update based on new crd

Signed-off-by: Luke Mallon (Nalum) <luke.mallon@weave.works>

controllers/tc000020_with_backend_no_outputs_test.go

@@ -86,6 +86,7 @@ func Test_000020_with_backend_no_outputs_test(t *testing.T) {
 
 	Given("a Terraform resource with auto approve, backend configured, attached to the given GitRepository.")
 	By("creating a new TF resource and attaching to the repo via `sourceRef`.")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -95,7 +96,7 @@ func Test_000020_with_backend_no_outputs_test(t *testing.T) {
 			ApprovePlan: "auto",
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			Path: "./terraform-hello-world-example",

controllers/tc000052_plan_and_manual_approve_with_files_test.go

@@ -1,9 +1,10 @@
 package controllers
 
 import (
-	"github.com/weaveworks/tf-controller/utils"
 	"testing"
 
+	"github.com/weaveworks/tf-controller/utils"
+
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	. "github.com/onsi/gomega"
 	infrav1 "github.com/weaveworks/tf-controller/api/v1alpha1"
@@ -91,6 +92,7 @@ func Test_000052_plan_and_manual_approve_with_files_test(t *testing.T) {
 	Given("a Terraform resource with manual approval, attached to the given GitRepository resource")
 	By("creating a new TF resource without specifying the .spec.approvePlan field.")
 	By("attaching the TF resource to the repo via `sourceRef`.")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -99,7 +101,7 @@ func Test_000052_plan_and_manual_approve_with_files_test(t *testing.T) {
 		Spec: infrav1.TerraformSpec{
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			// Note that we do not specify the `ApprovePlan` field

controllers/tc000121_destroy_on_delete_test.go

@@ -82,6 +82,7 @@ func Test_000121_destroy_on_delete_test(t *testing.T) {
 
 	Given("a Terraform object with auto approve, and attaching it to the GitRepository object")
 	By("creating a new TF resource and attaching to the repo via sourceRef")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -90,7 +91,7 @@ func Test_000121_destroy_on_delete_test(t *testing.T) {
 		Spec: infrav1.TerraformSpec{
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			ApprovePlan:                "auto",

controllers/tc000130_destroy_no_outputs_test.go

@@ -83,6 +83,7 @@ func Test_000130_destroy_no_outputs_test(t *testing.T) {
 
 	Given("a Terraform object with auto approve, and attaching it to the GitRepository object")
 	By("creating a new TF resource and attaching to the repo via sourceRef")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -91,7 +92,7 @@ func Test_000130_destroy_no_outputs_test(t *testing.T) {
 		Spec: infrav1.TerraformSpec{
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			ApprovePlan: "auto",

controllers/tc000140_auto_applied_should_tx_to_plan_then_apply_when_drift_detected_test.go

@@ -77,6 +77,7 @@ func Test_000140_auto_applied_resource_should_transit_to_plan_then_apply_when_dr
 
 	Given("a Terraform object with auto approve, and attaching it to the GitRepository object")
 	By("creating a new TF resource and attaching to the repo via sourceRef")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -85,7 +86,7 @@ func Test_000140_auto_applied_resource_should_transit_to_plan_then_apply_when_dr
 		Spec: infrav1.TerraformSpec{
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			ApprovePlan: "auto",

controllers/tc000150_manual_apply_should_report_and_loop_when_drift_detected_test.go

@@ -78,6 +78,7 @@ func Test_000150_manual_apply_should_report_and_loop_when_drift_detected_test(t
 
 	Given("a Terraform object with auto approve, and attaching it to the GitRepository object")
 	By("creating a new TF resource and attaching to the repo via sourceRef")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -86,7 +87,7 @@ func Test_000150_manual_apply_should_report_and_loop_when_drift_detected_test(t
 		Spec: infrav1.TerraformSpec{
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			ApprovePlan: "",

controllers/tc000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_test.go

@@ -91,6 +91,7 @@ func Test_000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_te
 
 	Given("a Terraform resource with auto approve, attached to the given GitRepository resource.")
 	By("creating a new TF resource and attaching to the repo via `sourceRef`.")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -101,7 +102,7 @@ func Test_000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_te
 			Path:        "./tf-k8s-configmap",
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			SourceRef: infrav1.CrossNamespaceSourceReference{

controllers/tc000170_if_apply_error_we_should_delete_the_plan_and_start_over_test.go

