
|
|
}
|
|
|
|
// Validate the Terraform config
|
|
if tf := c.Terraform; tf != nil {
|
|
if raw := tf.RequiredVersion; raw != "" {
|
|
// Check that the value has no interpolations
|
|
rc, err := NewRawConfig(map[string]interface{}{
|
|
"root": raw,
|
|
})
|
|
if err != nil {
|
|
errs = append(errs, fmt.Errorf(
|
|
"terraform.required_version: %s", err))
|
|
} else if len(rc.Interpolations) > 0 {
|
|
errs = append(errs, fmt.Errorf(
|
|
"terraform.required_version: cannot contain interpolations"))
|
|
} else {
|
|
// Check it is valid
|
|
_, err := version.NewConstraint(raw)
|
|
if err != nil {
|
|
errs = append(errs, fmt.Errorf(
|
|
"terraform.required_version: invalid syntax: %s", err))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
vars := c.InterpolatedVariables()
|
|
varMap := make(map[string]*Variable)
|
|
for _, v := range c.Variables {
|
|
if _, ok := varMap[v.Name]; ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"Variable '%s': duplicate found. Variable names must be unique.",
|
|
v.Name))
|
|
}
|
|
|
|
varMap[v.Name] = v
|
|
}
|
|
|
|
for k, _ := range varMap {
|
|
if !NameRegexp.MatchString(k) {
|
|
errs = append(errs, fmt.Errorf(
|
|
"variable %q: variable name must match regular expresion %s",
|
|
k, NameRegexp))
|
|
}
|
|
}
|
|
|
|
for _, v := range c.Variables {
|
|
if v.Type() == VariableTypeUnknown {
|
|
errs = append(errs, fmt.Errorf(
|
|
"Variable '%s': must be a string or a map",
|
|
v.Name))
|
|
continue
|
|
}
|
|
|
|
interp := false
|
|
fn := func(ast.Node) (interface{}, error) {
|
|
interp = true
|
|
return "", nil
|
|
}
|
|
|
|
w := &interpolationWalker{F: fn}
|
|
if v.Default != nil {
|
|
if err := reflectwalk.Walk(v.Default, w); err == nil {
|
|
if interp {
|
|
errs = append(errs, fmt.Errorf(
|
|
"Variable '%s': cannot contain interpolations",
|
|
v.Name))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check for references to user variables that do not actually
|
|
// exist and record those errors.
|
|
for source, vs := range vars {
|
|
for _, v := range vs {
|
|
uv, ok := v.(*UserVariable)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
if _, ok := varMap[uv.Name]; !ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: unknown variable referenced: '%s'. define it with 'variable' blocks",
|
|
source,
|
|
uv.Name))
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check that all count variables are valid.
|
|
for source, vs := range vars {
|
|
for _, rawV := range vs {
|
|
switch v := rawV.(type) {
|
|
case *CountVariable:
|
|
if v.Type == CountValueInvalid {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: invalid count variable: %s",
|
|
source,
|
|
v.FullKey()))
|
|
}
|
|
case *PathVariable:
|
|
if v.Type == PathValueInvalid {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: invalid path variable: %s",
|
|
source,
|
|
v.FullKey()))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check that providers aren't declared multiple times.
