mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-06 22:23:43 -06:00
2064 lines
49 KiB
Go
2064 lines
49 KiB
Go
package terraform
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"log"
|
|
"reflect"
|
|
"regexp"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
|
|
"github.com/hashicorp/go-multierror"
|
|
"github.com/hashicorp/go-version"
|
|
"github.com/hashicorp/terraform/config"
|
|
"github.com/mitchellh/copystructure"
|
|
"github.com/satori/go.uuid"
|
|
)
|
|
|
|
const (
|
|
// StateVersion is the current version for our state file
|
|
StateVersion = 3
|
|
)
|
|
|
|
// rootModulePath is the path of the root module
|
|
var rootModulePath = []string{"root"}
|
|
|
|
// normalizeModulePath takes a raw module path and returns a path that
|
|
// has the rootModulePath prepended to it. If I could go back in time I
|
|
// would've never had a rootModulePath (empty path would be root). We can
|
|
// still fix this but thats a big refactor that my branch doesn't make sense
|
|
// for. Instead, this function normalizes paths.
|
|
func normalizeModulePath(p []string) []string {
|
|
k := len(rootModulePath)
|
|
|
|
// If we already have a root module prefix, we're done
|
|
if len(p) >= len(rootModulePath) {
|
|
if reflect.DeepEqual(p[:k], rootModulePath) {
|
|
return p
|
|
}
|
|
}
|
|
|
|
// None? Prefix it
|
|
result := make([]string, len(rootModulePath)+len(p))
|
|
copy(result, rootModulePath)
|
|
copy(result[k:], p)
|
|
return result
|
|
}
|
|
|
|
// State keeps track of a snapshot state-of-the-world that Terraform
|
|
// can use to keep track of what real world resources it is actually
|
|
// managing.
|
|
type State struct {
|
|
// Version is the state file protocol version.
|
|
Version int `json:"version"`
|
|
|
|
// TFVersion is the version of Terraform that wrote this state.
|
|
TFVersion string `json:"terraform_version,omitempty"`
|
|
|
|
// Serial is incremented on any operation that modifies
|
|
// the State file. It is used to detect potentially conflicting
|
|
// updates.
|
|
Serial int64 `json:"serial"`
|
|
|
|
// Lineage is set when a new, blank state is created and then
|
|
// never updated. This allows us to determine whether the serials
|
|
// of two states can be meaningfully compared.
|
|
// Apart from the guarantee that collisions between two lineages
|
|
// are very unlikely, this value is opaque and external callers
|
|
// should only compare lineage strings byte-for-byte for equality.
|
|
Lineage string `json:"lineage"`
|
|
|
|
// Remote is used to track the metadata required to
|
|
// pull and push state files from a remote storage endpoint.
|
|
Remote *RemoteState `json:"remote,omitempty"`
|
|
|
|
// Backend tracks the configuration for the backend in use with
|
|
// this state. This is used to track any changes in the backend
|
|
// configuration.
|
|
Backend *BackendState `json:"backend,omitempty"`
|
|
|
|
// Modules contains all the modules in a breadth-first order
|
|
Modules []*ModuleState `json:"modules"`
|
|
|
|
mu sync.Mutex
|
|
}
|
|
|
|
func (s *State) Lock() { s.mu.Lock() }
|
|
func (s *State) Unlock() { s.mu.Unlock() }
|
|
|
|
// NewState is used to initialize a blank state
|
|
func NewState() *State {
|
|
s := &State{}
|
|
s.init()
|
|
return s
|
|
}
|
|
|
|
// Children returns the ModuleStates that are direct children of
|
|
// the given path. If the path is "root", for example, then children
|
|
// returned might be "root.child", but not "root.child.grandchild".
|
|
func (s *State) Children(path []string) []*ModuleState {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
// TODO: test
|
|
|
|
return s.children(path)
|
|
}
|
|
|
|
func (s *State) children(path []string) []*ModuleState {
|
|
result := make([]*ModuleState, 0)
|
|
for _, m := range s.Modules {
|
|
if m == nil {
|
|
continue
|
|
}
|
|
|
|
if len(m.Path) != len(path)+1 {
|
|
continue
|
|
}
|
|
if !reflect.DeepEqual(path, m.Path[:len(path)]) {
|
|
continue
|
|
}
|
|
|
|
result = append(result, m)
|
|
}
|
|
|
|
return result
|
|
}
|
|
|
|
// AddModule adds the module with the given path to the state.
|
|
//
|
|
// This should be the preferred method to add module states since it
|
|
// allows us to optimize lookups later as well as control sorting.
|
|
func (s *State) AddModule(path []string) *ModuleState {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
return s.addModule(path)
|
|
}
|
|
|
|
func (s *State) addModule(path []string) *ModuleState {
|
|
// check if the module exists first
|
|
m := s.moduleByPath(path)
|
|
if m != nil {
|
|
return m
|
|
}
|
|
|
|
m = &ModuleState{Path: path}
|
|
m.init()
|
|
s.Modules = append(s.Modules, m)
|
|
s.sort()
|
|
return m
|
|
}
|
|
|
|
// ModuleByPath is used to lookup the module state for the given path.
|
|
// This should be the preferred lookup mechanism as it allows for future
|
|
// lookup optimizations.
|
|
func (s *State) ModuleByPath(path []string) *ModuleState {
|
|
if s == nil {
|
|
return nil
|
|
}
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
return s.moduleByPath(path)
|
|
}
|
|
|
|
func (s *State) moduleByPath(path []string) *ModuleState {
|
|
for _, mod := range s.Modules {
|
|
if mod == nil {
|
|
continue
|
|
}
|
|
if mod.Path == nil {
|
|
panic("missing module path")
|
|
}
|
|
if reflect.DeepEqual(mod.Path, path) {
|
|
return mod
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ModuleOrphans returns all the module orphans in this state by
|
|
// returning their full paths. These paths can be used with ModuleByPath
|
|
// to return the actual state.
|
|
func (s *State) ModuleOrphans(path []string, c *config.Config) [][]string {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
return s.moduleOrphans(path, c)
|
|
|
|
}
|
|
|
|
func (s *State) moduleOrphans(path []string, c *config.Config) [][]string {
|
|
// direct keeps track of what direct children we have both in our config
|
|
// and in our state. childrenKeys keeps track of what isn't an orphan.
|
|
direct := make(map[string]struct{})
|
|
childrenKeys := make(map[string]struct{})
|
|
if c != nil {
|
|
for _, m := range c.Modules {
|
|
childrenKeys[m.Name] = struct{}{}
|
|
direct[m.Name] = struct{}{}
|
|
}
|
|
}
|
|
|
|
// Go over the direct children and find any that aren't in our keys.
|
|
var orphans [][]string
|
|
for _, m := range s.children(path) {
|
|
key := m.Path[len(m.Path)-1]
|
|
|
|
// Record that we found this key as a direct child. We use this
|
|
// later to find orphan nested modules.
|
|
direct[key] = struct{}{}
|
|
|
|
// If we have a direct child still in our config, it is not an orphan
|
|
if _, ok := childrenKeys[key]; ok {
|
|
continue
|
|
}
|
|
|
|
orphans = append(orphans, m.Path)
|
|
}
|
|
|
|
// Find the orphans that are nested...
|
|
for _, m := range s.Modules {
|
|
if m == nil {
|
|
continue
|
|
}
|
|
|
|
// We only want modules that are at least grandchildren
|
|
if len(m.Path) < len(path)+2 {
|
|
continue
|
|
}
|
|
|
|
// If it isn't part of our tree, continue
|
|
if !reflect.DeepEqual(path, m.Path[:len(path)]) {
|
|
continue
|
|
}
|
|
|
|
// If we have the direct child, then just skip it.
|
|
key := m.Path[len(path)]
|
|
if _, ok := direct[key]; ok {
|
|
continue
|
|
}
|
|
|
|
orphanPath := m.Path[:len(path)+1]
|
|
|
|
// Don't double-add if we've already added this orphan (which can happen if
|
|
// there are multiple nested sub-modules that get orphaned together).
