Commit graph

42 commits

Author SHA1 Message Date
Radek Simko
0fe906fa8c make copyrightfix 2026-02-17 13:56:34 +00:00
Daniel Schmidt
d813ad14f7 add deprecation marks 2026-02-03 13:32:06 +01:00
James Bardin
4c610ac5e6 use the new genconfig types throughout 2025-08-29 15:11:56 -04:00
James Bardin
ddc47f15e7 remove the recursive genconfig resource struct
The Resource struct didn't really match the data structure. Refactor
this to make it easier to break up the config generation calls so we can
pass in final config from the provider.
2025-08-29 15:11:56 -04:00
Daniel Schmidt
eb26b72d55 display lifecycle triggered actions aside their triggering resources 2025-07-31 16:07:38 +02:00
Daniel Schmidt
e0ab23a040 ensure we encode action invocations from change to changesrc 2025-07-18 14:20:17 +02:00
Kristin Laemmert
9256074c43
Actions in plan/changes (#37320)
* Add actions to the plans and change
* jsonplan - ignoring LinkedResources for now, those are not in the MVP
* pausing here: we'll work on the plan rendering later
2025-07-17 08:19:57 -04:00
Samsondeen
8d8b2bb694
Generate config for list results (#37173) 2025-07-04 11:35:39 +02:00
Daniel Banck
2b9d25c7fd
Add terraform query subcommand (TF-25494) (#37174)
* WIP

* Reuse plan command for query CLI

* Basic CLI output

* Only fail a list request on error

* poc: store query results in separate field

* WIP: odd mixture between JSONs

* Fix list references

* Separate JSON rendering

The structured JSON now only logs a status on which list query is
currently running. The new jsonlist package can marshal the query fields
of a plan.

* Remove matcher

* Store results in an extra struct

* Structured list result logging

* Move list result output into hooks

* Add help text and additional flag

* Disable query runs with the cloud backend for now

* Review feedback
2025-07-02 15:06:25 +02:00
Samsondeen
685ff9f192
Schema representation of list block config and results (#37209) 2025-06-10 20:08:54 +02:00
Daniel Banck
0aa4ce972d
Add resource identities to plan file and JSON output (#36903) 2025-04-30 14:43:23 +02:00
Daniel Banck
6917e69d12
Config-driven importing through identity (TF-23179) (#36703)
* configschema: Add identity attribute to import block

* Mark import target ID as legacy

* Add test with import identity

* Use ID or identity when importing via configuration

* Add plan import tests

* Review Feedback

* Make sure to copy identity for ResourceInstanceObjects

* Add helper for converting cty.Objects to string

* Replace getProvider calls

* Improve unknown object check
2025-04-02 13:39:16 +02:00
Daniel Schmidt
fec6e4b552 send resource identities to provider calls 2025-03-12 09:18:55 +01:00
Daniel Banck
10c9b64007
Rename schema.Block to Body (#36629) 2025-03-04 16:33:43 +01:00
James Bardin
e1485f27fc use go tool to run generate commands 2025-02-12 12:25:50 -05:00
James Bardin
1459e36a8b encoding of changes should always return a value
Terraform always attempts to generate a plan even when encountering an
error, so we need to ensure that all plan elements have valid values to
store and inspect later. Ensuring that `Changes.Encode` always returns a
valid value avoids the need for nil checks elsewhere while returning an
error to the user.
2024-12-13 08:26:32 -05:00
James Bardin
912738ea37 remove unused code 2024-08-22 09:39:37 -04:00
James Bardin
4eca878acc have change sets manage encoding and decoding
Add Changes.Encode and ChangesSrc.Decode to put all encoding and
decoding in a single place.
2024-08-22 09:39:37 -04:00
James Bardin
696fc7378d Update tests to match new changes types
Changes now stores Changes rather than ChangeSrcs, and ChangeSrcs are
stored in ChangesSrc
2024-08-22 09:39:37 -04:00
James Bardin
bc750192e4 POC for always using decoded changes in core
We should not need to encode and decode change values within core, since
the encoded version is only technically needed for serialization. This
pattern stems from the conversion to current changes system, but back
then we did not have easy access to the correct schemas at the time to
encode and decode the entire set of changes.

