upstream/terraform
1
0
Fork 0
mirror of https://github.com/hashicorp/terraform.git synced 2026-03-21 18:10:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
terraform/internal/plans/changes_src.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

645 lines
20 KiB
Go
Raw Permalink Normal View History

[COMPLIANCE] Add Copyright and License Headers
2023-05-02 11:33:06 -04:00
// Copyright IBM Corp. 2014, 2026
Update copyright file headers to BUSL-1.1
2023-08-10 18:43:27 -04:00
// SPDX-License-Identifier: BUSL-1.1
[COMPLIANCE] Add Copyright and License Headers
2023-05-02 11:33:06 -04:00
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
package plans
import (
"fmt"
Handle marks a little more consistently In the very first implementation of "sensitive values" we were unfortunately not disciplined about separating the idea of "marked value" from the idea of "sensitive value" (where the latter is a subset of the former). The first implementation just assumed that any marking whatsoever meant "sensitive". We later improved that by adding the marks package and the marks.Sensitive value to standardize on the representation of "sensitive value" as being a value marked with _that specific mark_. However, we did not perform a thorough review of all of the mark-handling codepaths to make sure they all agreed on that definition. In particular, the state and plan models were both designed as if they supported arbitrary marks but then in practice marks other than marks.Sensitive would be handled in various inconsistent ways: dropped entirely, or interpreted as if marks.Sensitive, and possibly do so inconsistently when a value is used only in memory vs. round-tripped through a wire/file format. The goal of this commit is to resolve those oddities so that there are now two possible situations: - General mark handling: some codepaths genuinely handle marks generically, by transporting them from input value to output value in a way consistent with how cty itself deals with marks. This is the ideal case because it means we can add new marks in future and assume these codepaths will handle them correctly without any further modifications. - Sensitive-only mark preservation: the codepaths that interact with our wire protocols and file formats typically have only specialized support for sensitive values in particular, and lack support for any other marks. Those codepaths are now subject to a new rule where they must return an error if asked to deal with any other mark, so that if we introduce new marks in future we'll be forced either to define how we'll avoid those markings reaching the file/wire formats or extend the file/wire formats to support the new marks. Some new helper functions in package marks are intended to standardize how we deal with the "sensitive values only" situations, in the hope that this will make it easier to keep things consistent as the codebase evolves in future. In practice the modules runtime only ever uses marks.Sensitive as a mark today, so all of these checks are effectively covering "should never happen" cases. The only other mark Terraform uses is an implementation detail of "terraform console" and does not interact with any of the codepaths that only support sensitive values in particular.
2024-04-16 20:20:33 -04:00
"github.com/zclconf/go-cty/cty"
Move addrs/ to internal/addrs/ This is part of a general effort to move all of Terraform's non-library package surface under internal in order to reinforce that these are for internal use within Terraform only. If you were previously importing packages under this prefix into an external codebase, you could pin to an earlier release tag as an interim solution until you've make a plan to achieve the same functionality some other way.
2021-05-17 15:00:50 -04:00
"github.com/hashicorp/terraform/internal/addrs"
Generate config for list results (#37173)
2025-07-04 05:35:39 -04:00
"github.com/hashicorp/terraform/internal/genconfig"
Handle marks a little more consistently In the very first implementation of "sensitive values" we were unfortunately not disciplined about separating the idea of "marked value" from the idea of "sensitive value" (where the latter is a subset of the former). The first implementation just assumed that any marking whatsoever meant "sensitive". We later improved that by adding the marks package and the marks.Sensitive value to standardize on the representation of "sensitive value" as being a value marked with _that specific mark_. However, we did not perform a thorough review of all of the mark-handling codepaths to make sure they all agreed on that definition. In particular, the state and plan models were both designed as if they supported arbitrary marks but then in practice marks other than marks.Sensitive would be handled in various inconsistent ways: dropped entirely, or interpreted as if marks.Sensitive, and possibly do so inconsistently when a value is used only in memory vs. round-tripped through a wire/file format. The goal of this commit is to resolve those oddities so that there are now two possible situations: - General mark handling: some codepaths genuinely handle marks generically, by transporting them from input value to output value in a way consistent with how cty itself deals with marks. This is the ideal case because it means we can add new marks in future and assume these codepaths will handle them correctly without any further modifications. - Sensitive-only mark preservation: the codepaths that interact with our wire protocols and file formats typically have only specialized support for sensitive values in particular, and lack support for any other marks. Those codepaths are now subject to a new rule where they must return an error if asked to deal with any other mark, so that if we introduce new marks in future we'll be forced either to define how we'll avoid those markings reaching the file/wire formats or extend the file/wire formats to support the new marks. Some new helper functions in package marks are intended to standardize how we deal with the "sensitive values only" situations, in the hope that this will make it easier to keep things consistent as the codebase evolves in future. In practice the modules runtime only ever uses marks.Sensitive as a mark today, so all of these checks are effectively covering "should never happen" cases. The only other mark Terraform uses is an implementation detail of "terraform console" and does not interact with any of the codepaths that only support sensitive values in particular.
2024-04-16 20:20:33 -04:00
"github.com/hashicorp/terraform/internal/lang/marks"
have change sets manage encoding and decoding Add Changes.Encode and ChangesSrc.Decode to put all encoding and decoding in a single place.
2024-08-12 12:42:46 -04:00
"github.com/hashicorp/terraform/internal/providers"
"github.com/hashicorp/terraform/internal/schemarepo"
Move states/ to internal/states/ This is part of a general effort to move all of Terraform's non-library package surface under internal in order to reinforce that these are for internal use within Terraform only. If you were previously importing packages under this prefix into an external codebase, you could pin to an earlier release tag as an interim solution until you've make a plan to achieve the same functionality some other way.
2021-05-17 15:43:35 -04:00
"github.com/hashicorp/terraform/internal/states"
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
)
Update tests to match new changes types Changes now stores Changes rather than ChangeSrcs, and ChangeSrcs are stored in ChangesSrc
2024-08-12 11:36:44 -04:00
// ChangesSrc describes various actions that Terraform will attempt to take if
// the corresponding plan is applied.
//
// A Changes object can be rendered into a visual diff (by the caller, using
// code in another package) for display to the user.
type ChangesSrc struct {
// Resources tracks planned changes to resource instance objects.
Resources []*ResourceInstanceChangeSrc
Add `terraform query` subcommand (TF-25494) (#37174) * WIP * Reuse plan command for query CLI * Basic CLI output * Only fail a list request on error * poc: store query results in separate field * WIP: odd mixture between JSONs * Fix list references * Separate JSON rendering The structured JSON now only logs a status on which list query is currently running. The new jsonlist package can marshal the query fields of a plan. * Remove matcher * Store results in an extra struct * Structured list result logging * Move list result output into hooks * Add help text and additional flag * Disable query runs with the cloud backend for now * Review feedback
2025-07-02 09:06:25 -04:00
Queries []*QueryInstanceSrc
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
// ActionInvocations tracks planned action invocations, which may have
// embedded resource instance changes.
ensure we encode action invocations from change to changesrc
2025-07-17 10:15:20 -04:00
ActionInvocations []*ActionInvocationInstanceSrc
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
Update tests to match new changes types Changes now stores Changes rather than ChangeSrcs, and ChangeSrcs are stored in ChangesSrc
2024-08-12 11:36:44 -04:00
// Outputs tracks planned changes output values.
//
// Note that although an in-memory plan contains planned changes for
// outputs throughout the configuration, a plan serialized
// to disk retains only the root outputs because they are
// externally-visible, while other outputs are implementation details and
// can be easily re-calculated during the apply phase. Therefore only root
// module outputs will survive a round-trip through a plan file.
