mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-02 12:17:39 -06:00
718fa3895f
The presence of this field was confusing because in practice the local backend doesn't use it for anything and the remote backend was using it only to return an error if it's set to anything other than the default, under the assumption that it would always match ContextOpts.Parallelism. The "command" package is the one actually responsible for handling this option, and it does so by placing it into the partial ContextOpts which it passes into the backend when preparing for a local operation. To make that clearer, here we remove Operation.Parallelism and change the few uses of it to refer to ContextOpts.Parallelism instead, so that everyone is reading and writing this value from the same place.
302 lines
9.2 KiB
Go
302 lines
9.2 KiB
Go
package remote
|
|
|
|
import (
|
|
"bufio"
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
|
|
tfe "github.com/hashicorp/go-tfe"
|
|
version "github.com/hashicorp/go-version"
|
|
"github.com/hashicorp/terraform/internal/backend"
|
|
"github.com/hashicorp/terraform/internal/plans"
|
|
"github.com/hashicorp/terraform/internal/terraform"
|
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
|
)
|
|
|
|
func (b *Remote) opApply(stopCtx, cancelCtx context.Context, op *backend.Operation, w *tfe.Workspace) (*tfe.Run, error) {
|
|
log.Printf("[INFO] backend/remote: starting Apply operation")
|
|
|
|
var diags tfdiags.Diagnostics
|
|
|
|
// We should remove the `CanUpdate` part of this test, but for now
|
|
// (to remain compatible with tfe.v2.1) we'll leave it in here.
|
|
if !w.Permissions.CanUpdate && !w.Permissions.CanQueueApply {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Insufficient rights to apply changes",
|
|
"The provided credentials have insufficient rights to apply changes. In order "+
|
|
"to apply changes at least write permissions on the workspace are required.",
|
|
))
|
|
return nil, diags.Err()
|
|
}
|
|
|
|
if w.VCSRepo != nil {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Apply not allowed for workspaces with a VCS connection",
|
|
"A workspace that is connected to a VCS requires the VCS-driven workflow "+
|
|
"to ensure that the VCS remains the single source of truth.",
|
|
))
|
|
return nil, diags.Err()
|
|
}
|
|
|
|
if b.ContextOpts != nil && b.ContextOpts.Parallelism != defaultParallelism {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Custom parallelism values are currently not supported",
|
|
`The "remote" backend does not support setting a custom parallelism `+
|
|
`value at this time.`,
|
|
))
|
|
}
|
|
|
|
if op.PlanFile != nil {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Applying a saved plan is currently not supported",
|
|
`The "remote" backend currently requires configuration to be present and `+
|
|
`does not accept an existing saved plan as an argument at this time.`,
|
|
))
|
|
}
|
|
|
|
if b.hasExplicitVariableValues(op) {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Run variables are currently not supported",
|
|
fmt.Sprintf(
|
|
"The \"remote\" backend does not support setting run variables at this time. "+
|
|
"Currently the only to way to pass variables to the remote backend is by "+
|
|
"creating a '*.auto.tfvars' variables file. This file will automatically "+
|
|
"be loaded by the \"remote\" backend when the workspace is configured to use "+
|
|
"Terraform v0.10.0 or later.\n\nAdditionally you can also set variables on "+
|
|
"the workspace in the web UI:\nhttps://%s/app/%s/%s/variables",
|
|
b.hostname, b.organization, op.Workspace,
|
|
),
|
|
))
|
|
}
|
|
|
|
if !op.HasConfig() && op.PlanMode != plans.DestroyMode {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"No configuration files found",
|
|
`Apply requires configuration to be present. Applying without a configuration `+
|
|
`would mark everything for destruction, which is normally not what is desired. `+
|
|
`If you would like to destroy everything, please run 'terraform destroy' which `+
|
|
`does not require any configuration files.`,
|
|
))
|
|
}
|
|
|
|
// For API versions prior to 2.3, RemoteAPIVersion will return an empty string,
|
|
// so if there's an error when parsing the RemoteAPIVersion, it's handled as
|
|
// equivalent to an API version < 2.3.