Moving the core handling of changes to only use the decoded values will
drastically improve evaluation efficiency, removing a round trip
through encoded values for every resource reference.
2024-08-22 09:39:37 -04:00
Liam Cervante
96da5e9f46
deferred actinos: add support for unknown ids in import blocks (#35300) 2024-06-12 12:59:28 +02:00
Martin Atkins
30e2fd6525 Handle marks a little more consistently
In the very first implementation of "sensitive values" we were
unfortunately not disciplined about separating the idea of "marked value"
from the idea of "sensitive value" (where the latter is a subset of the
former). The first implementation just assumed that any marking whatsoever
meant "sensitive".

We later improved that by adding the marks package and the marks.Sensitive
value to standardize on the representation of "sensitive value" as being
a value marked with _that specific mark_.

However, we did not perform a thorough review of all of the mark-handling
codepaths to make sure they all agreed on that definition. In particular,
the state and plan models were both designed as if they supported arbitrary
marks but then in practice marks other than marks.Sensitive would be
handled in various inconsistent ways: dropped entirely, or interpreted as
if marks.Sensitive, and possibly do so inconsistently when a value is
used only in memory vs. round-tripped through a wire/file format.

The goal of this commit is to resolve those oddities so that there are now
two possible situations:
 - General mark handling: some codepaths genuinely handle marks
   generically, by transporting them from input value to output value in
   a way consistent with how cty itself deals with marks. This is the
   ideal case because it means we can add new marks in future and assume
   these codepaths will handle them correctly without any further
   modifications.
 - Sensitive-only mark preservation: the codepaths that interact with our
   wire protocols and file formats typically have only specialized support
   for sensitive values in particular, and lack support for any other
   marks. Those codepaths are now subject to a new rule where they must
   return an error if asked to deal with any other mark, so that if we
   introduce new marks in future we'll be forced either to define how we'll
   avoid those markings reaching the file/wire formats or extend the
   file/wire formats to support the new marks.

Some new helper functions in package marks are intended to standardize how
we deal with the "sensitive values only" situations, in the hope that
this will make it easier to keep things consistent as the codebase evolves
in future.

In practice the modules runtime only ever uses marks.Sensitive as a mark
today, so all of these checks are effectively covering "should never
happen" cases. The only other mark Terraform uses is an implementation
detail of "terraform console" and does not interact with any of the
codepaths that only support sensitive values in particular.
2024-04-18 07:32:52 -07:00
kmoe
a718f70f85
Add removed block (#34251)
* terraform: remove redundant code

NodeDestroyResourceInstance is never instantiated with a DeposedKey of anything other than states.NotDeposed, so the deleted code is never run. Deposed objects get a NodeDestroyDeposedResourceInstanceObject instead.

* tfdiags: add helper func

* configs: introduce removed block type

* terraform: add forget action

* renderer: render forget actions

* terraform: deposed objects can be forgotten

Deposed objects encountered during planning spawn
NodePlanDeposedResourceInstanceObject, which previously generated a
destroy change. Now it will generate a forget change if the deposed
object is a forget target, and a destroy change otherwise.

The apply graph gains a new node type,
NodeForgetDeposedResourceInstanceObject, whose execution simply removes
the object from the state.

* configs: add RemoveTarget address type

* terraform: modules can be forgotten

* terraform: error if removed obj still in config

* tests: better error on restore state fail

* Update CHANGELOG.md
2023-11-29 11:58:28 +00:00
hashicorp-copywrite[bot]
53c34ff49c
Update copyright file headers to BUSL-1.1 2023-08-10 23:43:27 +01:00
Liam Cervante
79f7f59155
Plannable import: Generate config for imported resources during the plan. (#33153)
* command: keep our promises

* remove some nil config checks

Remove some of the safety checks that ensure plan nodes have config attached at the appropriate time.

* add GeneratedConfig to plan changes objects

Add a new GeneratedConfig field alongside Importing in plan changes.

* add config generation package

The genconfig package implements HCL config generation from provider state values.