@@ -2,10 +2,11 @@ package controllers
 
 import (
 	"context"
-	"github.com/weaveworks/tf-controller/utils"
 	"testing"
 	"time"
 
+	"github.com/weaveworks/tf-controller/utils"
+
 	. "github.com/onsi/gomega"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
@@ -88,6 +89,7 @@ func Test_000170_if_apply_error_the_plan_should_be_deleted_and_start_over_test(t
 
 	Given("a Terraform resource with auto approve, attached to the given GitRepository resource.")
 	By("creating a new TF resource and attaching to the repo via `sourceRef`.")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -99,7 +101,7 @@ func Test_000170_if_apply_error_the_plan_should_be_deleted_and_start_over_test(t
 			Interval:    metav1.Duration{Duration: 5 * time.Second},
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			SourceRef: infrav1.CrossNamespaceSourceReference{

controllers/tc000201_auto_approve_with_disabled_drift_detection_test.go

@@ -77,6 +77,7 @@ func Test_000201_auto_approve_with_disabled_drift_detection(t *testing.T) {
 	testEnvKubeConfigPath, err := findKubeConfig(testEnv)
 	g.Expect(err).Should(BeNil())
 
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -89,7 +90,7 @@ func Test_000201_auto_approve_with_disabled_drift_detection(t *testing.T) {
 			Path:                  "./terraform-hello-world-example",
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			SourceRef: infrav1.CrossNamespaceSourceReference{

controllers/tc000230_drift_detection_only_mode_test.go

@@ -2,10 +2,11 @@ package controllers
 
 import (
 	"context"
-	"github.com/weaveworks/tf-controller/utils"
 	"testing"
 	"time"
 
+	"github.com/weaveworks/tf-controller/utils"
+
 	. "github.com/onsi/gomega"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
@@ -82,6 +83,7 @@ func Test_000230_drift_detection_only_mode(t *testing.T) {
 	testEnvKubeConfigPath, err := findKubeConfig(testEnv)
 	g.Expect(err).Should(BeNil())
 
+	inClusterConfig := false
 	testTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -90,7 +92,7 @@ func Test_000230_drift_detection_only_mode(t *testing.T) {
 		Spec: infrav1.TerraformSpec{
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			ApprovePlan: infrav1.ApprovePlanAutoValue,

controllers/tc000241_auto_approve_with_health_checks_test.go

@@ -80,6 +80,7 @@ func Test_000241_auto_approve_with_health_checks_test(t *testing.T) {
 	testEnvKubeConfigPath, err := findKubeConfig(testEnv)
 	g.Expect(err).Should(BeNil())
 
+	inClusterConfig := false
 	healthCheckTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -91,7 +92,7 @@ func Test_000241_auto_approve_with_health_checks_test(t *testing.T) {
 			Path:        "./tf-health-check-example",
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			SourceRef: infrav1.CrossNamespaceSourceReference{

controllers/tc000242_bad_health_checks_test.go

@@ -76,6 +76,7 @@ func Test_000242_bad_healt_checks_test(t *testing.T) {
 	testEnvKubeConfigPath, err := findKubeConfig(testEnv)
 	g.Expect(err).Should(BeNil())
 
+	inClusterConfig := false
 	healthCheckTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -87,7 +88,7 @@ func Test_000242_bad_healt_checks_test(t *testing.T) {
 			Path:        "./tf-health-check-example",
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			SourceRef: infrav1.CrossNamespaceSourceReference{
@@ -151,7 +152,7 @@ func Test_000242_bad_healt_checks_test(t *testing.T) {
 			Path:        "./tf-health-check-example",
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName + "2",
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			SourceRef: infrav1.CrossNamespaceSourceReference{

controllers/tc000260_runner_pod_test.go

@@ -423,6 +423,7 @@ func Test_000260_runner_pod_test_env_vars_proxy_output(t *testing.T) {
 	By("creating a new TF resource and attaching to the repo via `sourceRef`.")
 	By("specifying the .spec.writeOutputsToSecret.")
 
