mirror of
https://github.com/opentofu/opentofu.git
synced 2024-12-26 17:01:04 -06:00
f40800b3a4
This is part of a general effort to move all of Terraform's non-library package surface under internal in order to reinforce that these are for internal use within Terraform only. If you were previously importing packages under this prefix into an external codebase, you could pin to an earlier release tag as an interim solution until you've make a plan to achieve the same functionality some other way.
183 lines
4.4 KiB
Go
183 lines
4.4 KiB
Go
package remote
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto/md5"
|
|
"encoding/base64"
|
|
"fmt"
|
|
|
|
tfe "github.com/hashicorp/go-tfe"
|
|
"github.com/hashicorp/terraform/internal/states/remote"
|
|
"github.com/hashicorp/terraform/internal/states/statefile"
|
|
"github.com/hashicorp/terraform/internal/states/statemgr"
|
|
)
|
|
|
|
type remoteClient struct {
|
|
client *tfe.Client
|
|
lockInfo *statemgr.LockInfo
|
|
organization string
|
|
runID string
|
|
stateUploadErr bool
|
|
workspace *tfe.Workspace
|
|
forcePush bool
|
|
}
|
|
|
|
// Get the remote state.
|
|
func (r *remoteClient) Get() (*remote.Payload, error) {
|
|
ctx := context.Background()
|
|
|
|
sv, err := r.client.StateVersions.Current(ctx, r.workspace.ID)
|
|
if err != nil {
|
|
if err == tfe.ErrResourceNotFound {
|
|
// If no state exists, then return nil.
|
|
return nil, nil
|
|
}
|
|
return nil, fmt.Errorf("Error retrieving state: %v", err)
|
|
}
|
|
|
|
state, err := r.client.StateVersions.Download(ctx, sv.DownloadURL)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error downloading state: %v", err)
|
|
}
|
|
|
|
// If the state is empty, then return nil.
|
|
if len(state) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
// Get the MD5 checksum of the state.
|
|
sum := md5.Sum(state)
|
|
|
|
return &remote.Payload{
|
|
Data: state,
|
|
MD5: sum[:],
|
|
}, nil
|
|
}
|
|
|
|
// Put the remote state.
|
|
func (r *remoteClient) Put(state []byte) error {
|
|
ctx := context.Background()
|
|
|
|
// Read the raw state into a Terraform state.
|
|
stateFile, err := statefile.Read(bytes.NewReader(state))
|
|
if err != nil {
|
|
return fmt.Errorf("Error reading state: %s", err)
|
|
}
|
|
|
|
options := tfe.StateVersionCreateOptions{
|
|
Lineage: tfe.String(stateFile.Lineage),
|
|
Serial: tfe.Int64(int64(stateFile.Serial)),
|
|
MD5: tfe.String(fmt.Sprintf("%x", md5.Sum(state))),
|
|
State: tfe.String(base64.StdEncoding.EncodeToString(state)),
|
|
Force: tfe.Bool(r.forcePush),
|
|
}
|
|
|
|
// If we have a run ID, make sure to add it to the options
|
|
// so the state will be properly associated with the run.
|
|
if r.runID != "" {
|
|
options.Run = &tfe.Run{ID: r.runID}
|
|
}
|
|
|
|
// Create the new state.
|
|
_, err = r.client.StateVersions.Create(ctx, r.workspace.ID, options)
|
|
if err != nil {
|
|
r.stateUploadErr = true
|
|
return fmt.Errorf("Error uploading state: %v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Delete the remote state.
|
|
func (r *remoteClient) Delete() error {
|
|
err := r.client.Workspaces.Delete(context.Background(), r.organization, r.workspace.Name)
|
|
if err != nil && err != tfe.ErrResourceNotFound {
|
|
return fmt.Errorf("Error deleting workspace %s: %v", r.workspace.Name, err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// EnableForcePush to allow the remote client to overwrite state
|
|
// by implementing remote.ClientForcePusher
|
|
func (r *remoteClient) EnableForcePush() {
|
|
r.forcePush = true
|
|
}
|
|
|
|
// Lock the remote state.
|
|
func (r *remoteClient) Lock(info *statemgr.LockInfo) (string, error) {
|
|
ctx := context.Background()
|
|
|
|
lockErr := &statemgr.LockError{Info: r.lockInfo}
|
|
|
|
// Lock the workspace.
|
|
_, err := r.client.Workspaces.Lock(ctx, r.workspace.ID, tfe.WorkspaceLockOptions{
|
|
Reason: tfe.String("Locked by Terraform"),
|
|
})
|
|
if err != nil {
|
|
if err == tfe.ErrWorkspaceLocked {
|
|
lockErr.Info = info
|
|
err = fmt.Errorf("%s (lock ID: \"%s/%s\")", err, r.organization, r.workspace.Name)
|
|
}
|
|
lockErr.Err = err
|
|
return "", lockErr
|
|
}
|
|
|
|
r.lockInfo = info
|
|
|
|
return r.lockInfo.ID, nil
|
|
}
|
|
|
|
// Unlock the remote state.
|
|
func (r *remoteClient) Unlock(id string) error {
|
|
ctx := context.Background()
|
|
|
|
// We first check if there was an error while uploading the latest
|
|
// state. If so, we will not unlock the workspace to prevent any
|
|
// changes from being applied until the correct state is uploaded.
|
|
if r.stateUploadErr {
|
|
return nil
|
|
}
|
|
|
|
lockErr := &statemgr.LockError{Info: r.lockInfo}
|
|
|
|
// With lock info this should be treated as a normal unlock.
|
|
if r.lockInfo != nil {
|
|
// Verify the expected lock ID.
|
|
if r.lockInfo.ID != id {
|
|
lockErr.Err = fmt.Errorf("lock ID does not match existing lock")
|
|
return lockErr
|
|
}
|
|
|
|
// Unlock the workspace.
|
|
_, err := r.client.Workspaces.Unlock(ctx, r.workspace.ID)
|
|
if err != nil {
|
|
lockErr.Err = err
|
|
return lockErr
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Verify the optional force-unlock lock ID.
|
|
if r.organization+"/"+r.workspace.Name != id {
|
|
lockErr.Err = fmt.Errorf(
|
|
"lock ID %q does not match existing lock ID \"%s/%s\"",
|
|
id,
|
|
r.organization,
|
|
r.workspace.Name,
|
|
)
|
|
return lockErr
|
|
}
|
|
|
|
// Force unlock the workspace.
|
|
_, err := r.client.Workspaces.ForceUnlock(ctx, r.workspace.ID)
|
|
if err != nil {
|
|
lockErr.Err = err
|
|
return lockErr
|
|
}
|
|
|
|
return nil
|
|
}
|