Outputs []*OutputChangeSrc
}
func NewChangesSrc() *ChangesSrc {
return &ChangesSrc{}
}
func (c *ChangesSrc) Empty() bool {
for _, res := range c.Resources {
if res.Action != NoOp || res.Moved() {
return false
}
if res.Importing != nil {
return false
}
}
for _, out := range c.Outputs {
if out.Addr.Module.IsRoot() && out.Action != NoOp {
return false
}
}
actions: add invoke nodes to the graph (#37521) * actions: add invoke graph nodes * fix small bugs * add additional tests * remove whitespace * fix copyright headers * go generate * address comments
2025-08-29 08:43:09 -04:00
if len(c.ActionInvocations) > 0 {
// action invocations can be applied
return false
}
Update tests to match new changes types Changes now stores Changes rather than ChangeSrcs, and ChangeSrcs are stored in ChangesSrc
2024-08-12 11:36:44 -04:00
return true
}
// ResourceInstance returns the planned change for the current object of the
// resource instance of the given address, if any. Returns nil if no change is
// planned.
func (c *ChangesSrc) ResourceInstance(addr addrs.AbsResourceInstance) *ResourceInstanceChangeSrc {
for _, rc := range c.Resources {
if rc.Addr.Equal(addr) && rc.DeposedKey == states.NotDeposed {
return rc
}
}
return nil
}
// ResourceInstanceDeposed returns the plan change of a deposed object of
// the resource instance of the given address, if any. Returns nil if no change
// is planned.
func (c *ChangesSrc) ResourceInstanceDeposed(addr addrs.AbsResourceInstance, key states.DeposedKey) *ResourceInstanceChangeSrc {
for _, rc := range c.Resources {
if rc.Addr.Equal(addr) && rc.DeposedKey == key {
return rc
}
}
return nil
}
// OutputValue returns the planned change for the output value with the
//
// given address, if any. Returns nil if no change is planned.
func (c *ChangesSrc) OutputValue(addr addrs.AbsOutputValue) *OutputChangeSrc {
for _, oc := range c.Outputs {
if oc.Addr.Equal(addr) {
return oc
}
}
return nil
}
have change sets manage encoding and decoding Add Changes.Encode and ChangesSrc.Decode to put all encoding and decoding in a single place.
2024-08-12 12:42:46 -04:00
// Decode decodes all the stored resource and output changes into a new *Changes value.
func (c *ChangesSrc) Decode(schemas *schemarepo.Schemas) (*Changes, error) {
changes := NewChanges()
for _, rcs := range c.Resources {
p, ok := schemas.Providers[rcs.ProviderAddr.Provider]
if !ok {
return nil, fmt.Errorf("ChangesSrc.Decode: missing provider %s for %s", rcs.ProviderAddr, rcs.Addr)
}
var schema providers.Schema
switch rcs.Addr.Resource.Resource.Mode {
case addrs.ManagedResourceMode:
schema = p.ResourceTypes[rcs.Addr.Resource.Resource.Type]
case addrs.DataResourceMode:
schema = p.DataSources[rcs.Addr.Resource.Resource.Type]
default:
panic(fmt.Sprintf("unexpected resource mode %s", rcs.Addr.Resource.Resource.Mode))
}
Rename schema.Block to Body (#36629)
2025-03-04 10:33:43 -05:00
if schema.Body == nil {
have change sets manage encoding and decoding Add Changes.Encode and ChangesSrc.Decode to put all encoding and decoding in a single place.
2024-08-12 12:42:46 -04:00
return nil, fmt.Errorf("ChangesSrc.Decode: missing schema for %s", rcs.Addr)
}
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
rc, err := rcs.Decode(schema)
have change sets manage encoding and decoding Add Changes.Encode and ChangesSrc.Decode to put all encoding and decoding in a single place.
2024-08-12 12:42:46 -04:00
if err != nil {
return nil, err
}
rc.Before = marks.MarkPaths(rc.Before, marks.Sensitive, rcs.BeforeSensitivePaths)
rc.After = marks.MarkPaths(rc.After, marks.Sensitive, rcs.AfterSensitivePaths)
changes.Resources = append(changes.Resources, rc)
}
Add `terraform query` subcommand (TF-25494) (#37174) * WIP * Reuse plan command for query CLI * Basic CLI output * Only fail a list request on error * poc: store query results in separate field * WIP: odd mixture between JSONs * Fix list references * Separate JSON rendering The structured JSON now only logs a status on which list query is currently running. The new jsonlist package can marshal the query fields of a plan. * Remove matcher * Store results in an extra struct * Structured list result logging * Move list result output into hooks * Add help text and additional flag * Disable query runs with the cloud backend for now * Review feedback
2025-07-02 09:06:25 -04:00
for _, qis := range c.Queries {
p, ok := schemas.Providers[qis.ProviderAddr.Provider]
if !ok {
return nil, fmt.Errorf("ChangesSrc.Decode: missing provider %s for %s", qis.ProviderAddr, qis.Addr)
}
schema := p.ListResourceTypes[qis.Addr.Resource.Resource.Type]
if schema.Body == nil {
return nil, fmt.Errorf("ChangesSrc.Decode: missing schema for %s", qis.Addr)
}
query, err := qis.Decode(schema)
if err != nil {
return nil, err
}
changes.Queries = append(changes.Queries, query)
}
ensure we encode action invocations from change to changesrc
2025-07-17 10:15:20 -04:00
for _, ais := range c.ActionInvocations {
display lifecycle triggered actions aside their triggering resources
2025-07-28 09:56:20 -04:00
p, ok := schemas.Providers[ais.ProviderAddr.Provider]
if !ok {
return nil, fmt.Errorf("ChangesSrc.Decode: missing provider %s for %s", ais.ProviderAddr, ais.Addr)
}
schema, ok := p.Actions[ais.Addr.Action.Action.Type]
if !ok {
return nil, fmt.Errorf("ChangesSrc.Decode: missing schema for %s", ais.Addr.Action.Action.Type)
}
action, err := ais.Decode(&schema)
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
if err != nil {
return nil, err
}
changes.ActionInvocations = append(changes.ActionInvocations, action)
}
have change sets manage encoding and decoding Add Changes.Encode and ChangesSrc.Decode to put all encoding and decoding in a single place.
2024-08-12 12:42:46 -04:00
for _, ocs := range c.Outputs {
oc, err := ocs.Decode()
if err != nil {
return nil, err
}
changes.Outputs = append(changes.Outputs, oc)
}
return changes, nil
}
update changes in command pkgs
2024-08-12 14:28:26 -04:00
// AppendResourceInstanceChange records the given resource instance change in
// the set of planned resource changes.