|
|
currentAPIVersion, parseErr := version.NewVersion(b.client.RemoteAPIVersion())
|
|
|
|
if !op.PlanRefresh {
|
|
desiredAPIVersion, _ := version.NewVersion("2.4")
|
|
|
|
if parseErr != nil || currentAPIVersion.LessThan(desiredAPIVersion) {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Planning without refresh is not supported",
|
|
fmt.Sprintf(
|
|
`The host %s does not support the -refresh=false option for `+
|
|
`remote plans.`,
|
|
b.hostname,
|
|
),
|
|
))
|
|
}
|
|
}
|
|
|
|
if op.PlanMode == plans.RefreshOnlyMode {
|
|
desiredAPIVersion, _ := version.NewVersion("2.4")
|
|
|
|
if parseErr != nil || currentAPIVersion.LessThan(desiredAPIVersion) {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Refresh-only mode is not supported",
|
|
fmt.Sprintf(
|
|
`The host %s does not support -refresh-only mode for `+
|
|
`remote plans.`,
|
|
b.hostname,
|
|
),
|
|
))
|
|
}
|
|
}
|
|
|
|
if len(op.ForceReplace) != 0 {
|
|
desiredAPIVersion, _ := version.NewVersion("2.4")
|
|
|
|
if parseErr != nil || currentAPIVersion.LessThan(desiredAPIVersion) {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Planning resource replacements is not supported",
|
|
fmt.Sprintf(
|
|
`The host %s does not support the -replace option for `+
|
|
`remote plans.`,
|
|
b.hostname,
|
|
),
|
|
))
|
|
}
|
|
}
|
|
|
|
if len(op.Targets) != 0 {
|
|
desiredAPIVersion, _ := version.NewVersion("2.3")
|
|
|
|
if parseErr != nil || currentAPIVersion.LessThan(desiredAPIVersion) {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Resource targeting is not supported",
|
|
fmt.Sprintf(
|
|
`The host %s does not support the -target option for `+
|
|
`remote plans.`,
|
|
b.hostname,
|
|
),
|
|
))
|
|
}
|
|
}
|
|
|
|
// Return if there are any errors.
|
|
if diags.HasErrors() {
|
|
return nil, diags.Err()
|
|
}
|
|
|
|
// Run the plan phase.
|
|
r, err := b.plan(stopCtx, cancelCtx, op, w)
|
|
if err != nil {
|
|
return r, err
|
|
}
|
|
|
|
// This check is also performed in the plan method to determine if
|
|
// the policies should be checked, but we need to check the values
|
|
// here again to determine if we are done and should return.
|
|
if !r.HasChanges || r.Status == tfe.RunCanceled || r.Status == tfe.RunErrored {
|
|
return r, nil
|
|
}
|
|
|
|
// Retrieve the run to get its current status.
|
|
r, err = b.client.Runs.Read(stopCtx, r.ID)
|
|
if err != nil {
|
|
return r, generalError("Failed to retrieve run", err)
|
|
}
|
|
|
|
// Return if the run cannot be confirmed.
|
|
if !w.AutoApply && !r.Actions.IsConfirmable {
|
|
return r, nil
|
|
}
|
|
|
|
// Since we already checked the permissions before creating the run
|
|
// this should never happen. But it doesn't hurt to keep this in as
|
|
// a safeguard for any unexpected situations.
|
|
if !w.AutoApply && !r.Permissions.CanApply {
|
|
// Make sure we discard the run if possible.