Thanks to @mildwonkey whose implementation of terraform add is the basis for this package.

* generate config during plan

If a resource is being imported and does not already have config, attempt to generate that config during planning. The config is generated from the state as an HCL string, and then parsed back into an hcl.Body to attach to the plan graph node.

The generated config string is attached to the change emitted by the plan.

* complete config generation prototype, and add tests

---------

Co-authored-by: Katy Moe <katy@katy.moe>
2023-05-11 08:38:37 +02:00
hashicorp-copywrite[bot]
325d18262e [COMPLIANCE] Add Copyright and License Headers 2023-05-02 15:33:06 +00:00
Liam Cervante
4210d905c0
[plannable import] embed the resource id within the changes (#33134)
* [plannable import] embed the resource id within the changes

* make pointers and update docs
2023-05-02 16:04:51 +02:00
kmoe
28643516b2
Plannable import 3: Make import plannable (#33085)
During a plan, Terraform now checks for the presence of import blocks.

For each resource in config, if an import block is present with a matching address, planning that node will now trigger an ImportResourceState and ReadResource. The resulting state is treated as the node's "refresh state", and planning proceeds as normal from there.

The walkImport operation is now only used for the legacy "terraform import" CLI command. This is the only case under which the plan should produce graphNodeImportStates.
2023-04-28 23:45:43 +01:00
kmoe
531efd303b
add types for plannable import (#33080) 2023-04-25 15:19:48 +01:00
Liam Cervante
978263efe9
Checks: Introduce check blocks into the terraform node and transform graph (#32735)
* Add support for scoped resources

* refactor existing checks addrs and add check block addr

* Add configuration for check blocks

* introduce check blocks into the terraform node and transform  graph

* address comments

* address comments

* don't execute checks during destroy operations

* don't even include check nodes for destroy operations
2023-03-23 16:07:31 +01:00
kmoe
dec48a8510
plans: indicate when resource deleted due to move (#31695)
Add a new ChangeReason, ReasonDeleteBecauseNoMoveTarget, to provide better
information in cases where a planned deletion is due to moving a resource to
a target not in configuration.

Consider a case in which a resource instance exists in state at address A, and
the user adds a moved block to move A to address B. Whether by the user's
intention or not, address B does not exist in configuration.
Terraform combines the move from A to B, and the lack of configuration for B,
into a single delete action for the (previously nonexistent) entity B.
Prior to this commit, the Terraform plan will report that resource B will be
destroyed because it does not exist in configuration, without explicitly
connecting this to the move.

This commit provides the user an additional clue as to what has happened, in a
case in which Terraform has elided a user's action and inaction into one
potentially destructive change.
2022-08-30 18:01:29 +01:00
Martin Atkins
783a07d9e8 build: Use Go 1.19
Go 1.19's "fmt" has some awareness of the new doc comment formatting
conventions and adjusts the presentation of the source comments to make
it clearer how godoc would interpret them. Therefore this commit includes
various updates made by "go fmt" to acheve that.

In line with our usual convention that we make stylistic/grammar/spelling
tweaks typically only when we're "in the area" changing something else
anyway, I also took this opportunity to review most of the comments that
this updated to see if there were any other opportunities to improve them.
2022-08-22 10:59:12 -07:00
Martin Atkins
3cd069900b core: Use DynamicExpand even for root module outputs
We previously had a special case in the graph transformer for output
values where it would directly create an individual output value node
instead of an "expand" node as we would do for output values in nested
modules.

While it's true that we do always know that expanding a root module
output value will always produce exactly one instance, treating this case
as special creates the risk of those two codepaths diverging in other
ways.

Instead, we'll let the expand node also deal with root modules and
minimize the special case only to how we look up any changes for the
output values, since the design of plans.Changes is a bit awkward and
requires us to ask the question differently for root module output values.
Otherwise, the behavior will now be consistent across all output values
regardless of module.
2022-07-22 15:25:22 -07:00
Martin Atkins
4cffff24b1 core: Report reason for deferring data read until apply
We have two different reasons why a data resource might be read only
during apply, rather than during planning as usual: the configuration
contains unknown values, or the data resource as a whole depends on a
managed resource which itself has a change pending.