|
|
providerSet := make(map[string]struct{})
|
|
for _, p := range c.ProviderConfigs {
|
|
name := p.FullName()
|
|
if _, ok := providerSet[name]; ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"provider.%s: declared multiple times, you can only declare a provider once",
|
|
name))
|
|
continue
|
|
}
|
|
|
|
providerSet[name] = struct{}{}
|
|
}
|
|
|
|
// Check that all references to modules are valid
|
|
modules := make(map[string]*Module)
|
|
dupped := make(map[string]struct{})
|
|
for _, m := range c.Modules {
|
|
// Check for duplicates
|
|
if _, ok := modules[m.Id()]; ok {
|
|
if _, ok := dupped[m.Id()]; !ok {
|
|
dupped[m.Id()] = struct{}{}
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: module repeated multiple times",
|
|
m.Id()))
|
|
}
|
|
|
|
// Already seen this module, just skip it
|
|
continue
|
|
}
|
|
|
|
modules[m.Id()] = m
|
|
|
|
// Check that the source has no interpolations
|
|
rc, err := NewRawConfig(map[string]interface{}{
|
|
"root": m.Source,
|
|
})
|
|
if err != nil {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: module source error: %s",
|
|
m.Id(), err))
|
|
} else if len(rc.Interpolations) > 0 {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: module source cannot contain interpolations",
|
|
m.Id()))
|
|
}
|
|
|
|
// Check that the name matches our regexp
|
|
if !NameRegexp.Match([]byte(m.Name)) {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: module name can only contain letters, numbers, "+
|
|
"dashes, and underscores",
|
|
m.Id()))
|
|
}
|
|
|
|
// Check that the configuration can all be strings, lists or maps
|
|
raw := make(map[string]interface{})
|
|
for k, v := range m.RawConfig.Raw {
|
|
var strVal string
|
|
if err := hilmapstructure.WeakDecode(v, &strVal); err == nil {
|
|
raw[k] = strVal
|
|
continue
|
|
}
|
|
|
|
var mapVal map[string]interface{}
|
|
if err := hilmapstructure.WeakDecode(v, &mapVal); err == nil {
|
|
raw[k] = mapVal
|
|
continue
|
|
}
|
|
|
|
var sliceVal []interface{}
|
|
if err := hilmapstructure.WeakDecode(v, &sliceVal); err == nil {
|
|
raw[k] = sliceVal
|
|
continue
|
|
}
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: variable %s must be a string, list or map value",
|
|
m.Id(), k))
|
|
}
|
|
|
|
// Check for invalid count variables
|
|
for _, v := range m.RawConfig.Variables {
|
|
switch v.(type) {
|
|
case *CountVariable:
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: count variables are only valid within resources", m.Name))
|
|
case *SelfVariable:
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: self variables are only valid within resources", m.Name))
|
|
}
|
|
}
|
|
|
|
// Update the raw configuration to only contain the string values
|
|
m.RawConfig, err = NewRawConfig(raw)
|
|
if err != nil {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: can't initialize configuration: %s",
|
|
m.Id(), err))
|
|
}
|
|
}
|
|
dupped = nil
|
|
|
|
// Check that all variables for modules reference modules that
|
|
// exist.
|
|
for source, vs := range vars {
|
|
for _, v := range vs {
|
|
mv, ok := v.(*ModuleVariable)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
if _, ok := modules[mv.Name]; !ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: unknown module referenced: %s",
|
|
source,
|
|
mv.Name))
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check that all references to resources are valid
|
|
resources := make(map[string]*Resource)
|
|
dupped = make(map[string]struct{})
|
|
for _, r := range c.Resources {
|
|
if _, ok := resources[r.Id()]; ok {
|
|
if _, ok := dupped[r.Id()]; !ok {
|
|
dupped[r.Id()] = struct{}{}
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: resource repeated multiple times",
|
|
r.Id()))
|
|
}
|
|
}
|
|
|
|
resources[r.Id()] = r
|
|
}
|
|
dupped = nil
|
|
|
|
// Validate resources
|
|
for n, r := range resources {
|
|
// Verify count variables
|
|
for _, v := range r.RawCount.Variables {
|
|
switch v.(type) {
|
|
case *CountVariable:
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: resource count can't reference count variable: %s",
|
|
n,
|
|
v.FullKey()))
|
|
case *ModuleVariable:
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: resource count can't reference module variable: %s",
|
|
n,
|
|
v.FullKey()))
|
|
case *ResourceVariable:
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: resource count can't reference resource variable: %s",
|
|
n,
|
|
v.FullKey()))
|
|
case *SimpleVariable:
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: resource count can't reference variable: %s",
|
|
n,
|
|
v.FullKey()))
|
|
case *UserVariable:
|
|
// Good
|
|
default:
|
|
panic(fmt.Sprintf("Unknown type in count var in %s: %T", n, v))
|
|
}
|
|
}
|
|
|
|
// Interpolate with a fixed number to verify that its a number.
|
|
r.RawCount.interpolate(func(root ast.Node) (interface{}, error) {
|
|
// Execute the node but transform the AST so that it returns
|
|
// a fixed value of "5" for all interpolations.