func (c *ChangesSrc) AppendResourceInstanceChange(change *ResourceInstanceChangeSrc) {
if c == nil {
panic("AppendResourceInstanceChange on nil ChangesSync")
}
s := change.DeepCopy()
c.Resources = append(c.Resources, s)
}
Add `terraform query` subcommand (TF-25494) (#37174) * WIP * Reuse plan command for query CLI * Basic CLI output * Only fail a list request on error * poc: store query results in separate field * WIP: odd mixture between JSONs * Fix list references * Separate JSON rendering The structured JSON now only logs a status on which list query is currently running. The new jsonlist package can marshal the query fields of a plan. * Remove matcher * Store results in an extra struct * Structured list result logging * Move list result output into hooks * Add help text and additional flag * Disable query runs with the cloud backend for now * Review feedback
2025-07-02 09:06:25 -04:00
type QueryInstanceSrc struct {
Generate config for list results (#37173)
2025-07-04 05:35:39 -04:00
Addr addrs.AbsResourceInstance
Add `terraform query` subcommand (TF-25494) (#37174) * WIP * Reuse plan command for query CLI * Basic CLI output * Only fail a list request on error * poc: store query results in separate field * WIP: odd mixture between JSONs * Fix list references * Separate JSON rendering The structured JSON now only logs a status on which list query is currently running. The new jsonlist package can marshal the query fields of a plan. * Remove matcher * Store results in an extra struct * Structured list result logging * Move list result output into hooks * Add help text and additional flag * Disable query runs with the cloud backend for now * Review feedback
2025-07-02 09:06:25 -04:00
ProviderAddr addrs.AbsProviderConfig
Generate config for list results (#37173)
2025-07-04 05:35:39 -04:00
Results DynamicValue
use the new genconfig types throughout
2025-08-27 16:26:28 -04:00
Generated genconfig.ImportGroup
Add `terraform query` subcommand (TF-25494) (#37174) * WIP * Reuse plan command for query CLI * Basic CLI output * Only fail a list request on error * poc: store query results in separate field * WIP: odd mixture between JSONs * Fix list references * Separate JSON rendering The structured JSON now only logs a status on which list query is currently running. The new jsonlist package can marshal the query fields of a plan. * Remove matcher * Store results in an extra struct * Structured list result logging * Move list result output into hooks * Add help text and additional flag * Disable query runs with the cloud backend for now * Review feedback
2025-07-02 09:06:25 -04:00
}
func (qis *QueryInstanceSrc) Decode(schema providers.Schema) (*QueryInstance, error) {
query, err := qis.Results.Decode(schema.Body.ImpliedType())
if err != nil {
return nil, err
}
return &QueryInstance{
Addr: qis.Addr,
Results: QueryResults{
Generate config for list results (#37173)
2025-07-04 05:35:39 -04:00
Value: query,
Generated: qis.Generated,
Add `terraform query` subcommand (TF-25494) (#37174) * WIP * Reuse plan command for query CLI * Basic CLI output * Only fail a list request on error * poc: store query results in separate field * WIP: odd mixture between JSONs * Fix list references * Separate JSON rendering The structured JSON now only logs a status on which list query is currently running. The new jsonlist package can marshal the query fields of a plan. * Remove matcher * Store results in an extra struct * Structured list result logging * Move list result output into hooks * Add help text and additional flag * Disable query runs with the cloud backend for now * Review feedback
2025-07-02 09:06:25 -04:00
},
ProviderAddr: qis.ProviderAddr,
}, nil
}
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
// ResourceInstanceChangeSrc is a not-yet-decoded ResourceInstanceChange.
// Pass the associated resource type's schema type to method Decode to
fix typo ResourceInstancChange to ResourceInstanceChange
2020-05-13 04:14:58 -04:00
// obtain a ResourceInstanceChange.
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
type ResourceInstanceChangeSrc struct {
// Addr is the absolute address of the resource instance that the change
// will apply to.
plans: ResourceInstanceChange.ObjectAddr We've now many times made the mistake of thinking that the resource instance address is a suitable unique identifier for a resource instance change in a plan -- the name certainly seems to suggest it -- but really these represent changes to resource instance _objects_ and so it's important to also include the DeposedKey field as part of the unique identifier for a change. Now we'll expose ObjectAddr as a new method that returns the two together for convenient use as a single address value, along with adding some commentary to the fields to make it clearer that Addr is not sufficient. Ideally we'd rename Addr to make it less of an attractive nuisance, but that was too invasive a change for today so will need to wait for another time.
2023-10-10 19:25:56 -04:00
//
// THIS IS NOT A SUFFICIENT UNIQUE IDENTIFIER! It doesn't consider the
// fact that multiple objects for the same resource instance might be
// present in the same plan; use the ObjectAddr method instead if you
// need a unique address for a particular change.
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
Addr addrs.AbsResourceInstance
plans: ResourceInstanceChange.ObjectAddr We've now many times made the mistake of thinking that the resource instance address is a suitable unique identifier for a resource instance change in a plan -- the name certainly seems to suggest it -- but really these represent changes to resource instance _objects_ and so it's important to also include the DeposedKey field as part of the unique identifier for a change. Now we'll expose ObjectAddr as a new method that returns the two together for convenient use as a single address value, along with adding some commentary to the fields to make it clearer that Addr is not sufficient. Ideally we'd rename Addr to make it less of an attractive nuisance, but that was too invasive a change for today so will need to wait for another time.
2023-10-10 19:25:56 -04:00
// DeposedKey is the identifier for a deposed object associated with the
// given instance, or states.NotDeposed if this change applies to the
// current object.
//
// A Replace change for a resource with create_before_destroy set will
// create a new DeposedKey temporarily during replacement. In that case,
// DeposedKey in the plan is always states.NotDeposed, representing that
// the current object is being replaced with the deposed.
DeposedKey states.DeposedKey
Field for the previous address of each resource instance in the plan In order to expose the effect of any relevant "moved" statements we dealt with prior to creating the plan, we'll record with each ResourceInstanceChange both is current address and the address it was tracked at for the previous run. To save consumers of these objects from having to special-case the situation where there _was_ no previous run (e.g. because this is a Create change), we'll just pretend the previous run address was the same as the current address in that case, the same as for an update without any renaming in effect. This includes a breaking change to the plan file format, but one that doesn't require a version number increment because there is no ambiguity between the two formats and so mismatched parsers will already fail with an error message. As of this commit we've just added the new field but not yet populated it with any useful information: it always just matches Addr. A future commit will wire this up to the result of applying the moves so that we can populate it correctly. We also don't yet expose this new information anywhere in the UI layer.
2021-08-20 19:08:12 -04:00
// PrevRunAddr is the absolute address that this resource instance had at
// the conclusion of a previous run.
//
// This will typically be the same as Addr, but can be different if the
// previous resource instance was subject to a "moved" block that we
// handled in the process of creating this plan.
//
// For the initial creation of a resource instance there isn't really any
// meaningful "previous run address", but PrevRunAddr will still be set
// equal to Addr in that case in order to simplify logic elsewhere which
// aims to detect and react to the movement of instances between addresses.
PrevRunAddr addrs.AbsResourceInstance
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
// Provider is the address of the provider configuration that was used
// to plan this change, and thus the configuration that must also be
// used to apply it.
ProviderAddr addrs.AbsProviderConfig
// ChangeSrc is an embedded description of the not-yet-decoded change.
ChangeSrc
plans: Record private data bytes as part of resource change This allows a provider to retain arbitrary extra data in the plan and make use of it during apply. The contents are not used by Terraform and never shown to the user.
2018-08-17 20:22:18 -04:00
plans: Track an optional extra "reason" for some planned actions Previously we were repeating some logic in the UI layer in order to recover relevant additional context about a change to report to a user. In order to help keep things consistent, and to have a clearer path for adding more such things in the future, here we capture this user-facing idea of an "action reason" within the plan model, and then use that directly in order to decide how to describe the change to the user. For the moment the "tainted" situation is the only one that gets a special message, matching what we had before, but we can expand on this in future in order to give better feedback about the other replace situations too. This also preemptively includes the "replacing by request" reason, which is currently not reachable but will be used in the near future as part of implementing the -replace=... plan command line option to allow forcing a particular object to be replaced. So far we don't have any special reasons for anything other than replacing, which makes sense because replacing is the only one that is in a sense a special case of another action (Update), but this could expand to other kinds of reasons in the future, such as explaining which of the few different reasons a data source read might be deferred until the apply step.
2021-04-28 15:02:34 -04:00
// ActionReason is an optional extra indication of why we chose the
// action recorded in Change.Action for this particular resource instance.
//
// This is an approximate mechanism only for the purpose of explaining the
// plan to end-users in the UI and is not to be used for any
// decision-making during the apply step; if apply behavior needs to vary
// depending on the "action reason" then the information for that decision
// must be recorded more precisely elsewhere for that purpose.
//
// See the field of the same name in ResourceInstanceChange for more
// details.
ActionReason ResourceInstanceChangeActionReason
terraform: More wiring in of new provider types This doesn't actually work yet, but it builds and then panics in a pretty satisfying way.