|
|
alreadyAdded := false
|
|
for _, o := range orphans {
|
|
if reflect.DeepEqual(o, orphanPath) {
|
|
alreadyAdded = true
|
|
break
|
|
}
|
|
}
|
|
if alreadyAdded {
|
|
continue
|
|
}
|
|
|
|
// Add this orphan
|
|
orphans = append(orphans, orphanPath)
|
|
}
|
|
|
|
return orphans
|
|
}
|
|
|
|
// Empty returns true if the state is empty.
|
|
func (s *State) Empty() bool {
|
|
if s == nil {
|
|
return true
|
|
}
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
return len(s.Modules) == 0
|
|
}
|
|
|
|
// HasResources returns true if the state contains any resources.
|
|
//
|
|
// This is similar to !s.Empty, but returns true also in the case where the
|
|
// state has modules but all of them are devoid of resources.
|
|
func (s *State) HasResources() bool {
|
|
if s.Empty() {
|
|
return false
|
|
}
|
|
|
|
for _, mod := range s.Modules {
|
|
if len(mod.Resources) > 0 {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// IsRemote returns true if State represents a state that exists and is
|
|
// remote.
|
|
func (s *State) IsRemote() bool {
|
|
if s == nil {
|
|
return false
|
|
}
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
if s.Remote == nil {
|
|
return false
|
|
}
|
|
if s.Remote.Type == "" {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
// Validate validates the integrity of this state file.
|
|
//
|
|
// Certain properties of the statefile are expected by Terraform in order
|
|
// to behave properly. The core of Terraform will assume that once it
|
|
// receives a State structure that it has been validated. This validation
|
|
// check should be called to ensure that.
|
|
//
|
|
// If this returns an error, then the user should be notified. The error
|
|
// response will include detailed information on the nature of the error.
|
|
func (s *State) Validate() error {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
var result error
|
|
|
|
// !!!! FOR DEVELOPERS !!!!
|
|
//
|
|
// Any errors returned from this Validate function will BLOCK TERRAFORM
|
|
// from loading a state file. Therefore, this should only contain checks
|
|
// that are only resolvable through manual intervention.
|
|
//
|
|
// !!!! FOR DEVELOPERS !!!!
|
|
|
|
// Make sure there are no duplicate module states. We open a new
|
|
// block here so we can use basic variable names and future validations
|
|
// can do the same.
|
|
{
|
|
found := make(map[string]struct{})
|
|
for _, ms := range s.Modules {
|
|
if ms == nil {
|
|
continue
|
|
}
|
|
|
|
key := strings.Join(ms.Path, ".")
|
|
if _, ok := found[key]; ok {
|
|
result = multierror.Append(result, fmt.Errorf(
|
|
strings.TrimSpace(stateValidateErrMultiModule), key))
|
|
continue
|
|
}
|
|
|
|
found[key] = struct{}{}
|
|
}
|
|
}
|
|
|
|
return result
|
|
}
|
|
|
|
// Remove removes the item in the state at the given address, returning
|
|
// any errors that may have occurred.
|
|
//
|
|
// If the address references a module state or resource, it will delete
|
|
// all children as well. To check what will be deleted, use a StateFilter
|
|
// first.
|
|
func (s *State) Remove(addr ...string) error {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
// Filter out what we need to delete
|
|
filter := &StateFilter{State: s}
|
|
results, err := filter.Filter(addr...)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// If we have no results, just exit early, we're not going to do anything.
|
|
// While what happens below is fairly fast, this is an important early
|
|
// exit since the prune below might modify the state more and we don't
|
|
// want to modify the state if we don't have to.
|
|
if len(results) == 0 {
|
|
return nil
|
|
}
|
|
|
|
// Go through each result and grab what we need
|
|
removed := make(map[interface{}]struct{})
|
|
for _, r := range results {
|
|
// Convert the path to our own type
|
|
path := append([]string{"root"}, r.Path...)
|
|
|
|
// If we removed this already, then ignore
|
|
if _, ok := removed[r.Value]; ok {
|
|
continue
|
|
}
|
|
|
|
// If we removed the parent already, then ignore
|
|
if r.Parent != nil {
|
|
if _, ok := removed[r.Parent.Value]; ok {
|
|
continue
|
|
}
|
|
}
|
|
|
|
// Add this to the removed list
|
|
removed[r.Value] = struct{}{}
|
|
|
|
switch v := r.Value.(type) {
|
|
case *ModuleState:
|
|
s.removeModule(path, v)
|
|
case *ResourceState:
|
|
s.removeResource(path, v)
|
|
case *InstanceState:
|
|
s.removeInstance(path, r.Parent.Value.(*ResourceState), v)
|
|
default:
|
|
return fmt.Errorf("unknown type to delete: %T", r.Value)
|
|
}
|
|
}
|
|
|
|
// Prune since the removal functions often do the bare minimum to
|
|
// remove a thing and may leave around dangling empty modules, resources,
|
|
// etc. Prune will clean that all up.
|
|
s.prune()
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *State) removeModule(path []string, v *ModuleState) {
|
|
for i, m := range s.Modules {
|
|
if m == v {
|
|
s.Modules, s.Modules[len(s.Modules)-1] = append(s.Modules[:i], s.Modules[i+1:]...), nil
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
func (s *State) removeResource(path []string, v *ResourceState) {
|
|
// Get the module this resource lives in. If it doesn't exist, we're done.
|
|
mod := s.moduleByPath(path)
|
|
if mod == nil {
|
|
return
|
|
}
|
|
|
|
// Find this resource. This is a O(N) lookup when if we had the key
|
|
// it could be O(1) but even with thousands of resources this shouldn't
|
|
// matter right now. We can easily up performance here when the time comes.
|
|
for k, r := range mod.Resources {
|
|
if r == v {
|
|
// Found it
|
|
delete(mod.Resources, k)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
func (s *State) removeInstance(path []string, r *ResourceState, v *InstanceState) {
|
|
// Go through the resource and find the instance that matches this
|
|
// (if any) and remove it.
|
|
|
|
// Check primary
|
|
if r.Primary == v {
|
|
r.Primary = nil
|
|
return
|
|
}
|
|
|
|
// Check lists
|
|
lists := [][]*InstanceState{r.Deposed}
|
|
for _, is := range lists {
|
|
for i, instance := range is {
|
|
if instance == v {
|
|
// Found it, remove it
|
|
is, is[len(is)-1] = append(is[:i], is[i+1:]...), nil
|
|
|
|
// Done
|
|
return
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// RootModule returns the ModuleState for the root module
|
|
func (s *State) RootModule() *ModuleState {
|
|
root := s.ModuleByPath(rootModulePath)
|
|
if root == nil {
|
|
panic("missing root module")
|
|
}
|
|
return root
|
|
}
|
|
|
|
// Equal tests if one state is equal to another.
|
|
func (s *State) Equal(other *State) bool {
|
|
// If one is nil, we do a direct check
|
|
if s == nil || other == nil {
|
|
return s == other
|
|
}
|
|
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
return s.equal(other)
|
|
}
|
|
|
|
func (s *State) equal(other *State) bool {
|
|
if s == nil || other == nil {
|
|
return s == other
|
|
}
|
|
|
|
// If the versions are different, they're certainly not equal
|
|
if s.Version != other.Version {
|
|
return false
|
|
}
|
|
|
|
// If any of the modules are not equal, then this state isn't equal
|
|
if len(s.Modules) != len(other.Modules) {
|
|
return false
|
|
}
|
|
for _, m := range s.Modules {
|
|
// This isn't very optimal currently but works.
|
|
otherM := other.moduleByPath(m.Path)
|
|
if otherM == nil {
|
|
return false
|
|
}
|
|
|
|
// If they're not equal, then we're not equal!
|
|
if !m.Equal(otherM) {
|
|
return false
|
|
}
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
type StateAgeComparison int
|
|
|
|
const (
|
|
StateAgeEqual StateAgeComparison = 0
|
|
StateAgeReceiverNewer StateAgeComparison = 1
|
|
StateAgeReceiverOlder StateAgeComparison = -1
|
|
)
|
|
|
|
// CompareAges compares one state with another for which is "older".