|
|
result, err := hil.Eval(
|
|
hil.FixedValueTransform(
|
|
root, &ast.LiteralNode{Value: "5", Typex: ast.TypeString}),
|
|
nil)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return result.Value, nil
|
|
})
|
|
_, err := strconv.ParseInt(r.RawCount.Value().(string), 0, 0)
|
|
if err != nil {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: resource count must be an integer",
|
|
n))
|
|
}
|
|
r.RawCount.init()
|
|
|
|
// Validate DependsOn
|
|
errs = append(errs, c.validateDependsOn(n, r.DependsOn, resources, modules)...)
|
|
|
|
// Verify provisioners
|
|
for _, p := range r.Provisioners {
|
|
// This validation checks that there are now splat variables
|
|
// referencing ourself. This currently is not allowed.
|
|
|
|
for _, v := range p.ConnInfo.Variables {
|
|
rv, ok := v.(*ResourceVariable)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
if rv.Multi && rv.Index == -1 && rv.Type == r.Type && rv.Name == r.Name {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: connection info cannot contain splat variable "+
|
|
"referencing itself", n))
|
|
break
|
|
}
|
|
}
|
|
|
|
for _, v := range p.RawConfig.Variables {
|
|
rv, ok := v.(*ResourceVariable)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
if rv.Multi && rv.Index == -1 && rv.Type == r.Type && rv.Name == r.Name {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: connection info cannot contain splat variable "+
|
|
"referencing itself", n))
|
|
break
|
|
}
|
|
}
|
|
|
|
// Check for invalid when/onFailure values, though this should be
|
|
// picked up by the loader we check here just in case.
|
|
if p.When == ProvisionerWhenInvalid {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: provisioner 'when' value is invalid", n))
|
|
}
|
|
if p.OnFailure == ProvisionerOnFailureInvalid {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: provisioner 'on_failure' value is invalid", n))
|
|
}
|
|
}
|
|
|
|
// Verify ignore_changes contains valid entries
|
|
for _, v := range r.Lifecycle.IgnoreChanges {
|
|
if strings.Contains(v, "*") && v != "*" {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: ignore_changes does not support using a partial string "+
|
|
"together with a wildcard: %s", n, v))
|
|
}
|
|
}
|
|
|
|
// Verify ignore_changes has no interpolations
|
|
rc, err := NewRawConfig(map[string]interface{}{
|
|
"root": r.Lifecycle.IgnoreChanges,
|
|
})
|
|
if err != nil {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: lifecycle ignore_changes error: %s",
|
|
n, err))
|
|
} else if len(rc.Interpolations) > 0 {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: lifecycle ignore_changes cannot contain interpolations",
|
|
n))
|
|
}
|
|
|
|
// If it is a data source then it can't have provisioners
|
|
if r.Mode == DataResourceMode {
|
|
if _, ok := r.RawConfig.Raw["provisioner"]; ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: data sources cannot have provisioners",
|
|
n))
|
|
}
|
|
}
|
|
}
|
|
|
|
for source, vs := range vars {
|
|
for _, v := range vs {
|
|
rv, ok := v.(*ResourceVariable)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
id := rv.ResourceId()
|
|
if _, ok := resources[id]; !ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: unknown resource '%s' referenced in variable %s",
|
|
source,
|
|
id,
|
|
rv.FullKey()))
|
|
continue
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check that all outputs are valid
|
|
{
|
|
found := make(map[string]struct{})
|
|
for _, o := range c.Outputs {
|
|
// Verify the output is new
|
|
if _, ok := found[o.Name]; ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: duplicate output. output names must be unique.",
|
|
o.Name))
|
|
continue
|
|
}
|
|
found[o.Name] = struct{}{}
|
|
|
|
var invalidKeys []string
|
|
valueKeyFound := false
|
|
for k := range o.RawConfig.Raw {
|
|
if k == "value" {
|
|
valueKeyFound = true
|
|
continue
|
|
}
|
|
if k == "sensitive" {
|
|
if sensitive, ok := o.RawConfig.config[k].(bool); ok {
|
|
if sensitive {
|
|
o.Sensitive = true
|
|
}
|
|
continue
|
|
}
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: value for 'sensitive' must be boolean",
|
|
o.Name))
|
|
continue
|
|
}
|
|
if k == "description" {
|
|
if desc, ok := o.RawConfig.config[k].(string); ok {
|
|
o.Description = desc
|
|
continue
|
|
}
|
|
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: value for 'description' must be string",
|
|
o.Name))
|
|
continue
|
|
}
|
|
invalidKeys = append(invalidKeys, k)
|
|
}
|
|
if len(invalidKeys) > 0 {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: output has invalid keys: %s",
|
|
o.Name, strings.Join(invalidKeys, ", ")))
|
|
}
|
|
if !valueKeyFound {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: output is missing required 'value' key", o.Name))
|
|
}
|
|
|
|
for _, v := range o.RawConfig.Variables {
|
|
if _, ok := v.(*CountVariable); ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: count variables are only valid within resources", o.Name))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check that all variables are in the proper context
|
|
for source, rc := range c.rawConfigs() {
|
|
walker := &interpolationWalker{
|
|
ContextF: c.validateVarContextFn(source, &errs),
|
|
}
|
|
if err := reflectwalk.Walk(rc.Raw, walker); err != nil {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: error reading config: %s", source, err))
|
|
}
|
|
}
|
|
|
|
// Validate the self variable
|
|
for source, rc := range c.rawConfigs() {
|
|
// Ignore provisioners. This is a pretty brittle way to do this,
|
|
// but better than also repeating all the resources.