2018-08-24 19:13:50 -04:00
// RequiredReplace is a set of paths that caused the change action to be
// Replace rather than Update. Always nil if the change action is not
// Replace.
plans: Track RequiredReplace as a cty.PathSet We were previously tracking this as a []cty.Path, but having it turned into a pathset on creation makes downstream use of it more convenient and ensures that it'll obey expected invariants like not containing the same path twice.
2018-08-29 14:25:09 -04:00
RequiredReplace cty.PathSet
terraform: More wiring in of new provider types This doesn't actually work yet, but it builds and then panics in a pretty satisfying way.
2018-08-24 19:13:50 -04:00
plans: Record private data bytes as part of resource change This allows a provider to retain arbitrary extra data in the plan and make use of it during apply. The contents are not used by Terraform and never shown to the user.
2018-08-17 20:22:18 -04:00
// Private allows a provider to stash any extra data that is opaque to
// Terraform that relates to this change. Terraform will save this
// byte-for-byte and return it to the provider in the apply call.
Private []byte
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
}
plans: ResourceInstanceChange.ObjectAddr We've now many times made the mistake of thinking that the resource instance address is a suitable unique identifier for a resource instance change in a plan -- the name certainly seems to suggest it -- but really these represent changes to resource instance _objects_ and so it's important to also include the DeposedKey field as part of the unique identifier for a change. Now we'll expose ObjectAddr as a new method that returns the two together for convenient use as a single address value, along with adding some commentary to the fields to make it clearer that Addr is not sufficient. Ideally we'd rename Addr to make it less of an attractive nuisance, but that was too invasive a change for today so will need to wait for another time.
2023-10-10 19:25:56 -04:00
func (rcs *ResourceInstanceChangeSrc) ObjectAddr() addrs.AbsResourceInstanceObject {
return addrs.AbsResourceInstanceObject{
ResourceInstance: rcs.Addr,
DeposedKey: rcs.DeposedKey,
}
}
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
// Decode unmarshals the raw representation of the instance object being
// changed. Pass the implied type of the corresponding resource type schema
// for correct operation.
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
func (rcs *ResourceInstanceChangeSrc) Decode(schema providers.Schema) (*ResourceInstanceChange, error) {
change, err := rcs.ChangeSrc.Decode(&schema)
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
if err != nil {
return nil, err
}
Field for the previous address of each resource instance in the plan In order to expose the effect of any relevant "moved" statements we dealt with prior to creating the plan, we'll record with each ResourceInstanceChange both is current address and the address it was tracked at for the previous run. To save consumers of these objects from having to special-case the situation where there _was_ no previous run (e.g. because this is a Create change), we'll just pretend the previous run address was the same as the current address in that case, the same as for an update without any renaming in effect. This includes a breaking change to the plan file format, but one that doesn't require a version number increment because there is no ambiguity between the two formats and so mismatched parsers will already fail with an error message. As of this commit we've just added the new field but not yet populated it with any useful information: it always just matches Addr. A future commit will wire this up to the result of applying the moves so that we can populate it correctly. We also don't yet expose this new information anywhere in the UI layer.
2021-08-20 19:08:12 -04:00
prevRunAddr := rcs.PrevRunAddr
if prevRunAddr.Resource.Resource.Type == "" {
// Suggests an old caller that hasn't been properly updated to
// populate this yet.
prevRunAddr = rcs.Addr
}
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
return &ResourceInstanceChange{
terraform: More wiring in of new provider types This doesn't actually work yet, but it builds and then panics in a pretty satisfying way.
2018-08-24 19:13:50 -04:00
Addr: rcs.Addr,
Field for the previous address of each resource instance in the plan In order to expose the effect of any relevant "moved" statements we dealt with prior to creating the plan, we'll record with each ResourceInstanceChange both is current address and the address it was tracked at for the previous run. To save consumers of these objects from having to special-case the situation where there _was_ no previous run (e.g. because this is a Create change), we'll just pretend the previous run address was the same as the current address in that case, the same as for an update without any renaming in effect. This includes a breaking change to the plan file format, but one that doesn't require a version number increment because there is no ambiguity between the two formats and so mismatched parsers will already fail with an error message. As of this commit we've just added the new field but not yet populated it with any useful information: it always just matches Addr. A future commit will wire this up to the result of applying the moves so that we can populate it correctly. We also don't yet expose this new information anywhere in the UI layer.
2021-08-20 19:08:12 -04:00
PrevRunAddr: prevRunAddr,
terraform: More wiring in of new provider types This doesn't actually work yet, but it builds and then panics in a pretty satisfying way.
2018-08-24 19:13:50 -04:00
DeposedKey: rcs.DeposedKey,
ProviderAddr: rcs.ProviderAddr,
Change: *change,
plans: Track an optional extra "reason" for some planned actions Previously we were repeating some logic in the UI layer in order to recover relevant additional context about a change to report to a user. In order to help keep things consistent, and to have a clearer path for adding more such things in the future, here we capture this user-facing idea of an "action reason" within the plan model, and then use that directly in order to decide how to describe the change to the user. For the moment the "tainted" situation is the only one that gets a special message, matching what we had before, but we can expand on this in future in order to give better feedback about the other replace situations too. This also preemptively includes the "replacing by request" reason, which is currently not reachable but will be used in the near future as part of implementing the -replace=... plan command line option to allow forcing a particular object to be replaced. So far we don't have any special reasons for anything other than replacing, which makes sense because replacing is the only one that is in a sense a special case of another action (Update), but this could expand to other kinds of reasons in the future, such as explaining which of the few different reasons a data source read might be deferred until the apply step.
2021-04-28 15:02:34 -04:00
ActionReason: rcs.ActionReason,
terraform: More wiring in of new provider types This doesn't actually work yet, but it builds and then panics in a pretty satisfying way.
2018-08-24 19:13:50 -04:00
RequiredReplace: rcs.RequiredReplace,
Private: rcs.Private,
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
}, nil
}
core: Re-implement EvalWriteDiff to work with new plan types
2018-08-27 17:33:08 -04:00
// DeepCopy creates a copy of the receiver where any pointers to nested mutable
// values are also copied, thus ensuring that future mutations of the receiver
// will not affect the copy.
//
// Some types used within a resource change are immutable by convention even
// though the Go language allows them to be mutated, such as the types from
// the addrs package. These are _not_ copied by this method, under the
// assumption that callers will behave themselves.
func (rcs *ResourceInstanceChangeSrc) DeepCopy() *ResourceInstanceChangeSrc {
if rcs == nil {
return nil
}
ret := *rcs
plans: Track RequiredReplace as a cty.PathSet We were previously tracking this as a []cty.Path, but having it turned into a pathset on creation makes downstream use of it more convenient and ensures that it'll obey expected invariants like not containing the same path twice.
2018-08-29 14:25:09 -04:00
ret.RequiredReplace = cty.NewPathSet(ret.RequiredReplace.List()...)
core: Re-implement EvalWriteDiff to work with new plan types
2018-08-27 17:33:08 -04:00
if len(ret.Private) != 0 {
private := make([]byte, len(ret.Private))
copy(private, ret.Private)
ret.Private = private
}
ret.ChangeSrc.Before = ret.ChangeSrc.Before.Copy()
ret.ChangeSrc.After = ret.ChangeSrc.After.Copy()
return &ret
}
command: Render "moved" annotations in plan UI For resources which are planned to move, render the previous run address as additional information in the plan UI. For the case of a move-only resource (which otherwise is unchanged), we also render that as a planned change, but without any corresponding action symbol. If all changes in the plan are moves without changes, the plan is no longer considered "empty". In this case, we skip rendering the action symbols in the UI.
2021-09-03 12:10:16 -04:00
func (rcs *ResourceInstanceChangeSrc) Moved() bool {
return !rcs.Addr.Equal(rcs.PrevRunAddr)
}
plans: Retain output value changes for all outputs in memory During the plan operation we need to retain _somewhere_ the planned changes for all outputs so we can refer to them during expression evaluation. For consistency with how we handle resource instance changes, we'll keep them in the plan so we can properly retain unknown values, which cannot be written to state. As with output values in the state, only root output plans are retained in a round-trip through the on-disk plan file format, but that's okay because we can trivially re-calculate all of these during apply. We include the _root_ outputs in the plan file only because they are externally-visible side effects that ought to be included in any rendering of the plan made from the plan file for user inspection.