|
|
//
|
|
// This is a simple check using the state's serial, and is thus only as
|
|
// reliable as the serial itself. In the normal case, only one state
|
|
// exists for a given combination of lineage/serial, but Terraform
|
|
// does not guarantee this and so the result of this method should be
|
|
// used with care.
|
|
//
|
|
// Returns an integer that is negative if the receiver is older than
|
|
// the argument, positive if the converse, and zero if they are equal.
|
|
// An error is returned if the two states are not of the same lineage,
|
|
// in which case the integer returned has no meaning.
|
|
func (s *State) CompareAges(other *State) (StateAgeComparison, error) {
|
|
// nil states are "older" than actual states
|
|
switch {
|
|
case s != nil && other == nil:
|
|
return StateAgeReceiverNewer, nil
|
|
case s == nil && other != nil:
|
|
return StateAgeReceiverOlder, nil
|
|
case s == nil && other == nil:
|
|
return StateAgeEqual, nil
|
|
}
|
|
|
|
if !s.SameLineage(other) {
|
|
return StateAgeEqual, fmt.Errorf(
|
|
"can't compare two states of differing lineage",
|
|
)
|
|
}
|
|
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
switch {
|
|
case s.Serial < other.Serial:
|
|
return StateAgeReceiverOlder, nil
|
|
case s.Serial > other.Serial:
|
|
return StateAgeReceiverNewer, nil
|
|
default:
|
|
return StateAgeEqual, nil
|
|
}
|
|
}
|
|
|
|
// SameLineage returns true only if the state given in argument belongs
|
|
// to the same "lineage" of states as the reciever.
|
|
func (s *State) SameLineage(other *State) bool {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
// If one of the states has no lineage then it is assumed to predate
|
|
// this concept, and so we'll accept it as belonging to any lineage
|
|
// so that a lineage string can be assigned to newer versions
|
|
// without breaking compatibility with older versions.
|
|
if s.Lineage == "" || other.Lineage == "" {
|
|
return true
|
|
}
|
|
|
|
return s.Lineage == other.Lineage
|
|
}
|
|
|
|
// DeepCopy performs a deep copy of the state structure and returns
|
|
// a new structure.
|
|
func (s *State) DeepCopy() *State {
|
|
copy, err := copystructure.Config{Lock: true}.Copy(s)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return copy.(*State)
|
|
}
|
|
|
|
// IncrementSerialMaybe increments the serial number of this state
|
|
// if it different from the other state.
|
|
func (s *State) IncrementSerialMaybe(other *State) {
|
|
if s == nil {
|
|
return
|
|
}
|
|
if other == nil {
|
|
return
|
|
}
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
if s.Serial > other.Serial {
|
|
return
|
|
}
|
|
if other.TFVersion != s.TFVersion || !s.equal(other) {
|
|
if other.Serial > s.Serial {
|
|
s.Serial = other.Serial
|
|
}
|
|
|
|
s.Serial++
|
|
}
|
|
}
|
|
|
|
// FromFutureTerraform checks if this state was written by a Terraform
|
|
// version from the future.
|
|
func (s *State) FromFutureTerraform() bool {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
// No TF version means it is certainly from the past
|
|
if s.TFVersion == "" {
|
|
return false
|
|
}
|
|
|
|
v := version.Must(version.NewVersion(s.TFVersion))
|
|
return SemVersion.LessThan(v)
|
|
}
|
|
|
|
func (s *State) Init() {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
s.init()
|
|
}
|
|
|
|
func (s *State) init() {
|
|
if s.Version == 0 {
|
|
s.Version = StateVersion
|
|
}
|
|
if s.moduleByPath(rootModulePath) == nil {
|
|
s.addModule(rootModulePath)
|
|
}
|
|
s.ensureHasLineage()
|
|
|
|
for _, mod := range s.Modules {
|
|
if mod != nil {
|
|
mod.init()
|
|
}
|
|
}
|
|
|
|
if s.Remote != nil {
|
|
s.Remote.init()
|
|
}
|
|
|
|
}
|
|
|
|
func (s *State) EnsureHasLineage() {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
s.ensureHasLineage()
|
|
}
|
|
|
|
func (s *State) ensureHasLineage() {
|
|
if s.Lineage == "" {
|
|
s.Lineage = uuid.NewV4().String()
|
|
log.Printf("[DEBUG] New state was assigned lineage %q\n", s.Lineage)
|
|
} else {
|
|
log.Printf("[TRACE] Preserving existing state lineage %q\n", s.Lineage)
|
|
}
|
|
}
|
|
|
|
// AddModuleState insert this module state and override any existing ModuleState
|
|
func (s *State) AddModuleState(mod *ModuleState) {
|
|
mod.init()
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
s.addModuleState(mod)
|
|
}
|
|
|
|
func (s *State) addModuleState(mod *ModuleState) {
|
|
for i, m := range s.Modules {
|
|
if reflect.DeepEqual(m.Path, mod.Path) {
|
|
s.Modules[i] = mod
|
|
return
|
|
}
|
|
}
|
|
|
|
s.Modules = append(s.Modules, mod)
|
|
s.sort()
|
|
}
|
|
|
|
// prune is used to remove any resources that are no longer required
|
|
func (s *State) prune() {
|
|
if s == nil {
|
|
return
|
|
}
|
|
|
|
// Filter out empty modules.
|
|
// A module is always assumed to have a path, and it's length isn't always
|
|
// bounds checked later on. Modules may be "emptied" during destroy, but we
|
|
// never want to store those in the state.
|
|
for i := 0; i < len(s.Modules); i++ {
|
|
if s.Modules[i] == nil || len(s.Modules[i].Path) == 0 {
|
|
s.Modules = append(s.Modules[:i], s.Modules[i+1:]...)
|
|
i--
|
|
}
|
|
}
|
|
|
|
for _, mod := range s.Modules {
|
|
mod.prune()
|
|
}
|
|
if s.Remote != nil && s.Remote.Empty() {
|
|
s.Remote = nil
|
|
}
|
|
}
|
|
|
|
// sort sorts the modules
|
|
func (s *State) sort() {
|
|
sort.Sort(moduleStateSort(s.Modules))
|
|
|
|
// Allow modules to be sorted
|
|
for _, m := range s.Modules {
|
|
if m != nil {
|
|
m.sort()
|
|
}
|
|
}
|
|
}
|
|
|
|
func (s *State) String() string {
|
|
if s == nil {
|
|
return "<nil>"
|
|
}
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
var buf bytes.Buffer
|
|
for _, m := range s.Modules {
|
|
mStr := m.String()
|
|
|
|
// If we're the root module, we just write the output directly.
|
|
if reflect.DeepEqual(m.Path, rootModulePath) {
|
|
buf.WriteString(mStr + "\n")
|
|
continue
|
|
}
|
|
|
|
buf.WriteString(fmt.Sprintf("module.%s:\n", strings.Join(m.Path[1:], ".")))
|
|
|
|
s := bufio.NewScanner(strings.NewReader(mStr))
|
|
for s.Scan() {
|
|
text := s.Text()
|
|
if text != "" {
|
|
text = " " + text
|
|
}
|
|
|
|
buf.WriteString(fmt.Sprintf("%s\n", text))
|
|
}
|
|
}
|
|
|
|
return strings.TrimSpace(buf.String())
|
|
}
|
|
|
|
// BackendState stores the configuration to connect to a remote backend.
|
|
type BackendState struct {
|
|
Type string `json:"type"` // Backend type
|
|
Config map[string]interface{} `json:"config"` // Backend raw config
|
|
|
|
// Hash is the hash code to uniquely identify the original source
|
|
// configuration. We use this to detect when there is a change in
|
|
// configuration even when "type" isn't changed.
|
|
Hash uint64 `json:"hash"`
|
|
}
|
|
|
|
// Empty returns true if BackendState has no state.
|
|
func (s *BackendState) Empty() bool {
|
|
return s == nil || s.Type == ""
|
|
}
|
|
|
|
// RemoteState is used to track the information about a remote
|
|
// state store that we push/pull state to.