However, we didn't previously distinguish these two in a way that allowed
the UI to describe the difference, and so we confusingly reported both
as "config refers to values not yet known", which in turn led to a number
of reasonable questions about why Terraform was claiming that but then
immediately below showing the configuration entirely known.

Now we'll use our existing "ActionReason" mechanism to tell the UI layer
which of the two reasons applies to a particular data resource instance.
The "dependency pending" situation tends to happen in conjunction with
"config unknown", so we'll prefer to refer that the configuration is
unknown if both are true.
2022-05-09 11:12:47 -07:00
James Bardin
e4c4dcbd14 add ResourceInstanceReplaceByTriggers 2022-04-20 09:17:10 -04:00
James Bardin
91121aa856 limit replace_triggered_by to same module instance
replace_triggered_by references are scoped to the current module, so we
need to filter changes for the current module instance. Rather than
creating a ConfigResource and filtering the result, make a
Changes.InstancesForAbsResource method to get only the AbsResource
changes.
2022-04-20 09:17:10 -04:00
James Bardin
0e7cec83db decode change before creating diff
This is functionally equivalent, but will allow us to filter the change
values directly for reduced drift output.
2022-03-17 09:35:36 -04:00
Martin Atkins
a1a713cf28 core: Report ActionReasons when we plan to delete "orphans"
There are a few different reasons why a resource instance tracked in the
prior state might be considered an "orphan", but previously we reported
them all identically in the planned changes.

In order to help users understand the reason for a surprising planned
delete, we'll now try to specify an additional reason for the planned
deletion, covering all of the main reasons why that could happen.

This commit only introduces the new detail to the plans.Changes result,
though it also incidentally exposes it as part of the JSON plan result
in order to keep that working without returning errors in these new
cases. We'll expose this information in the human-oriented UI output in
a subsequent commit.
2021-09-23 14:37:08 -07:00
Alisdair McDiarmid
29999c1d6f command: Render "moved" annotations in plan UI
For resources which are planned to move, render the previous run address
as additional information in the plan UI. For the case of a move-only
resource (which otherwise is unchanged), we also render that as a
planned change, but without any corresponding action symbol.

If all changes in the plan are moves without changes, the plan is no
longer considered "empty". In this case, we skip rendering the action
symbols in the UI.
2021-09-03 17:44:07 -04:00
Martin Atkins
22b36d1f4c Field for the previous address of each resource instance in the plan
In order to expose the effect of any relevant "moved" statements we dealt
with prior to creating the plan, we'll record with each
ResourceInstanceChange both is current address and the address it was
tracked at for the previous run.

To save consumers of these objects from having to special-case the
situation where there _was_ no previous run (e.g. because this is a Create
change), we'll just pretend the previous run address was the same as the
current address in that case, the same as for an update without any
renaming in effect.

This includes a breaking change to the plan file format, but one that
doesn't require a version number increment because there is no ambiguity
between the two formats and so mismatched parsers will already fail with
an error message.

As of this commit we've just added the new field but not yet populated it
with any useful information: it always just matches Addr. A future commit
will wire this up to the result of applying the moves so that we can
populate it correctly. We also don't yet expose this new information
anywhere in the UI layer.
2021-08-30 13:59:14 -07:00
Martin Atkins
f40800b3a4 Move states/ to internal/states/
This is part of a general effort to move all of Terraform's non-library
package surface under internal in order to reinforce that these are for
internal use within Terraform only.

If you were previously importing packages under this prefix into an
external codebase, you could pin to an earlier release tag as an interim
solution until you've make a plan to achieve the same functionality some
other way.
2021-05-17 14:09:07 -07:00
Martin Atkins
034e944070 Move plans/ to internal/plans/
This is part of a general effort to move all of Terraform's non-library
package surface under internal in order to reinforce that these are for
internal use within Terraform only.

If you were previously importing packages under this prefix into an
external codebase, you could pin to an earlier release tag as an interim
solution until you've make a plan to achieve the same functionality some
other way.
2021-05-17 14:09:07 -07:00
Renamed from plans/changes.go (Browse further)