2018-09-10 19:26:55 -04:00
// OutputChangeSrc describes a change to an output value.
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
type OutputChangeSrc struct {
plans: Retain output value changes for all outputs in memory During the plan operation we need to retain _somewhere_ the planned changes for all outputs so we can refer to them during expression evaluation. For consistency with how we handle resource instance changes, we'll keep them in the plan so we can properly retain unknown values, which cannot be written to state. As with output values in the state, only root output plans are retained in a round-trip through the on-disk plan file format, but that's okay because we can trivially re-calculate all of these during apply. We include the _root_ outputs in the plan file only because they are externally-visible side effects that ought to be included in any rendering of the plan made from the plan file for user inspection.
2018-09-10 19:26:55 -04:00
// Addr is the absolute address of the output value that the change
// will apply to.
Addr addrs.AbsOutputValue
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
// ChangeSrc is an embedded description of the not-yet-decoded change.
//
// For output value changes, the type constraint for the DynamicValue
// instances is always cty.DynamicPseudoType.
ChangeSrc
// Sensitive, if true, indicates that either the old or new value in the
// change is sensitive and so a rendered version of the plan in the UI
// should elide the actual values while still indicating the action of the
// change.
Sensitive bool
}
// Decode unmarshals the raw representation of the output value being
// changed.
func (ocs *OutputChangeSrc) Decode() (*OutputChange, error) {
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
change, err := ocs.ChangeSrc.Decode(nil)
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
if err != nil {
return nil, err
}
return &OutputChange{
plans: Retain output value changes for all outputs in memory During the plan operation we need to retain _somewhere_ the planned changes for all outputs so we can refer to them during expression evaluation. For consistency with how we handle resource instance changes, we'll keep them in the plan so we can properly retain unknown values, which cannot be written to state. As with output values in the state, only root output plans are retained in a round-trip through the on-disk plan file format, but that's okay because we can trivially re-calculate all of these during apply. We include the _root_ outputs in the plan file only because they are externally-visible side effects that ought to be included in any rendering of the plan made from the plan file for user inspection.
2018-09-10 19:26:55 -04:00
Addr: ocs.Addr,
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
Change: *change,
Sensitive: ocs.Sensitive,
}, nil
}
plans: Retain output value changes for all outputs in memory During the plan operation we need to retain _somewhere_ the planned changes for all outputs so we can refer to them during expression evaluation. For consistency with how we handle resource instance changes, we'll keep them in the plan so we can properly retain unknown values, which cannot be written to state. As with output values in the state, only root output plans are retained in a round-trip through the on-disk plan file format, but that's okay because we can trivially re-calculate all of these during apply. We include the _root_ outputs in the plan file only because they are externally-visible side effects that ought to be included in any rendering of the plan made from the plan file for user inspection.
2018-09-10 19:26:55 -04:00
// DeepCopy creates a copy of the receiver where any pointers to nested mutable
// values are also copied, thus ensuring that future mutations of the receiver
// will not affect the copy.
//
// Some types used within a resource change are immutable by convention even
// though the Go language allows them to be mutated, such as the types from
// the addrs package. These are _not_ copied by this method, under the
// assumption that callers will behave themselves.
func (ocs *OutputChangeSrc) DeepCopy() *OutputChangeSrc {
if ocs == nil {
return nil
}
ret := *ocs
ret.ChangeSrc.Before = ret.ChangeSrc.Before.Copy()
ret.ChangeSrc.After = ret.ChangeSrc.After.Copy()
return &ret
}
[plannable import] embed the resource id within the changes (#33134) * [plannable import] embed the resource id within the changes * make pointers and update docs
2023-05-02 10:04:51 -04:00
// ImportingSrc is the part of a ChangeSrc that describes the embedded import
// action.
//
// The fields in here are subject to change, so downstream consumers should be
// prepared for backwards compatibility in case the contents changes.
type ImportingSrc struct {
// ID is the original ID of the imported resource.
ID string
deferred actinos: add support for unknown ids in import blocks (#35300)
2024-06-12 06:59:28 -04:00
Config-driven importing through identity (TF-23179) (#36703) * configschema: Add identity attribute to import block * Mark import target ID as legacy * Add test with import identity * Use ID or identity when importing via configuration * Add plan import tests * Review Feedback * Make sure to copy identity for ResourceInstanceObjects * Add helper for converting cty.Objects to string * Replace getProvider calls * Improve unknown object check
2025-04-02 07:39:16 -04:00
// Identity is the original identity of the imported resource.
Add resource identities to plan file and JSON output (#36903)
2025-04-30 08:43:23 -04:00
Identity DynamicValue
Config-driven importing through identity (TF-23179) (#36703) * configschema: Add identity attribute to import block * Mark import target ID as legacy * Add test with import identity * Use ID or identity when importing via configuration * Add plan import tests * Review Feedback * Make sure to copy identity for ResourceInstanceObjects * Add helper for converting cty.Objects to string * Replace getProvider calls * Improve unknown object check
2025-04-02 07:39:16 -04:00
deferred actinos: add support for unknown ids in import blocks (#35300)
2024-06-12 06:59:28 -04:00
// Unknown is true if the ID was unknown when we tried to import it. This
// should only be true if the overall change is embedded within a deferred
// action.
Unknown bool
}
// Decode unmarshals the raw representation of the importing action.
Add resource identities to plan file and JSON output (#36903)
2025-04-30 08:43:23 -04:00
func (is *ImportingSrc) Decode(identityType cty.Type) *Importing {
deferred actinos: add support for unknown ids in import blocks (#35300)
2024-06-12 06:59:28 -04:00
if is == nil {
return nil
}
if is.Unknown {
Add resource identities to plan file and JSON output (#36903)
2025-04-30 08:43:23 -04:00
if is.Identity == nil {
Config-driven importing through identity (TF-23179) (#36703) * configschema: Add identity attribute to import block * Mark import target ID as legacy * Add test with import identity * Use ID or identity when importing via configuration * Add plan import tests * Review Feedback * Make sure to copy identity for ResourceInstanceObjects * Add helper for converting cty.Objects to string * Replace getProvider calls * Improve unknown object check
2025-04-02 07:39:16 -04:00
return &Importing{
Target: cty.UnknownVal(cty.String),
}
}
return &Importing{
Target: cty.UnknownVal(cty.EmptyObject),
}
}
Add resource identities to plan file and JSON output (#36903)
2025-04-30 08:43:23 -04:00
if is.Identity == nil {
deferred actinos: add support for unknown ids in import blocks (#35300)
2024-06-12 06:59:28 -04:00
return &Importing{
Config-driven importing through identity (TF-23179) (#36703) * configschema: Add identity attribute to import block * Mark import target ID as legacy * Add test with import identity * Use ID or identity when importing via configuration * Add plan import tests * Review Feedback * Make sure to copy identity for ResourceInstanceObjects * Add helper for converting cty.Objects to string * Replace getProvider calls * Improve unknown object check
2025-04-02 07:39:16 -04:00
Target: cty.StringVal(is.ID),
deferred actinos: add support for unknown ids in import blocks (#35300)
2024-06-12 06:59:28 -04:00
}
}
Config-driven importing through identity (TF-23179) (#36703) * configschema: Add identity attribute to import block * Mark import target ID as legacy * Add test with import identity * Use ID or identity when importing via configuration * Add plan import tests * Review Feedback * Make sure to copy identity for ResourceInstanceObjects * Add helper for converting cty.Objects to string * Replace getProvider calls * Improve unknown object check
2025-04-02 07:39:16 -04:00
Add resource identities to plan file and JSON output (#36903)
2025-04-30 08:43:23 -04:00
target, err := is.Identity.Decode(identityType)
if err != nil {
return &Importing{
Target: target,
}
deferred actinos: add support for unknown ids in import blocks (#35300)
2024-06-12 06:59:28 -04:00
}
Add resource identities to plan file and JSON output (#36903)
2025-04-30 08:43:23 -04:00
return nil
[plannable import] embed the resource id within the changes (#33134) * [plannable import] embed the resource id within the changes * make pointers and update docs
2023-05-02 10:04:51 -04:00
}
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
// ChangeSrc is a not-yet-decoded Change.
type ChangeSrc struct {
// Action defines what kind of change is being made.