|
|
type RemoteState struct {
|
|
// Type controls the client we use for the remote state
|
|
Type string `json:"type"`
|
|
|
|
// Config is used to store arbitrary configuration that
|
|
// is type specific
|
|
Config map[string]string `json:"config"`
|
|
|
|
mu sync.Mutex
|
|
}
|
|
|
|
func (s *RemoteState) Lock() { s.mu.Lock() }
|
|
func (s *RemoteState) Unlock() { s.mu.Unlock() }
|
|
|
|
func (r *RemoteState) init() {
|
|
r.Lock()
|
|
defer r.Unlock()
|
|
|
|
if r.Config == nil {
|
|
r.Config = make(map[string]string)
|
|
}
|
|
}
|
|
|
|
func (r *RemoteState) deepcopy() *RemoteState {
|
|
r.Lock()
|
|
defer r.Unlock()
|
|
|
|
confCopy := make(map[string]string, len(r.Config))
|
|
for k, v := range r.Config {
|
|
confCopy[k] = v
|
|
}
|
|
return &RemoteState{
|
|
Type: r.Type,
|
|
Config: confCopy,
|
|
}
|
|
}
|
|
|
|
func (r *RemoteState) Empty() bool {
|
|
if r == nil {
|
|
return true
|
|
}
|
|
r.Lock()
|
|
defer r.Unlock()
|
|
|
|
return r.Type == ""
|
|
}
|
|
|
|
func (r *RemoteState) Equals(other *RemoteState) bool {
|
|
r.Lock()
|
|
defer r.Unlock()
|
|
|
|
if r.Type != other.Type {
|
|
return false
|
|
}
|
|
if len(r.Config) != len(other.Config) {
|
|
return false
|
|
}
|
|
for k, v := range r.Config {
|
|
if other.Config[k] != v {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
// OutputState is used to track the state relevant to a single output.
|
|
type OutputState struct {
|
|
// Sensitive describes whether the output is considered sensitive,
|
|
// which may lead to masking the value on screen in some cases.
|
|
Sensitive bool `json:"sensitive"`
|
|
// Type describes the structure of Value. Valid values are "string",
|
|
// "map" and "list"
|
|
Type string `json:"type"`
|
|
// Value contains the value of the output, in the structure described
|
|
// by the Type field.
|
|
Value interface{} `json:"value"`
|
|
|
|
mu sync.Mutex
|
|
}
|
|
|
|
func (s *OutputState) Lock() { s.mu.Lock() }
|
|
func (s *OutputState) Unlock() { s.mu.Unlock() }
|
|
|
|
func (s *OutputState) String() string {
|
|
return fmt.Sprintf("%#v", s.Value)
|
|
}
|
|
|
|
// Equal compares two OutputState structures for equality. nil values are
|
|
// considered equal.
|
|
func (s *OutputState) Equal(other *OutputState) bool {
|
|
if s == nil && other == nil {
|
|
return true
|
|
}
|
|
|
|
if s == nil || other == nil {
|
|
return false
|
|
}
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
if s.Type != other.Type {
|
|
return false
|
|
}
|
|
|
|
if s.Sensitive != other.Sensitive {
|
|
return false
|
|
}
|
|
|
|
if !reflect.DeepEqual(s.Value, other.Value) {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
func (s *OutputState) deepcopy() *OutputState {
|
|
if s == nil {
|
|
return nil
|
|
}
|
|
|
|
stateCopy, err := copystructure.Config{Lock: true}.Copy(s)
|
|
if err != nil {
|
|
panic(fmt.Errorf("Error copying output value: %s", err))
|
|
}
|
|
|
|
return stateCopy.(*OutputState)
|
|
}
|
|
|
|
// ModuleState is used to track all the state relevant to a single
|
|
// module. Previous to Terraform 0.3, all state belonged to the "root"
|
|
// module.
|
|
type ModuleState struct {
|
|
// Path is the import path from the root module. Modules imports are
|
|
// always disjoint, so the path represents amodule tree
|
|
Path []string `json:"path"`
|
|
|
|
// Outputs declared by the module and maintained for each module
|
|
// even though only the root module technically needs to be kept.
|
|
// This allows operators to inspect values at the boundaries.
|
|
Outputs map[string]*OutputState `json:"outputs"`
|
|
|
|
// Resources is a mapping of the logically named resource to
|
|
// the state of the resource. Each resource may actually have
|
|
// N instances underneath, although a user only needs to think
|
|
// about the 1:1 case.
|
|
Resources map[string]*ResourceState `json:"resources"`
|
|
|
|
// Dependencies are a list of things that this module relies on
|
|
// existing to remain intact. For example: an module may depend
|
|
// on a VPC ID given by an aws_vpc resource.
|
|
//
|
|
// Terraform uses this information to build valid destruction
|
|
// orders and to warn the user if they're destroying a module that
|
|
// another resource depends on.
|
|
//
|
|
// Things can be put into this list that may not be managed by
|
|
// Terraform. If Terraform doesn't find a matching ID in the
|
|
// overall state, then it assumes it isn't managed and doesn't
|
|
// worry about it.
|
|
Dependencies []string `json:"depends_on"`
|
|
|
|
mu sync.Mutex
|
|
}
|
|
|
|
func (s *ModuleState) Lock() { s.mu.Lock() }
|
|
func (s *ModuleState) Unlock() { s.mu.Unlock() }
|
|
|
|
// Equal tests whether one module state is equal to another.
|
|
func (m *ModuleState) Equal(other *ModuleState) bool {
|
|
m.Lock()
|
|
defer m.Unlock()
|
|
|
|
// Paths must be equal
|
|
if !reflect.DeepEqual(m.Path, other.Path) {
|
|
return false
|
|
}
|
|
|
|
// Outputs must be equal
|
|
if len(m.Outputs) != len(other.Outputs) {
|
|
return false
|
|
}
|
|
for k, v := range m.Outputs {
|
|
if !other.Outputs[k].Equal(v) {
|
|
return false
|
|
}
|
|
}
|
|
|
|
// Dependencies must be equal. This sorts these in place but
|
|
// this shouldn't cause any problems.
|
|
sort.Strings(m.Dependencies)
|
|
sort.Strings(other.Dependencies)
|
|
if len(m.Dependencies) != len(other.Dependencies) {
|
|
return false
|
|
}
|
|
for i, d := range m.Dependencies {
|
|
if other.Dependencies[i] != d {
|
|
return false
|
|
}
|
|
}
|
|
|
|
// Resources must be equal
|
|
if len(m.Resources) != len(other.Resources) {
|
|
return false
|
|
}
|
|
for k, r := range m.Resources {
|
|
otherR, ok := other.Resources[k]
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
if !r.Equal(otherR) {
|
|
return false
|
|
}
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
// IsRoot says whether or not this module diff is for the root module.
|
|
func (m *ModuleState) IsRoot() bool {
|
|
m.Lock()
|
|
defer m.Unlock()
|
|
return reflect.DeepEqual(m.Path, rootModulePath)
|
|
}
|
|
|
|
// IsDescendent returns true if other is a descendent of this module.
|
|
func (m *ModuleState) IsDescendent(other *ModuleState) bool {
|
|
m.Lock()
|
|
defer m.Unlock()
|
|
|
|
i := len(m.Path)
|
|
return len(other.Path) > i && reflect.DeepEqual(other.Path[:i], m.Path)
|
|
}
|
|
|
|
// Orphans returns a list of keys of resources that are in the State
|
|
// but aren't present in the configuration itself. Hence, these keys
|
|
// represent the state of resources that are orphans.
|
|
func (m *ModuleState) Orphans(c *config.Config) []string {
|
|
m.Lock()
|
|
defer m.Unlock()
|
|
|
|
keys := make(map[string]struct{})
|
|
for k, _ := range m.Resources {
|
|
keys[k] = struct{}{}
|
|
}
|
|
|
|
if c != nil {
|
|
for _, r := range c.Resources {
|
|
delete(keys, r.Id())
|
|
|
|
for k, _ := range keys {
|
|
if strings.HasPrefix(k, r.Id()+".") {
|
|
delete(keys, k)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
result := make([]string, 0, len(keys))
|
|
for k, _ := range keys {
|
|
result = append(result, k)
|
|
}
|
|
|
|
return result
|
|
}
|
|
|
|
// View returns a view with the given resource prefix.