|
|
if r.Actions.IsDiscardable {
|
|
err = b.client.Runs.Discard(stopCtx, r.ID, tfe.RunDiscardOptions{})
|
|
if err != nil {
|
|
switch op.PlanMode {
|
|
case plans.DestroyMode:
|
|
return r, generalError("Failed to discard destroy", err)
|
|
default:
|
|
return r, generalError("Failed to discard apply", err)
|
|
}
|
|
}
|
|
}
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Insufficient rights to approve the pending changes",
|
|
fmt.Sprintf("There are pending changes, but the provided credentials have "+
|
|
"insufficient rights to approve them. The run will be discarded to prevent "+
|
|
"it from blocking the queue waiting for external approval. To queue a run "+
|
|
"that can be approved by someone else, please use the 'Queue Plan' button in "+
|
|
"the web UI:\nhttps://%s/app/%s/%s/runs", b.hostname, b.organization, op.Workspace),
|
|
))
|
|
return r, diags.Err()
|
|
}
|
|
|
|
mustConfirm := (op.UIIn != nil && op.UIOut != nil) && !op.AutoApprove
|
|
|
|
if !w.AutoApply {
|
|
if mustConfirm {
|
|
opts := &terraform.InputOpts{Id: "approve"}
|
|
|
|
if op.PlanMode == plans.DestroyMode {
|
|
opts.Query = "\nDo you really want to destroy all resources in workspace \"" + op.Workspace + "\"?"
|
|
opts.Description = "Terraform will destroy all your managed infrastructure, as shown above.\n" +
|
|
"There is no undo. Only 'yes' will be accepted to confirm."
|
|
} else {
|
|
opts.Query = "\nDo you want to perform these actions in workspace \"" + op.Workspace + "\"?"
|
|
opts.Description = "Terraform will perform the actions described above.\n" +
|
|
"Only 'yes' will be accepted to approve."
|
|
}
|
|
|
|
err = b.confirm(stopCtx, op, opts, r, "yes")
|
|
if err != nil && err != errRunApproved {
|
|
return r, err
|
|
}
|
|
}
|
|
|
|
if err != errRunApproved {
|
|
if err = b.client.Runs.Apply(stopCtx, r.ID, tfe.RunApplyOptions{}); err != nil {
|
|
return r, generalError("Failed to approve the apply command", err)
|
|
}
|
|
}
|
|
}
|
|
|
|
// If we don't need to ask for confirmation, insert a blank
|
|
// line to separate the ouputs.
|
|
if w.AutoApply || !mustConfirm {
|
|
if b.CLI != nil {
|
|
b.CLI.Output("")
|
|
}
|
|
}
|
|
|
|
r, err = b.waitForRun(stopCtx, cancelCtx, op, "apply", r, w)
|
|
if err != nil {
|
|
return r, err
|
|
}
|
|
|
|
logs, err := b.client.Applies.Logs(stopCtx, r.Apply.ID)
|
|
if err != nil {
|
|
return r, generalError("Failed to retrieve logs", err)
|
|
}
|
|
reader := bufio.NewReaderSize(logs, 64*1024)
|
|
|
|
if b.CLI != nil {
|
|
skip := 0
|
|
for next := true; next; {
|
|
var l, line []byte
|
|
|
|
for isPrefix := true; isPrefix; {
|
|
l, isPrefix, err = reader.ReadLine()
|
|
if err != nil {
|
|
if err != io.EOF {
|
|
return r, generalError("Failed to read logs", err)
|
|
}
|
|
next = false
|
|
}
|
|
line = append(line, l...)
|
|
}
|
|
|
|
// Skip the first 3 lines to prevent duplicate output.
|
|
if skip < 3 {
|
|
skip++
|
|
continue
|
|
}
|
|
|
|
if next || len(line) > 0 {
|
|
b.CLI.Output(b.Colorize().Color(string(line)))
|
|
}
|
|
}
|
|
}
|
|
|
|
return r, nil
|
|
}
|
|
|
|
const applyDefaultHeader = `
|
|
[reset][yellow]Running apply in the remote backend. Output will stream here. Pressing Ctrl-C
|
|
will cancel the remote apply if it's still pending. If the apply started it
|
|
will stop streaming the logs, but will not stop the apply running remotely.[reset]
|
|
|
|
Preparing the remote apply...
|
|
`
|