Action Action
// Before and After correspond to the fields of the same name in Change,
// but have not yet been decoded from the serialized value used for
// storage.
Before, After DynamicValue
Track sensitivity through evaluation Mark sensitivity on a value. However, when the value is encoded to send to the provider to produce a changeset we must remove the marks, so unmark the value and remark it with the saved path afterwards
2020-08-07 11:59:06 -04:00
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
// BeforeIdentity and AfterIdentity correspond to the fields of the same name in Change,
// but have not yet been decoded from the serialized value used for
// storage.
BeforeIdentity, AfterIdentity DynamicValue
Handle marks a little more consistently In the very first implementation of "sensitive values" we were unfortunately not disciplined about separating the idea of "marked value" from the idea of "sensitive value" (where the latter is a subset of the former). The first implementation just assumed that any marking whatsoever meant "sensitive". We later improved that by adding the marks package and the marks.Sensitive value to standardize on the representation of "sensitive value" as being a value marked with _that specific mark_. However, we did not perform a thorough review of all of the mark-handling codepaths to make sure they all agreed on that definition. In particular, the state and plan models were both designed as if they supported arbitrary marks but then in practice marks other than marks.Sensitive would be handled in various inconsistent ways: dropped entirely, or interpreted as if marks.Sensitive, and possibly do so inconsistently when a value is used only in memory vs. round-tripped through a wire/file format. The goal of this commit is to resolve those oddities so that there are now two possible situations: - General mark handling: some codepaths genuinely handle marks generically, by transporting them from input value to output value in a way consistent with how cty itself deals with marks. This is the ideal case because it means we can add new marks in future and assume these codepaths will handle them correctly without any further modifications. - Sensitive-only mark preservation: the codepaths that interact with our wire protocols and file formats typically have only specialized support for sensitive values in particular, and lack support for any other marks. Those codepaths are now subject to a new rule where they must return an error if asked to deal with any other mark, so that if we introduce new marks in future we'll be forced either to define how we'll avoid those markings reaching the file/wire formats or extend the file/wire formats to support the new marks. Some new helper functions in package marks are intended to standardize how we deal with the "sensitive values only" situations, in the hope that this will make it easier to keep things consistent as the codebase evolves in future. In practice the modules runtime only ever uses marks.Sensitive as a mark today, so all of these checks are effectively covering "should never happen" cases. The only other mark Terraform uses is an implementation detail of "terraform console" and does not interact with any of the codepaths that only support sensitive values in particular.
2024-04-16 20:20:33 -04:00
// BeforeSensitivePaths and AfterSensitivePaths are the paths for any
// values in Before or After (respectively) that are considered to be
// sensitive. The sensitive marks are removed from the in-memory values
// to enable encoding (marked values cannot be marshalled), and so we
// store the sensitive paths to allow re-marking later when we decode
// the serialized change.
BeforeSensitivePaths, AfterSensitivePaths []cty.Path
add types for plannable import (#33080)
2023-04-25 10:19:48 -04:00
[plannable import] embed the resource id within the changes (#33134) * [plannable import] embed the resource id within the changes * make pointers and update docs
2023-05-02 10:04:51 -04:00
// Importing is present if the resource is being imported as part of this
add types for plannable import (#33080)
2023-04-25 10:19:48 -04:00
// change.
[plannable import] embed the resource id within the changes (#33134) * [plannable import] embed the resource id within the changes * make pointers and update docs
2023-05-02 10:04:51 -04:00
//
// Use the simple presence of this field to detect if a ChangeSrc is to be
// imported, the contents of this structure may be modified going forward.
Importing *ImportingSrc
Plannable import: Generate config for imported resources during the plan. (#33153) * command: keep our promises * remove some nil config checks Remove some of the safety checks that ensure plan nodes have config attached at the appropriate time. * add GeneratedConfig to plan changes objects Add a new GeneratedConfig field alongside Importing in plan changes. * add config generation package The genconfig package implements HCL config generation from provider state values. Thanks to @mildwonkey whose implementation of terraform add is the basis for this package. * generate config during plan If a resource is being imported and does not already have config, attempt to generate that config during planning. The config is generated from the state as an HCL string, and then parsed back into an hcl.Body to attach to the plan graph node. The generated config string is attached to the change emitted by the plan. * complete config generation prototype, and add tests --------- Co-authored-by: Katy Moe <katy@katy.moe>
2023-05-11 02:38:37 -04:00
// GeneratedConfig contains any HCL config generated for this resource
// during planning, as a string. If GeneratedConfig is populated, Importing
// should be true. However, not all Importing changes contain generated
// config.
GeneratedConfig string
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
}
// Decode unmarshals the raw representations of the before and after values
// to produce a Change object. Pass the type constraint that the result must
// conform to.
//
// Where a ChangeSrc is embedded in some other struct, it's generally better
// to call the corresponding Decode method of that struct rather than working
// directly with its embedded Change.
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
func (cs *ChangeSrc) Decode(schema *providers.Schema) (*Change, error) {
don't attempt to decode empty changes values An empty DynamicValue can't be decoded but indicates no state, so just return a NullVal.
2018-12-20 13:06:53 -05:00
var err error
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
ty := cty.DynamicPseudoType
identityType := cty.DynamicPseudoType
if schema != nil {
ty = schema.Body.ImpliedType()
identityType = schema.Identity.ImpliedType()
}
don't attempt to decode empty changes values An empty DynamicValue can't be decoded but indicates no state, so just return a NullVal.
2018-12-20 13:06:53 -05:00
before := cty.NullVal(ty)
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
beforeIdentity := cty.NullVal(identityType)
don't attempt to decode empty changes values An empty DynamicValue can't be decoded but indicates no state, so just return a NullVal.
2018-12-20 13:06:53 -05:00
after := cty.NullVal(ty)
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
afterIdentity := cty.NullVal(identityType)
don't attempt to decode empty changes values An empty DynamicValue can't be decoded but indicates no state, so just return a NullVal.
2018-12-20 13:06:53 -05:00
if len(cs.Before) > 0 {
before, err = cs.Before.Decode(ty)
if err != nil {
return nil, fmt.Errorf("error decoding 'before' value: %s", err)
}
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
}
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
if len(cs.BeforeIdentity) > 0 {
beforeIdentity, err = cs.BeforeIdentity.Decode(identityType)
if err != nil {
return nil, fmt.Errorf("error decoding 'beforeIdentity' value: %s", err)
}
}
don't attempt to decode empty changes values An empty DynamicValue can't be decoded but indicates no state, so just return a NullVal.
2018-12-20 13:06:53 -05:00
if len(cs.After) > 0 {
after, err = cs.After.Decode(ty)
if err != nil {
return nil, fmt.Errorf("error decoding 'after' value: %s", err)
}
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
}
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
if len(cs.AfterIdentity) > 0 {
afterIdentity, err = cs.AfterIdentity.Decode(identityType)
if err != nil {
return nil, fmt.Errorf("error decoding 'afterIdentity' value: %s", err)
}
}
decode change values with marks Marks stored in a plans.ChangeSrc were not decoded along with the stored values. This was working in many cases by evaluation correctly re-evaluating the marks, but this cannot happen in all cases.