|
|
func (m *ModuleState) View(id string) *ModuleState {
|
|
if m == nil {
|
|
return m
|
|
}
|
|
|
|
r := m.deepcopy()
|
|
for k, _ := range r.Resources {
|
|
if id == k || strings.HasPrefix(k, id+".") {
|
|
continue
|
|
}
|
|
|
|
delete(r.Resources, k)
|
|
}
|
|
|
|
return r
|
|
}
|
|
|
|
func (m *ModuleState) init() {
|
|
m.Lock()
|
|
defer m.Unlock()
|
|
|
|
if m.Path == nil {
|
|
m.Path = []string{}
|
|
}
|
|
if m.Outputs == nil {
|
|
m.Outputs = make(map[string]*OutputState)
|
|
}
|
|
if m.Resources == nil {
|
|
m.Resources = make(map[string]*ResourceState)
|
|
}
|
|
|
|
if m.Dependencies == nil {
|
|
m.Dependencies = make([]string, 0)
|
|
}
|
|
|
|
for _, rs := range m.Resources {
|
|
rs.init()
|
|
}
|
|
}
|
|
|
|
func (m *ModuleState) deepcopy() *ModuleState {
|
|
if m == nil {
|
|
return nil
|
|
}
|
|
|
|
stateCopy, err := copystructure.Config{Lock: true}.Copy(m)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return stateCopy.(*ModuleState)
|
|
}
|
|
|
|
// prune is used to remove any resources that are no longer required
|
|
func (m *ModuleState) prune() {
|
|
m.Lock()
|
|
defer m.Unlock()
|
|
|
|
for k, v := range m.Resources {
|
|
if v == nil || (v.Primary == nil || v.Primary.ID == "") && len(v.Deposed) == 0 {
|
|
delete(m.Resources, k)
|
|
continue
|
|
}
|
|
|
|
v.prune()
|
|
}
|
|
|
|
for k, v := range m.Outputs {
|
|
if v.Value == config.UnknownVariableValue {
|
|
delete(m.Outputs, k)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (m *ModuleState) sort() {
|
|
for _, v := range m.Resources {
|
|
v.sort()
|
|
}
|
|
}
|
|
|
|
func (m *ModuleState) String() string {
|
|
m.Lock()
|
|
defer m.Unlock()
|
|
|
|
var buf bytes.Buffer
|
|
|
|
if len(m.Resources) == 0 {
|
|
buf.WriteString("<no state>")
|
|
}
|
|
|
|
names := make([]string, 0, len(m.Resources))
|
|
for name, _ := range m.Resources {
|
|
names = append(names, name)
|
|
}
|
|
sort.Strings(names)
|
|
|
|
for _, k := range names {
|
|
rs := m.Resources[k]
|
|
var id string
|
|
if rs.Primary != nil {
|
|
id = rs.Primary.ID
|
|
}
|
|
if id == "" {
|
|
id = "<not created>"
|
|
}
|
|
|
|
taintStr := ""
|
|
if rs.Primary.Tainted {
|
|
taintStr = " (tainted)"
|
|
}
|
|
|
|
deposedStr := ""
|
|
if len(rs.Deposed) > 0 {
|
|
deposedStr = fmt.Sprintf(" (%d deposed)", len(rs.Deposed))
|
|
}
|
|
|
|
buf.WriteString(fmt.Sprintf("%s:%s%s\n", k, taintStr, deposedStr))
|
|
buf.WriteString(fmt.Sprintf(" ID = %s\n", id))
|
|
if rs.Provider != "" {
|
|
buf.WriteString(fmt.Sprintf(" provider = %s\n", rs.Provider))
|
|
}
|
|
|
|
var attributes map[string]string
|
|
if rs.Primary != nil {
|
|
attributes = rs.Primary.Attributes
|
|
}
|
|
attrKeys := make([]string, 0, len(attributes))
|
|
for ak, _ := range attributes {
|
|
if ak == "id" {
|
|
continue
|
|
}
|
|
|
|
attrKeys = append(attrKeys, ak)
|
|
}
|
|
sort.Strings(attrKeys)
|
|
|
|
for _, ak := range attrKeys {
|
|
av := attributes[ak]
|
|
buf.WriteString(fmt.Sprintf(" %s = %s\n", ak, av))
|
|
}
|
|
|
|
for idx, t := range rs.Deposed {
|
|
taintStr := ""
|
|
if t.Tainted {
|
|
taintStr = " (tainted)"
|
|
}
|
|
buf.WriteString(fmt.Sprintf(" Deposed ID %d = %s%s\n", idx+1, t.ID, taintStr))
|
|
}
|
|
|
|
if len(rs.Dependencies) > 0 {
|
|
buf.WriteString(fmt.Sprintf("\n Dependencies:\n"))
|
|
for _, dep := range rs.Dependencies {
|
|
buf.WriteString(fmt.Sprintf(" %s\n", dep))
|
|
}
|
|
}
|
|
}
|
|
|
|
if len(m.Outputs) > 0 {
|
|
buf.WriteString("\nOutputs:\n\n")
|
|
|
|
ks := make([]string, 0, len(m.Outputs))
|
|
for k, _ := range m.Outputs {
|
|
ks = append(ks, k)
|
|
}
|
|
sort.Strings(ks)
|
|
|
|
for _, k := range ks {
|
|
v := m.Outputs[k]
|
|
switch vTyped := v.Value.(type) {
|
|
case string:
|
|
buf.WriteString(fmt.Sprintf("%s = %s\n", k, vTyped))
|
|
case []interface{}:
|
|
buf.WriteString(fmt.Sprintf("%s = %s\n", k, vTyped))
|
|
case map[string]interface{}:
|
|
var mapKeys []string
|
|
for key, _ := range vTyped {
|
|
mapKeys = append(mapKeys, key)
|
|
}
|
|
sort.Strings(mapKeys)
|
|
|
|
var mapBuf bytes.Buffer
|
|
mapBuf.WriteString("{")
|
|
for _, key := range mapKeys {
|
|
mapBuf.WriteString(fmt.Sprintf("%s:%s ", key, vTyped[key]))
|
|
}
|
|
mapBuf.WriteString("}")
|
|
|
|
buf.WriteString(fmt.Sprintf("%s = %s\n", k, mapBuf.String()))
|
|
}
|
|
}
|
|
}
|
|
|
|
return buf.String()
|
|
}
|
|
|
|
// ResourceStateKey is a structured representation of the key used for the
|
|
// ModuleState.Resources mapping
|
|
type ResourceStateKey struct {
|
|
Name string
|
|
Type string
|
|
Mode config.ResourceMode
|
|
Index int
|
|
}
|
|
|
|
// Equal determines whether two ResourceStateKeys are the same
|
|
func (rsk *ResourceStateKey) Equal(other *ResourceStateKey) bool {
|
|
if rsk == nil || other == nil {
|
|
return false
|
|
}
|
|
if rsk.Mode != other.Mode {
|
|
return false
|
|
}
|
|
if rsk.Type != other.Type {
|
|
return false
|
|
}
|
|
if rsk.Name != other.Name {
|
|
return false
|
|
}
|
|
if rsk.Index != other.Index {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func (rsk *ResourceStateKey) String() string {
|
|
if rsk == nil {
|
|
return ""
|
|
}
|
|
var prefix string
|
|
switch rsk.Mode {
|
|
case config.ManagedResourceMode:
|
|
prefix = ""
|
|
case config.DataResourceMode:
|
|
prefix = "data."