|
|
if strings.Contains(source, "provision") {
|
|
continue
|
|
}
|
|
|
|
for _, v := range rc.Variables {
|
|
if _, ok := v.(*SelfVariable); ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: cannot contain self-reference %s", source, v.FullKey()))
|
|
}
|
|
}
|
|
}
|
|
|
|
if len(errs) > 0 {
|
|
return &multierror.Error{Errors: errs}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// InterpolatedVariables is a helper that returns a mapping of all the interpolated
|
|
// variables within the configuration. This is used to verify references
|
|
// are valid in the Validate step.
|
|
func (c *Config) InterpolatedVariables() map[string][]InterpolatedVariable {
|
|
result := make(map[string][]InterpolatedVariable)
|
|
for source, rc := range c.rawConfigs() {
|
|
for _, v := range rc.Variables {
|
|
result[source] = append(result[source], v)
|
|
}
|
|
}
|
|
return result
|
|
}
|
|
|
|
// rawConfigs returns all of the RawConfigs that are available keyed by
|
|
// a human-friendly source.
|
|
func (c *Config) rawConfigs() map[string]*RawConfig {
|
|
result := make(map[string]*RawConfig)
|
|
for _, m := range c.Modules {
|
|
source := fmt.Sprintf("module '%s'", m.Name)
|
|
result[source] = m.RawConfig
|
|
}
|
|
|
|
for _, pc := range c.ProviderConfigs {
|
|
source := fmt.Sprintf("provider config '%s'", pc.Name)
|
|
result[source] = pc.RawConfig
|
|
}
|
|
|
|
for _, rc := range c.Resources {
|
|
source := fmt.Sprintf("resource '%s'", rc.Id())
|
|
result[source+" count"] = rc.RawCount
|
|
result[source+" config"] = rc.RawConfig
|
|
|
|
for i, p := range rc.Provisioners {
|
|
subsource := fmt.Sprintf(
|
|
"%s provisioner %s (#%d)",
|
|
source, p.Type, i+1)
|
|
result[subsource] = p.RawConfig
|
|
}
|
|
}
|
|
|
|
for _, o := range c.Outputs {
|
|
source := fmt.Sprintf("output '%s'", o.Name)
|
|
result[source] = o.RawConfig
|
|
}
|
|
|
|
return result
|
|
}
|
|
|
|
func (c *Config) validateVarContextFn(
|
|
source string, errs *[]error) interpolationWalkerContextFunc {
|
|
return func(loc reflectwalk.Location, node ast.Node) {
|
|
// If we're in a slice element, then its fine, since you can do
|
|
// anything in there.
|
|
if loc == reflectwalk.SliceElem {
|
|
return
|
|
}
|
|
|
|
// Otherwise, let's check if there is a splat resource variable
|
|
// at the top level in here. We do this by doing a transform that
|
|
// replaces everything with a noop node unless its a variable
|
|
// access or concat. This should turn the AST into a flat tree
|
|
// of Concat(Noop, ...). If there are any variables left that are
|
|
// multi-access, then its still broken.
|
|
node = node.Accept(func(n ast.Node) ast.Node {
|
|
// If it is a concat or variable access, we allow it.