2021-05-11 17:37:07 -04:00
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
return &Change{
Plannable import: Generate config for imported resources during the plan. (#33153) * command: keep our promises * remove some nil config checks Remove some of the safety checks that ensure plan nodes have config attached at the appropriate time. * add GeneratedConfig to plan changes objects Add a new GeneratedConfig field alongside Importing in plan changes. * add config generation package The genconfig package implements HCL config generation from provider state values. Thanks to @mildwonkey whose implementation of terraform add is the basis for this package. * generate config during plan If a resource is being imported and does not already have config, attempt to generate that config during planning. The config is generated from the state as an HCL string, and then parsed back into an hcl.Body to attach to the plan graph node. The generated config string is attached to the change emitted by the plan. * complete config generation prototype, and add tests --------- Co-authored-by: Katy Moe <katy@katy.moe>
2023-05-11 02:38:37 -04:00
Action: cs.Action,
Handle marks a little more consistently In the very first implementation of "sensitive values" we were unfortunately not disciplined about separating the idea of "marked value" from the idea of "sensitive value" (where the latter is a subset of the former). The first implementation just assumed that any marking whatsoever meant "sensitive". We later improved that by adding the marks package and the marks.Sensitive value to standardize on the representation of "sensitive value" as being a value marked with _that specific mark_. However, we did not perform a thorough review of all of the mark-handling codepaths to make sure they all agreed on that definition. In particular, the state and plan models were both designed as if they supported arbitrary marks but then in practice marks other than marks.Sensitive would be handled in various inconsistent ways: dropped entirely, or interpreted as if marks.Sensitive, and possibly do so inconsistently when a value is used only in memory vs. round-tripped through a wire/file format. The goal of this commit is to resolve those oddities so that there are now two possible situations: - General mark handling: some codepaths genuinely handle marks generically, by transporting them from input value to output value in a way consistent with how cty itself deals with marks. This is the ideal case because it means we can add new marks in future and assume these codepaths will handle them correctly without any further modifications. - Sensitive-only mark preservation: the codepaths that interact with our wire protocols and file formats typically have only specialized support for sensitive values in particular, and lack support for any other marks. Those codepaths are now subject to a new rule where they must return an error if asked to deal with any other mark, so that if we introduce new marks in future we'll be forced either to define how we'll avoid those markings reaching the file/wire formats or extend the file/wire formats to support the new marks. Some new helper functions in package marks are intended to standardize how we deal with the "sensitive values only" situations, in the hope that this will make it easier to keep things consistent as the codebase evolves in future. In practice the modules runtime only ever uses marks.Sensitive as a mark today, so all of these checks are effectively covering "should never happen" cases. The only other mark Terraform uses is an implementation detail of "terraform console" and does not interact with any of the codepaths that only support sensitive values in particular.
2024-04-16 20:20:33 -04:00
Before: marks.MarkPaths(before, marks.Sensitive, cs.BeforeSensitivePaths),
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
BeforeIdentity: beforeIdentity,
Handle marks a little more consistently In the very first implementation of "sensitive values" we were unfortunately not disciplined about separating the idea of "marked value" from the idea of "sensitive value" (where the latter is a subset of the former). The first implementation just assumed that any marking whatsoever meant "sensitive". We later improved that by adding the marks package and the marks.Sensitive value to standardize on the representation of "sensitive value" as being a value marked with _that specific mark_. However, we did not perform a thorough review of all of the mark-handling codepaths to make sure they all agreed on that definition. In particular, the state and plan models were both designed as if they supported arbitrary marks but then in practice marks other than marks.Sensitive would be handled in various inconsistent ways: dropped entirely, or interpreted as if marks.Sensitive, and possibly do so inconsistently when a value is used only in memory vs. round-tripped through a wire/file format. The goal of this commit is to resolve those oddities so that there are now two possible situations: - General mark handling: some codepaths genuinely handle marks generically, by transporting them from input value to output value in a way consistent with how cty itself deals with marks. This is the ideal case because it means we can add new marks in future and assume these codepaths will handle them correctly without any further modifications. - Sensitive-only mark preservation: the codepaths that interact with our wire protocols and file formats typically have only specialized support for sensitive values in particular, and lack support for any other marks. Those codepaths are now subject to a new rule where they must return an error if asked to deal with any other mark, so that if we introduce new marks in future we'll be forced either to define how we'll avoid those markings reaching the file/wire formats or extend the file/wire formats to support the new marks. Some new helper functions in package marks are intended to standardize how we deal with the "sensitive values only" situations, in the hope that this will make it easier to keep things consistent as the codebase evolves in future. In practice the modules runtime only ever uses marks.Sensitive as a mark today, so all of these checks are effectively covering "should never happen" cases. The only other mark Terraform uses is an implementation detail of "terraform console" and does not interact with any of the codepaths that only support sensitive values in particular.
2024-04-16 20:20:33 -04:00
After: marks.MarkPaths(after, marks.Sensitive, cs.AfterSensitivePaths),
send resource identities to provider calls
2025-02-27 06:17:00 -05:00
AfterIdentity: afterIdentity,
Add resource identities to plan file and JSON output (#36903)
2025-04-30 08:43:23 -04:00
Importing: cs.Importing.Decode(identityType),
Plannable import: Generate config for imported resources during the plan. (#33153) * command: keep our promises * remove some nil config checks Remove some of the safety checks that ensure plan nodes have config attached at the appropriate time. * add GeneratedConfig to plan changes objects Add a new GeneratedConfig field alongside Importing in plan changes. * add config generation package The genconfig package implements HCL config generation from provider state values. Thanks to @mildwonkey whose implementation of terraform add is the basis for this package. * generate config during plan If a resource is being imported and does not already have config, attempt to generate that config during planning. The config is generated from the state as an HCL string, and then parsed back into an hcl.Body to attach to the plan graph node. The generated config string is attached to the change emitted by the plan. * complete config generation prototype, and add tests --------- Co-authored-by: Katy Moe <katy@katy.moe>
2023-05-11 02:38:37 -04:00
GeneratedConfig: cs.GeneratedConfig,
plans: separate types for encoded and decoded changes The types here were originally written to allow us to defer decoding of object values until schemas are available, but it turns out that this was forcing us to defer decoding longer than necessary and potentially decode the same value multiple times. To avoid this, we create pairs of types to represent the encoded and decoded versions and methods for moving between them. These types are identical to one another apart from how the dynamic values are represented.
2018-07-20 20:15:03 -04:00
}, nil
}
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
actions: remove references to action types, linked resources (#37616) * action renaming * actions: remove references to action types * actions: remove references to linked_resources or action types from the plan proto
2025-09-16 08:46:22 -04:00
// AppendActionInvocationInstanceChange records the given resource instance change in
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
// the set of planned resource changes.
func (c *ChangesSrc) AppendActionInvocationInstanceChange(action *ActionInvocationInstanceSrc) {
if c == nil {
actions: remove references to action types, linked resources (#37616) * action renaming * actions: remove references to action types * actions: remove references to linked_resources or action types from the plan proto
2025-09-16 08:46:22 -04:00
panic("AppendActionInvocationInstanceChange on nil ChangesSync")
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
}
a := action.DeepCopy()
ensure we encode action invocations from change to changesrc
2025-07-17 10:15:20 -04:00
c.ActionInvocations = append(c.ActionInvocations, a)
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
}
type ActionInvocationInstanceSrc struct {
action: move action trigger into nested struct this prepares the work on CLI / flag-driven invocations
2025-08-13 10:06:34 -04:00
Addr addrs.AbsActionInstance
ActionTrigger ActionTrigger
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
support sensitive values in action configuration
2025-08-23 07:46:21 -04:00
ConfigValue DynamicValue
SensitiveConfigPaths []cty.Path
display lifecycle triggered actions aside their triggering resources
2025-07-28 09:56:20 -04:00
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
ProviderAddr addrs.AbsProviderConfig
}
actions: remove references to action types, linked resources (#37616) * action renaming * actions: remove references to action types * actions: remove references to linked_resources or action types from the plan proto
2025-09-16 08:46:22 -04:00
// Decode unmarshals the raw representation of actions.