|
|
default:
|
|
panic(fmt.Errorf("unknown resource mode %s", rsk.Mode))
|
|
}
|
|
if rsk.Index == -1 {
|
|
return fmt.Sprintf("%s%s.%s", prefix, rsk.Type, rsk.Name)
|
|
}
|
|
return fmt.Sprintf("%s%s.%s.%d", prefix, rsk.Type, rsk.Name, rsk.Index)
|
|
}
|
|
|
|
// ParseResourceStateKey accepts a key in the format used by
|
|
// ModuleState.Resources and returns a resource name and resource index. In the
|
|
// state, a resource has the format "type.name.index" or "type.name". In the
|
|
// latter case, the index is returned as -1.
|
|
func ParseResourceStateKey(k string) (*ResourceStateKey, error) {
|
|
parts := strings.Split(k, ".")
|
|
mode := config.ManagedResourceMode
|
|
if len(parts) > 0 && parts[0] == "data" {
|
|
mode = config.DataResourceMode
|
|
// Don't need the constant "data" prefix for parsing
|
|
// now that we've figured out the mode.
|
|
parts = parts[1:]
|
|
}
|
|
if len(parts) < 2 || len(parts) > 3 {
|
|
return nil, fmt.Errorf("Malformed resource state key: %s", k)
|
|
}
|
|
rsk := &ResourceStateKey{
|
|
Mode: mode,
|
|
Type: parts[0],
|
|
Name: parts[1],
|
|
Index: -1,
|
|
}
|
|
if len(parts) == 3 {
|
|
index, err := strconv.Atoi(parts[2])
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Malformed resource state key index: %s", k)
|
|
}
|
|
rsk.Index = index
|
|
}
|
|
return rsk, nil
|
|
}
|
|
|
|
// ResourceState holds the state of a resource that is used so that
|
|
// a provider can find and manage an existing resource as well as for
|
|
// storing attributes that are used to populate variables of child
|
|
// resources.
|
|
//
|
|
// Attributes has attributes about the created resource that are
|
|
// queryable in interpolation: "${type.id.attr}"
|
|
//
|
|
// Extra is just extra data that a provider can return that we store
|
|
// for later, but is not exposed in any way to the user.
|
|
//
|
|
type ResourceState struct {
|
|
// This is filled in and managed by Terraform, and is the resource
|
|
// type itself such as "mycloud_instance". If a resource provider sets
|
|
// this value, it won't be persisted.
|
|
Type string `json:"type"`
|
|
|
|
// Dependencies are a list of things that this resource relies on
|
|
// existing to remain intact. For example: an AWS instance might
|
|
// depend on a subnet (which itself might depend on a VPC, and so
|
|
// on).
|
|
//
|
|
// Terraform uses this information to build valid destruction
|
|
// orders and to warn the user if they're destroying a resource that
|
|
// another resource depends on.
|
|
//
|
|
// Things can be put into this list that may not be managed by
|
|
// Terraform. If Terraform doesn't find a matching ID in the
|
|
// overall state, then it assumes it isn't managed and doesn't
|
|
// worry about it.
|
|
Dependencies []string `json:"depends_on"`
|
|
|
|
// Primary is the current active instance for this resource.
|
|
// It can be replaced but only after a successful creation.
|
|
// This is the instances on which providers will act.
|
|
Primary *InstanceState `json:"primary"`
|
|
|
|
// Deposed is used in the mechanics of CreateBeforeDestroy: the existing
|
|
// Primary is Deposed to get it out of the way for the replacement Primary to
|
|
// be created by Apply. If the replacement Primary creates successfully, the
|
|
// Deposed instance is cleaned up.
|
|
//
|
|
// If there were problems creating the replacement Primary, the Deposed
|
|
// instance and the (now tainted) replacement Primary will be swapped so the
|
|
// tainted replacement will be cleaned up instead.
|
|
//
|
|
// An instance will remain in the Deposed list until it is successfully
|
|
// destroyed and purged.
|
|
Deposed []*InstanceState `json:"deposed"`
|
|
|
|
// Provider is used when a resource is connected to a provider with an alias.
|
|
// If this string is empty, the resource is connected to the default provider,
|
|
// e.g. "aws_instance" goes with the "aws" provider.
|
|
// If the resource block contained a "provider" key, that value will be set here.
|
|
Provider string `json:"provider"`
|
|
|
|
mu sync.Mutex
|
|
}
|
|
|
|
func (s *ResourceState) Lock() { s.mu.Lock() }
|
|
func (s *ResourceState) Unlock() { s.mu.Unlock() }
|
|
|
|
// Equal tests whether two ResourceStates are equal.
|
|
func (s *ResourceState) Equal(other *ResourceState) bool {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
if s.Type != other.Type {
|
|
return false
|
|
}
|
|
|
|
if s.Provider != other.Provider {
|
|
return false
|
|
}
|
|
|
|
// Dependencies must be equal
|
|
sort.Strings(s.Dependencies)
|
|
sort.Strings(other.Dependencies)
|
|
if len(s.Dependencies) != len(other.Dependencies) {
|
|
return false
|
|
}
|
|
for i, d := range s.Dependencies {
|
|
if other.Dependencies[i] != d {
|
|
return false
|
|
}
|
|
}
|
|
|
|
// States must be equal
|
|
if !s.Primary.Equal(other.Primary) {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
// Taint marks a resource as tainted.
|
|
func (s *ResourceState) Taint() {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
if s.Primary != nil {
|
|
s.Primary.Tainted = true
|
|
}
|
|
}
|
|
|
|
// Untaint unmarks a resource as tainted.
|
|
func (s *ResourceState) Untaint() {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
if s.Primary != nil {
|
|
s.Primary.Tainted = false
|
|
}
|
|
}
|
|
|
|
func (s *ResourceState) init() {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
if s.Primary == nil {
|
|
s.Primary = &InstanceState{}
|
|
}
|
|
s.Primary.init()
|
|
|
|
if s.Dependencies == nil {
|
|
s.Dependencies = []string{}
|
|
}
|
|
|
|
if s.Deposed == nil {
|
|
s.Deposed = make([]*InstanceState, 0)
|
|
}
|
|
}
|
|
|
|
func (s *ResourceState) deepcopy() *ResourceState {
|
|
copy, err := copystructure.Config{Lock: true}.Copy(s)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return copy.(*ResourceState)
|
|
}
|
|
|
|
// prune is used to remove any instances that are no longer required
|
|
func (s *ResourceState) prune() {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
n := len(s.Deposed)
|
|
for i := 0; i < n; i++ {
|
|
inst := s.Deposed[i]
|
|
if inst == nil || inst.ID == "" {
|
|
copy(s.Deposed[i:], s.Deposed[i+1:])
|
|
s.Deposed[n-1] = nil
|
|
n--
|
|
i--
|
|
}
|
|
}
|
|
|
|
s.Deposed = s.Deposed[:n]
|
|
}
|
|
|
|
func (s *ResourceState) sort() {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
sort.Strings(s.Dependencies)
|
|
}
|
|
|
|
func (s *ResourceState) String() string {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
var buf bytes.Buffer
|
|
buf.WriteString(fmt.Sprintf("Type = %s", s.Type))
|
|
return buf.String()
|
|
}
|
|
|
|
// InstanceState is used to track the unique state information belonging
|
|
// to a given instance.
|
|
type InstanceState struct {
|
|
// A unique ID for this resource. This is opaque to Terraform
|
|
// and is only meant as a lookup mechanism for the providers.
|
|
ID string `json:"id"`
|
|
|
|
// Attributes are basic information about the resource. Any keys here
|
|
// are accessible in variable format within Terraform configurations:
|
|
// ${resourcetype.name.attribute}.
|
|
Attributes map[string]string `json:"attributes"`
|
|
|
|
// Ephemeral is used to store any state associated with this instance
|
|
// that is necessary for the Terraform run to complete, but is not
|
|
// persisted to a state file.
|
|
Ephemeral EphemeralState `json:"-"`
|
|
|
|
// Meta is a simple K/V map that is persisted to the State but otherwise
|
|
// ignored by Terraform core. It's meant to be used for accounting by
|
|
// external client code.
|
|
Meta map[string]string `json:"meta"`
|
|
|
|
// Tainted is used to mark a resource for recreation.