|
|
switch n.(type) {
|
|
case *ast.Output:
|
|
return n
|
|
case *ast.VariableAccess:
|
|
return n
|
|
}
|
|
|
|
// Otherwise, noop
|
|
return &noopNode{}
|
|
})
|
|
|
|
vars, err := DetectVariables(node)
|
|
if err != nil {
|
|
// Ignore it since this will be caught during parse. This
|
|
// actually probably should never happen by the time this
|
|
// is called, but its okay.
|
|
return
|
|
}
|
|
|
|
for _, v := range vars {
|
|
rv, ok := v.(*ResourceVariable)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
if rv.Multi && rv.Index == -1 {
|
|
*errs = append(*errs, fmt.Errorf(
|
|
"%s: use of the splat ('*') operator must be wrapped in a list declaration",
|
|
source))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func (c *Config) validateDependsOn(
|
|
n string,
|
|
v []string,
|
|
resources map[string]*Resource,
|
|
modules map[string]*Module) []error {
|
|
// Verify depends on points to resources that all exist
|
|
var errs []error
|
|
for _, d := range v {
|
|
// Check if we contain interpolations
|
|
rc, err := NewRawConfig(map[string]interface{}{
|
|
"value": d,
|
|
})
|
|
if err == nil && len(rc.Variables) > 0 {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: depends on value cannot contain interpolations: %s",
|
|
n, d))
|
|
continue
|
|
}
|
|
|
|
// If it is a module, verify it is a module
|
|
if strings.HasPrefix(d, "module.") {
|
|
name := d[len("module."):]
|
|
if _, ok := modules[name]; !ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: resource depends on non-existent module '%s'",
|
|
n, name))
|
|
}
|
|
|
|
continue
|
|
}
|
|
|
|
// Check resources
|
|
if _, ok := resources[d]; !ok {
|
|
errs = append(errs, fmt.Errorf(
|
|
"%s: resource depends on non-existent resource '%s'",
|
|
n, d))
|
|
}
|
|
}
|
|
|
|
return errs
|
|
}
|
|
|
|
func (m *Module) mergerName() string {
|
|
return m.Id()
|
|
}
|
|
|
|
func (m *Module) mergerMerge(other merger) merger {
|
|
m2 := other.(*Module)
|
|
|
|
result := *m
|
|
result.Name = m2.Name
|
|
result.RawConfig = result.RawConfig.merge(m2.RawConfig)
|
|
|
|
if m2.Source != "" {
|
|
result.Source = m2.Source
|
|
}
|
|
|
|
return &result
|
|
}
|
|
|
|
func (o *Output) mergerName() string {
|
|
return o.Name
|
|
}
|
|
|
|
func (o *Output) mergerMerge(m merger) merger {
|
|
o2 := m.(*Output)
|
|
|
|
result := *o
|
|
result.Name = o2.Name
|
|
result.Description = o2.Description
|
|
result.RawConfig = result.RawConfig.merge(o2.RawConfig)
|
|
result.Sensitive = o2.Sensitive
|
|
result.DependsOn = o2.DependsOn
|
|
|
|
return &result
|
|
}
|
|
|
|
func (c *ProviderConfig) GoString() string {
|
|
return fmt.Sprintf("*%#v", *c)
|
|
}
|
|
|
|
func (c *ProviderConfig) FullName() string {
|
|
if c.Alias == "" {
|
|
return c.Name
|
|
}
|
|
|
|
return fmt.Sprintf("%s.%s", c.Name, c.Alias)
|
|
}
|
|
|
|
func (c *ProviderConfig) mergerName() string {
|
|
return c.Name
|
|
}
|
|
|
|
func (c *ProviderConfig) mergerMerge(m merger) merger {
|
|
c2 := m.(*ProviderConfig)
|
|
|
|
result := *c
|
|
result.Name = c2.Name
|
|
result.RawConfig = result.RawConfig.merge(c2.RawConfig)
|
|
|
|
if c2.Alias != "" {
|
|
result.Alias = c2.Alias
|
|
}
|
|
|
|
return &result
|
|
}
|
|
|
|
func (r *Resource) mergerName() string {
|
|
return r.Id()
|
|
}
|
|
|
|
func (r *Resource) mergerMerge(m merger) merger {
|
|
r2 := m.(*Resource)
|
|
|
|
result := *r
|
|
result.Mode = r2.Mode
|
|
result.Name = r2.Name
|
|
result.Type = r2.Type
|
|
result.RawConfig = result.RawConfig.merge(r2.RawConfig)
|
|
|
|
if r2.RawCount.Value() != "1" {
|
|
result.RawCount = r2.RawCount
|
|
}
|
|
|
|
if len(r2.Provisioners) > 0 {
|
|
result.Provisioners = r2.Provisioners
|
|
}
|
|
|
|
return &result
|
|
}
|
|
|
|
// Merge merges two variables to create a new third variable.