display lifecycle triggered actions aside their triggering resources
2025-07-28 09:56:20 -04:00
func (acs *ActionInvocationInstanceSrc) Decode(schema *providers.ActionSchema) (*ActionInvocationInstance, error) {
ty := cty.DynamicPseudoType
if schema != nil {
ty = schema.ConfigSchema.ImpliedType()
}
config, err := acs.ConfigValue.Decode(ty)
if err != nil {
return nil, fmt.Errorf("error decoding 'config' value: %s", err)
}
support sensitive values in action configuration
2025-08-23 07:46:21 -04:00
markedConfigValue := marks.MarkPaths(config, marks.Sensitive, acs.SensitiveConfigPaths)
display lifecycle triggered actions aside their triggering resources
2025-07-28 09:56:20 -04:00
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
ai := &ActionInvocationInstance{
action: move action trigger into nested struct this prepares the work on CLI / flag-driven invocations
2025-08-13 10:06:34 -04:00
Addr: acs.Addr,
ActionTrigger: acs.ActionTrigger,
ProviderAddr: acs.ProviderAddr,
support sensitive values in action configuration
2025-08-23 07:46:21 -04:00
ConfigValue: markedConfigValue,
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
}
return ai, nil
}
func (acs *ActionInvocationInstanceSrc) DeepCopy() *ActionInvocationInstanceSrc {
if acs == nil {
return acs
}
ret := *acs
display lifecycle triggered actions aside their triggering resources
2025-07-28 09:56:20 -04:00
ret.ConfigValue = ret.ConfigValue.Copy()
Actions in plan/changes (#37320) * Add actions to the plans and change * jsonplan - ignoring LinkedResources for now, those are not in the MVP * pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
return &ret
}
refactor: move method into changes_src
2025-08-15 10:08:16 -04:00
allow reporting action invocations as deferred
2025-08-18 08:54:33 -04:00
func (acs *ActionInvocationInstanceSrc) Less(other *ActionInvocationInstanceSrc) bool {
if acs.ActionTrigger.Equals(other.ActionTrigger) {
return acs.Addr.Less(other.Addr)
}
return acs.ActionTrigger.Less(other.ActionTrigger)
}
actions: fix cycle when multiple actions are triggered across multiple events (#37591)
2025-09-11 04:20:33 -04:00
// FilterLaterActionInvocations returns the list of action invocations that
// should be triggered after this one. This function assumes the supplied list
// of action invocations has already been filtered to invocations against the
// same resource as the current invocation.
actions: add invoke nodes to the graph (#37521) * actions: add invoke graph nodes * fix small bugs * add additional tests * remove whitespace * fix copyright headers * go generate * address comments
2025-08-29 08:43:09 -04:00
func (acs *ActionInvocationInstanceSrc) FilterLaterActionInvocations(actionInvocations []*ActionInvocationInstanceSrc) []*ActionInvocationInstanceSrc {
chore (actions): rename LifecycleActionTrigger -> ResourceActionTrigger in plan and proto We'd previously removed all other references to "lifecycle" actions, which made this reference stand out. ResourceLifecycleActionTrigger is probably the most accurate name, but as this type just needs to be differentiated from InvokeActionTrigger I thought "resource" was enough (and I specifically wanted= to avoid lifecycle at all). I'm not super attached to the name, but I did think it would be clearer if we avoided Lifecycle as much as possible, since that's got some overlap with action subtypes. In this instance, we call it a LifecycleActionTrigger because it's come from the resource's `lifecycle` block. This doesn't directly relate to the concept of LifecycleActions - even if we expand the design to have multiple action types (for example generic and lifecycle actions), both those actions types would use this same Trigger struct.
2026-02-23 15:12:12 -05:00
needleLat := acs.ActionTrigger.(*ResourceActionTrigger)
refactor: move method into changes_src
2025-08-15 10:08:16 -04:00
var laterInvocations []*ActionInvocationInstanceSrc
for _, invocation := range actionInvocations {
chore (actions): rename LifecycleActionTrigger -> ResourceActionTrigger in plan and proto We'd previously removed all other references to "lifecycle" actions, which made this reference stand out. ResourceLifecycleActionTrigger is probably the most accurate name, but as this type just needs to be differentiated from InvokeActionTrigger I thought "resource" was enough (and I specifically wanted= to avoid lifecycle at all). I'm not super attached to the name, but I did think it would be clearer if we avoided Lifecycle as much as possible, since that's got some overlap with action subtypes. In this instance, we call it a LifecycleActionTrigger because it's come from the resource's `lifecycle` block. This doesn't directly relate to the concept of LifecycleActions - even if we expand the design to have multiple action types (for example generic and lifecycle actions), both those actions types would use this same Trigger struct.
2026-02-23 15:12:12 -05:00
if lat, ok := invocation.ActionTrigger.(*ResourceActionTrigger); ok {
actions: fix cycle when multiple actions are triggered across multiple events (#37591)
2025-09-11 04:20:33 -04:00
if sameTriggerEvent(lat, needleLat) && triggersLater(lat, needleLat) {
refactor: move method into changes_src
2025-08-15 10:08:16 -04:00
laterInvocations = append(laterInvocations, invocation)
}
}
}
return laterInvocations
}
actions: fix cycle when multiple actions are triggered across multiple events (#37591)
2025-09-11 04:20:33 -04:00
chore (actions): rename LifecycleActionTrigger -> ResourceActionTrigger in plan and proto We'd previously removed all other references to "lifecycle" actions, which made this reference stand out. ResourceLifecycleActionTrigger is probably the most accurate name, but as this type just needs to be differentiated from InvokeActionTrigger I thought "resource" was enough (and I specifically wanted= to avoid lifecycle at all). I'm not super attached to the name, but I did think it would be clearer if we avoided Lifecycle as much as possible, since that's got some overlap with action subtypes. In this instance, we call it a LifecycleActionTrigger because it's come from the resource's `lifecycle` block. This doesn't directly relate to the concept of LifecycleActions - even if we expand the design to have multiple action types (for example generic and lifecycle actions), both those actions types would use this same Trigger struct.
2026-02-23 15:12:12 -05:00
func sameTriggerEvent(one, two *ResourceActionTrigger) bool {
actions: fix cycle when multiple actions are triggered across multiple events (#37591)
2025-09-11 04:20:33 -04:00
return one.ActionTriggerEvent == two.ActionTriggerEvent
}
chore (actions): rename LifecycleActionTrigger -> ResourceActionTrigger in plan and proto We'd previously removed all other references to "lifecycle" actions, which made this reference stand out. ResourceLifecycleActionTrigger is probably the most accurate name, but as this type just needs to be differentiated from InvokeActionTrigger I thought "resource" was enough (and I specifically wanted= to avoid lifecycle at all). I'm not super attached to the name, but I did think it would be clearer if we avoided Lifecycle as much as possible, since that's got some overlap with action subtypes. In this instance, we call it a LifecycleActionTrigger because it's come from the resource's `lifecycle` block. This doesn't directly relate to the concept of LifecycleActions - even if we expand the design to have multiple action types (for example generic and lifecycle actions), both those actions types would use this same Trigger struct.
2026-02-23 15:12:12 -05:00
func triggersLater(one, two *ResourceActionTrigger) bool {
actions: fix cycle when multiple actions are triggered across multiple events (#37591)
2025-09-11 04:20:33 -04:00
return one.ActionTriggerBlockIndex > two.ActionTriggerBlockIndex || (one.ActionTriggerBlockIndex == two.ActionTriggerBlockIndex && one.ActionsListIndex > two.ActionsListIndex)
}
Reference in a new issue Copy permalink