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -432,7 +433,7 @@ func Test_000260_runner_pod_test_env_vars_proxy_output(t *testing.T) {
 			ApprovePlan: "auto",
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			Path: "./terraform-envvar-variable-output",

controllers/tc000280_inventory_test.go

@@ -79,6 +79,7 @@ func Test_000280_inventory_test(t *testing.T) {
 
 	Given("a Terraform object with auto approve, and attaching it to the GitRepository object")
 	By("creating a new TF resource and attaching to the repo via sourceRef")
+	inClusterConfig := false
 	helloWorldTF := infrav1.Terraform{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      terraformName,
@@ -87,7 +88,7 @@ func Test_000280_inventory_test(t *testing.T) {
 		Spec: infrav1.TerraformSpec{
 			BackendConfig: &infrav1.BackendConfigSpec{
 				SecretSuffix:    terraformName,
-				InClusterConfig: false,
+				InClusterConfig: &inClusterConfig,
 				ConfigPath:      testEnvKubeConfigPath,
 			},
 			ApprovePlan: "auto",

controllers/terraform_controller.go

@@ -641,30 +641,64 @@ func (r *TerraformReconciler) setupTerraform(ctx context.Context, runnerClient r
 	workingDir := uploadAndExtractReply.WorkingDir
 	tmpDir = uploadAndExtractReply.TmpDir
 
-	var backendConfig string
+	// Set the backendConfig assuming it is going to be disabled
+	var backendConfig string = `
+terraform {
+	backend "local" { }
+}
+`
+	// This variable is going to be used to force unlock the state if it is locked
+	forceUnlockID := ""
+	// Check if we want to Disable the K8S backend via an envvar
 	DisableTFK8SBackend := os.Getenv("DISABLE_TF_K8S_BACKEND") == "1"
 
+	// Do we have a manually configured backend
 	if terraform.Spec.BackendConfig != nil {
-		backendConfig = fmt.Sprintf(`
+		// Is the backend still enabled
+		if !terraform.Spec.BackendConfig.Disable {
+			// If we have an lock id we want to force unlock the state
+			if terraform.Spec.BackendConfig.State != nil {
+				if terraform.Spec.BackendConfig.State.ForceUnlock != "" {
+					forceUnlockID = terraform.Spec.BackendConfig.State.ForceUnlock
+				}
+			}
+
+			// Set a default suffix if it is not set
+			if terraform.Spec.BackendConfig.SecretSuffix == "" {
+				terraform.Spec.BackendConfig.SecretSuffix = terraform.Name
+			}
+
+			// Default to true if InClusterConfig is not set
+			if terraform.Spec.BackendConfig.InClusterConfig == nil {
+				icc := true
+				terraform.Spec.BackendConfig.InClusterConfig = &icc
+			}
+
+			// The config path is only required if we're not setting up an InClusterConfig
+			configPath := ""
+
+			// If it's not empty then we want to create the string that will be dropped into the config
+			if terraform.Spec.BackendConfig.ConfigPath != "" {
+				configPath = fmt.Sprintf("\n    config_path       = \"%s\"", terraform.Spec.BackendConfig.ConfigPath)
+			}
+
+			// Setup the config, note the %v and %s together for in_cluster_config
+			backendConfig = fmt.Sprintf(`
 terraform {
   backend "kubernetes" {
     secret_suffix     = "%s"
-    in_cluster_config = %v
-    config_path       = "%s"
+    in_cluster_config = %v%s
     namespace         = "%s"
   }
 }
 `,
-			terraform.Spec.BackendConfig.SecretSuffix,
-			terraform.Spec.BackendConfig.InClusterConfig,
-			terraform.Spec.BackendConfig.ConfigPath,
-			terraform.Namespace)
-	} else if DisableTFK8SBackend && terraform.Spec.BackendConfig == nil {
-		backendConfig = `
-terraform {
-	backend "local" { }
-}`
-	} else if terraform.Spec.BackendConfig == nil {
+				terraform.Spec.BackendConfig.SecretSuffix,
+				terraform.Spec.BackendConfig.InClusterConfig,
+				configPath,
+				terraform.Namespace)
+		}
+		// This else should only be hit if we don't disable the backend via the envvar above
+	} else if !DisableTFK8SBackend {
 		// TODO must be tested in cluster only
 		backendConfig = fmt.Sprintf(`
 terraform {
@@ -677,6 +711,17 @@ terraform {
 `, terraform.Name, terraform.Namespace)
 	}
 
+	// If we have a lock id need to force unlock it
+	if forceUnlockID != "" {
+		_, err := runnerClient.ForceUnlock(context.Background(), &runner.ForceUnlockRequest{
+			LockIdentifier: forceUnlockID,
+		})
+
+		if err != nil {
+			return terraform, tfInstance, tmpDir, err
+		}
+	}
+
 	if r.backendCompletelyDisable(terraform) {
 		log.Info("BackendConfig is completely disabled")
 	} else {