|
|
func (v *Variable) Merge(v2 *Variable) *Variable {
|
|
// Shallow copy the variable
|
|
result := *v
|
|
|
|
// The names should be the same, but the second name always wins.
|
|
result.Name = v2.Name
|
|
|
|
if v2.DeclaredType != "" {
|
|
result.DeclaredType = v2.DeclaredType
|
|
}
|
|
if v2.Default != nil {
|
|
result.Default = v2.Default
|
|
}
|
|
if v2.Description != "" {
|
|
result.Description = v2.Description
|
|
}
|
|
|
|
return &result
|
|
}
|
|
|
|
var typeStringMap = map[string]VariableType{
|
|
"string": VariableTypeString,
|
|
"map": VariableTypeMap,
|
|
"list": VariableTypeList,
|
|
}
|
|
|
|
// Type returns the type of variable this is.
|
|
func (v *Variable) Type() VariableType {
|
|
if v.DeclaredType != "" {
|
|
declaredType, ok := typeStringMap[v.DeclaredType]
|
|
if !ok {
|
|
return VariableTypeUnknown
|
|
}
|
|
|
|
return declaredType
|
|
}
|
|
|
|
return v.inferTypeFromDefault()
|
|
}
|
|
|
|
// ValidateTypeAndDefault ensures that default variable value is compatible
|
|
// with the declared type (if one exists), and that the type is one which is
|
|
// known to Terraform
|
|
func (v *Variable) ValidateTypeAndDefault() error {
|
|
// If an explicit type is declared, ensure it is valid
|
|
if v.DeclaredType != "" {
|
|
if _, ok := typeStringMap[v.DeclaredType]; !ok {
|
|
return fmt.Errorf("Variable '%s' must be of type string or map - '%s' is not a valid type", v.Name, v.DeclaredType)
|
|
}
|
|
}
|
|
|
|
if v.DeclaredType == "" || v.Default == nil {
|
|
return nil
|
|
}
|
|
|
|
if v.inferTypeFromDefault() != v.Type() {
|
|
return fmt.Errorf("'%s' has a default value which is not of type '%s' (got '%s')",
|
|
v.Name, v.DeclaredType, v.inferTypeFromDefault().Printable())
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (v *Variable) mergerName() string {
|
|
return v.Name
|
|
}
|
|
|
|
func (v *Variable) mergerMerge(m merger) merger {
|
|
return v.Merge(m.(*Variable))
|
|
}
|
|
|
|
// Required tests whether a variable is required or not.
|
|
func (v *Variable) Required() bool {
|
|
return v.Default == nil
|
|
}
|
|
|
|
// inferTypeFromDefault contains the logic for the old method of inferring
|
|
// variable types - we can also use this for validating that the declared
|
|
// type matches the type of the default value
|
|
func (v *Variable) inferTypeFromDefault() VariableType {
|
|
if v.Default == nil {
|
|
return VariableTypeString
|
|
}
|
|
|
|
var s string
|
|
if err := hilmapstructure.WeakDecode(v.Default, &s); err == nil {
|
|
v.Default = s
|
|
return VariableTypeString
|
|
}
|
|
|
|
var m map[string]interface{}
|
|
if err := hilmapstructure.WeakDecode(v.Default, &m); err == nil {
|
|
v.Default = m
|
|
return VariableTypeMap
|
|
}
|
|
|
|
var l []interface{}
|
|
if err := hilmapstructure.WeakDecode(v.Default, &l); err == nil {
|
|
v.Default = l
|
|
return VariableTypeList
|
|
}
|
|
|
|
return VariableTypeUnknown
|
|
}
|
|
|
|
func (m ResourceMode) Taintable() bool {
|
|
switch m {
|
|
case ManagedResourceMode:
|
|
return true
|
|
case DataResourceMode:
|
|
return false
|
|
default:
|
|
panic(fmt.Errorf("unsupported ResourceMode value %s", m))
|
|
}
|
|
}
|