|
|
Tainted bool `json:"tainted"`
|
|
|
|
mu sync.Mutex
|
|
}
|
|
|
|
func (s *InstanceState) Lock() { s.mu.Lock() }
|
|
func (s *InstanceState) Unlock() { s.mu.Unlock() }
|
|
|
|
func (s *InstanceState) init() {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
if s.Attributes == nil {
|
|
s.Attributes = make(map[string]string)
|
|
}
|
|
if s.Meta == nil {
|
|
s.Meta = make(map[string]string)
|
|
}
|
|
s.Ephemeral.init()
|
|
}
|
|
|
|
// Copy all the Fields from another InstanceState
|
|
func (s *InstanceState) Set(from *InstanceState) {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
from.Lock()
|
|
defer from.Unlock()
|
|
|
|
s.ID = from.ID
|
|
s.Attributes = from.Attributes
|
|
s.Ephemeral = from.Ephemeral
|
|
s.Meta = from.Meta
|
|
s.Tainted = from.Tainted
|
|
}
|
|
|
|
func (s *InstanceState) DeepCopy() *InstanceState {
|
|
copy, err := copystructure.Config{Lock: true}.Copy(s)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return copy.(*InstanceState)
|
|
}
|
|
|
|
func (s *InstanceState) Empty() bool {
|
|
if s == nil {
|
|
return true
|
|
}
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
return s.ID == ""
|
|
}
|
|
|
|
func (s *InstanceState) Equal(other *InstanceState) bool {
|
|
// Short circuit some nil checks
|
|
if s == nil || other == nil {
|
|
return s == other
|
|
}
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
// IDs must be equal
|
|
if s.ID != other.ID {
|
|
return false
|
|
}
|
|
|
|
// Attributes must be equal
|
|
if len(s.Attributes) != len(other.Attributes) {
|
|
return false
|
|
}
|
|
for k, v := range s.Attributes {
|
|
otherV, ok := other.Attributes[k]
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
if v != otherV {
|
|
return false
|
|
}
|
|
}
|
|
|
|
// Meta must be equal
|
|
if len(s.Meta) != len(other.Meta) {
|
|
return false
|
|
}
|
|
for k, v := range s.Meta {
|
|
otherV, ok := other.Meta[k]
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
if v != otherV {
|
|
return false
|
|
}
|
|
}
|
|
|
|
if s.Tainted != other.Tainted {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
// MergeDiff takes a ResourceDiff and merges the attributes into
|
|
// this resource state in order to generate a new state. This new
|
|
// state can be used to provide updated attribute lookups for
|
|
// variable interpolation.
|
|
//
|
|
// If the diff attribute requires computing the value, and hence
|
|
// won't be available until apply, the value is replaced with the
|
|
// computeID.
|
|
func (s *InstanceState) MergeDiff(d *InstanceDiff) *InstanceState {
|
|
result := s.DeepCopy()
|
|
if result == nil {
|
|
result = new(InstanceState)
|
|
}
|
|
result.init()
|
|
|
|
if s != nil {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
for k, v := range s.Attributes {
|
|
result.Attributes[k] = v
|
|
}
|
|
}
|
|
if d != nil {
|
|
for k, diff := range d.CopyAttributes() {
|
|
if diff.NewRemoved {
|
|
delete(result.Attributes, k)
|
|
continue
|
|
}
|
|
if diff.NewComputed {
|
|
result.Attributes[k] = config.UnknownVariableValue
|
|
continue
|
|
}
|
|
|
|
result.Attributes[k] = diff.New
|
|
}
|
|
}
|
|
|
|
// Remove any now empty array, maps or sets because a parent structure
|
|
// won't include these entries in the count value.
|
|
isCount := regexp.MustCompile(`\.[%#]$`).MatchString
|
|
var deleted []string
|
|
|
|
for k, v := range result.Attributes {
|
|
if isCount(k) && v == "0" {
|
|
delete(result.Attributes, k)
|
|
deleted = append(deleted, k)
|
|
}
|
|
}
|
|
|
|
for _, k := range deleted {
|
|
// Sanity check for invalid structures.
|
|
// If we removed the primary count key, there should have been no
|
|
// other keys left with this prefix.
|
|
|
|
// this must have a "#" or "%" which we need to remove
|
|
base := k[:len(k)-1]
|
|
for k, _ := range result.Attributes {
|
|
if strings.HasPrefix(k, base) {
|
|
panic(fmt.Sprintf("empty structure %q has entry %q", base, k))
|
|
}
|
|
}
|
|
}
|
|
|
|
return result
|
|
}
|
|
|
|
func (s *InstanceState) String() string {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
|
|
var buf bytes.Buffer
|
|
|
|
if s == nil || s.ID == "" {
|
|
return "<not created>"
|
|
}
|
|
|
|
buf.WriteString(fmt.Sprintf("ID = %s\n", s.ID))
|
|
|
|
attributes := s.Attributes
|
|
attrKeys := make([]string, 0, len(attributes))
|
|
for ak, _ := range attributes {
|
|
if ak == "id" {
|
|
continue
|
|
}
|
|
|
|
attrKeys = append(attrKeys, ak)
|
|
}
|
|
sort.Strings(attrKeys)
|
|
|
|
for _, ak := range attrKeys {
|
|
av := attributes[ak]
|
|
buf.WriteString(fmt.Sprintf("%s = %s\n", ak, av))
|
|
}
|
|
|
|
buf.WriteString(fmt.Sprintf("Tainted = %t\n", s.Tainted))
|
|
|
|
return buf.String()
|
|
}
|
|
|
|
// EphemeralState is used for transient state that is only kept in-memory
|
|
type EphemeralState struct {
|
|
// ConnInfo is used for the providers to export information which is
|
|
// used to connect to the resource for provisioning. For example,
|
|
// this could contain SSH or WinRM credentials.
|
|
ConnInfo map[string]string `json:"-"`
|
|
|
|
// Type is used to specify the resource type for this instance. This is only
|
|
// required for import operations (as documented). If the documentation
|
|
// doesn't state that you need to set this, then don't worry about
|
|
// setting it.
|
|
Type string `json:"-"`
|
|
}
|
|
|
|
func (e *EphemeralState) init() {
|
|
if e.ConnInfo == nil {
|
|
e.ConnInfo = make(map[string]string)
|
|
}
|
|
}
|
|
|
|
func (e *EphemeralState) DeepCopy() *EphemeralState {
|
|
copy, err := copystructure.Config{Lock: true}.Copy(e)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return copy.(*EphemeralState)
|
|
}
|
|
|
|
type jsonStateVersionIdentifier struct {
|
|
Version int `json:"version"`
|
|
}
|
|
|
|
// Check if this is a V0 format - the magic bytes at the start of the file
|
|
// should be "tfstate" if so. We no longer support upgrading this type of
|
|
// state but return an error message explaining to a user how they can
|
|
// upgrade via the 0.6.x series.
|
|
func testForV0State(buf *bufio.Reader) error {
|
|
start, err := buf.Peek(len("tfstate"))
|
|
if err != nil {
|
|
return fmt.Errorf("Failed to check for magic bytes: %v", err)
|
|
}
|
|
if string(start) == "tfstate" {
|
|
return fmt.Errorf("Terraform 0.7 no longer supports upgrading the binary state\n" +
|
|
"format which was used prior to Terraform 0.3. Please upgrade\n" +
|
|
"this state file using Terraform 0.6.16 prior to using it with\n" +
|
|
"Terraform 0.7.")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ReadState reads a state structure out of a reader in the format that
|
|
// was written by WriteState.
|
|
func ReadState(src io.Reader) (*State, error) {
|
|
buf := bufio.NewReader(src)
|
|
|
|
if err := testForV0State(buf); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// If we are JSON we buffer the whole thing in memory so we can read it twice.
|
|
// This is suboptimal, but will work for now.
|
|
jsonBytes, err := ioutil.ReadAll(buf)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Reading state file failed: %v", err)
|
|
}
|
|
|
|
versionIdentifier := &jsonStateVersionIdentifier{}
|
|
if err := json.Unmarshal(jsonBytes, versionIdentifier); err != nil {
|
|
return nil, fmt.Errorf("Decoding state file version failed: %v", err)
|
|
}
|
|
|
|
var result *State
|
|
switch versionIdentifier.Version {
|
|
case 0:
|
|
return nil, fmt.Errorf("State version 0 is not supported as JSON.")
|
|
case 1:
|
|
v1State, err := ReadStateV1(jsonBytes)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
v2State, err := upgradeStateV1ToV2(v1State)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
v3State, err := upgradeStateV2ToV3(v2State)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// increment the Serial whenever we upgrade state
|
|
v3State.Serial++
|
|
result = v3State
|
|
case 2:
|
|
v2State, err := ReadStateV2(jsonBytes)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
v3State, err := upgradeStateV2ToV3(v2State)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
v3State.Serial++
|
|
result = v3State
|
|
case 3:
|
|
v3State, err := ReadStateV3(jsonBytes)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
result = v3State
|
|
default:
|
|
return nil, fmt.Errorf("Terraform %s does not support state version %d, please update.",
|
|
SemVersion.String(), versionIdentifier.Version)
|
|
}
|
|
|
|
// If we reached this place we must have a result set
|
|
if result == nil {
|
|
panic("resulting state in load not set, assertion failed")
|
|
}
|
|
|
|
// Prune the state when read it. Its possible to write unpruned states or
|
|
// for a user to make a state unpruned (nil-ing a module state for example).
|
|
result.prune()
|
|
|
|
// Validate the state file is valid
|
|
if err := result.Validate(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func ReadStateV1(jsonBytes []byte) (*stateV1, error) {
|
|
v1State := &stateV1{}
|
|
if err := json.Unmarshal(jsonBytes, v1State); err != nil {
|
|
return nil, fmt.Errorf("Decoding state file failed: %v", err)
|
|
}
|
|
|
|
if v1State.Version != 1 {
|
|
return nil, fmt.Errorf("Decoded state version did not match the decoder selection: "+
|
|
"read %d, expected 1", v1State.Version)
|
|
}
|
|
|
|
return v1State, nil
|
|
}
|
|
|
|
func ReadStateV2(jsonBytes []byte) (*State, error) {
|
|
state := &State{}
|
|
if err := json.Unmarshal(jsonBytes, state); err != nil {
|
|
return nil, fmt.Errorf("Decoding state file failed: %v", err)
|
|
}
|
|
|
|
// Check the version, this to ensure we don't read a future
|
|
// version that we don't understand
|
|
if state.Version > StateVersion {
|
|
return nil, fmt.Errorf("Terraform %s does not support state version %d, please update.",
|
|
SemVersion.String(), state.Version)
|
|
}
|
|
|
|
// Make sure the version is semantic
|
|
if state.TFVersion != "" {
|
|
if _, err := version.NewVersion(state.TFVersion); err != nil {
|
|
return nil, fmt.Errorf(
|
|
"State contains invalid version: %s\n\n"+
|
|
"Terraform validates the version format prior to writing it. This\n"+
|
|
"means that this is invalid of the state becoming corrupted through\n"+
|
|
"some external means. Please manually modify the Terraform version\n"+
|
|
"field to be a proper semantic version.",
|
|
state.TFVersion)
|
|
}
|
|
}
|
|
|
|
// Sort it
|
|
state.sort()
|
|
|
|
// catch any unitialized fields in the state
|
|
state.init()
|
|
|
|
return state, nil
|
|
}
|
|
|
|
func ReadStateV3(jsonBytes []byte) (*State, error) {
|
|
state := &State{}
|
|
if err := json.Unmarshal(jsonBytes, state); err != nil {
|
|
return nil, fmt.Errorf("Decoding state file failed: %v", err)
|
|
}
|
|
|
|
// Check the version, this to ensure we don't read a future
|
|
// version that we don't understand
|
|
if state.Version > StateVersion {
|
|
return nil, fmt.Errorf("Terraform %s does not support state version %d, please update.",
|
|
SemVersion.String(), state.Version)
|
|
}
|
|
|
|
// Make sure the version is semantic
|
|
if state.TFVersion != "" {
|
|
if _, err := version.NewVersion(state.TFVersion); err != nil {
|
|
return nil, fmt.Errorf(
|
|
"State contains invalid version: %s\n\n"+
|
|
"Terraform validates the version format prior to writing it. This\n"+
|
|
"means that this is invalid of the state becoming corrupted through\n"+
|
|
"some external means. Please manually modify the Terraform version\n"+
|
|
"field to be a proper semantic version.",
|
|
state.TFVersion)
|
|
}
|
|
}
|
|
|
|
// Sort it
|
|
state.sort()
|
|
|
|
// catch any unitialized fields in the state
|
|
state.init()
|
|
|
|
// Now we write the state back out to detect any changes in normaliztion.
|
|
// If our state is now written out differently, bump the serial number to
|
|
// prevent conflicts.
|
|
var buf bytes.Buffer
|
|
err := WriteState(state, &buf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if !bytes.Equal(jsonBytes, buf.Bytes()) {
|
|
log.Println("[INFO] state modified during read or write. incrementing serial number")
|
|
state.Serial++
|
|
}
|
|
|
|
return state, nil
|
|
}
|
|
|
|
// WriteState writes a state somewhere in a binary format.
|
|
func WriteState(d *State, dst io.Writer) error {
|
|
// Make sure it is sorted
|
|
d.sort()
|
|
|
|
// make sure we have no uninitialized fields
|
|
d.init()
|
|
|
|
// Ensure the version is set
|
|
d.Version = StateVersion
|
|
|
|
// If the TFVersion is set, verify it. We used to just set the version
|
|
// here, but this isn't safe since it changes the MD5 sum on some remote
|
|
// state storage backends such as Atlas. We now leave it be if needed.
|
|
if d.TFVersion != "" {
|
|
if _, err := version.NewVersion(d.TFVersion); err != nil {
|
|
return fmt.Errorf(
|
|
"Error writing state, invalid version: %s\n\n"+
|
|
"The Terraform version when writing the state must be a semantic\n"+
|
|
"version.",
|
|
d.TFVersion)
|
|
}
|
|
}
|
|
|
|
// Encode the data in a human-friendly way
|
|
data, err := json.MarshalIndent(d, "", " ")
|
|
if err != nil {
|
|
return fmt.Errorf("Failed to encode state: %s", err)
|
|
}
|
|
|
|
// We append a newline to the data because MarshalIndent doesn't
|
|
data = append(data, '\n')
|
|
|
|
// Write the data out to the dst
|
|
if _, err := io.Copy(dst, bytes.NewReader(data)); err != nil {
|
|
return fmt.Errorf("Failed to write state: %v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// moduleStateSort implements sort.Interface to sort module states
|
|
type moduleStateSort []*ModuleState
|
|
|
|
func (s moduleStateSort) Len() int {
|
|
return len(s)
|
|
}
|
|
|
|
func (s moduleStateSort) Less(i, j int) bool {
|
|
a := s[i]
|
|
b := s[j]
|
|
|
|
// If either is nil, then the nil one is "less" than
|
|
if a == nil || b == nil {
|
|
return a == nil
|
|
}
|
|
|
|
// If the lengths are different, then the shorter one always wins
|
|
if len(a.Path) != len(b.Path) {
|
|
return len(a.Path) < len(b.Path)
|
|
}
|
|
|
|
// Otherwise, compare lexically
|
|
return strings.Join(a.Path, ".") < strings.Join(b.Path, ".")
|
|
}
|
|
|
|
func (s moduleStateSort) Swap(i, j int) {
|
|
s[i], s[j] = s[j], s[i]
|
|
}
|
|
|
|
const stateValidateErrMultiModule = `
|
|
Multiple modules with the same path: %s
|
|
|
|
This means that there are multiple entries in the "modules" field
|
|
in your state file that point to the same module. This will cause Terraform
|
|
to behave in unexpected and error prone ways and is invalid. Please back up
|
|
and modify your state file manually to resolve this.
|
|
`
|