From e9b26cc98f4b375886e14b52a062c080f5f52a95 Mon Sep 17 00:00:00 2001 From: "Luke Mallon (Nalum)" Date: Fri, 29 Jul 2022 13:22:26 +0100 Subject: [PATCH] update based on new crd Signed-off-by: Luke Mallon (Nalum) --- .../tc000020_with_backend_no_outputs_test.go | 3 +- ...plan_and_manual_approve_with_files_test.go | 6 +- .../tc000121_destroy_on_delete_test.go | 3 +- .../tc000130_destroy_no_outputs_test.go | 3 +- ...lan_then_apply_when_drift_detected_test.go | 3 +- ...eport_and_loop_when_drift_detected_test.go | 3 +- ...plan_when_unrelated_source_changed_test.go | 3 +- ...uld_delete_the_plan_and_start_over_test.go | 6 +- ...rove_with_disabled_drift_detection_test.go | 3 +- ...tc000230_drift_detection_only_mode_test.go | 6 +- ...41_auto_approve_with_health_checks_test.go | 3 +- .../tc000242_bad_health_checks_test.go | 5 +- controllers/tc000260_runner_pod_test.go | 3 +- controllers/tc000280_inventory_test.go | 3 +- controllers/terraform_controller.go | 73 +++++++++++++++---- 15 files changed, 94 insertions(+), 32 deletions(-) diff --git a/controllers/tc000020_with_backend_no_outputs_test.go b/controllers/tc000020_with_backend_no_outputs_test.go index fb92b9616..43f7c637b 100644 --- a/controllers/tc000020_with_backend_no_outputs_test.go +++ b/controllers/tc000020_with_backend_no_outputs_test.go @@ -86,6 +86,7 @@ func Test_000020_with_backend_no_outputs_test(t *testing.T) { Given("a Terraform resource with auto approve, backend configured, attached to the given GitRepository.") By("creating a new TF resource and attaching to the repo via `sourceRef`.") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -95,7 +96,7 @@ func Test_000020_with_backend_no_outputs_test(t *testing.T) { ApprovePlan: "auto", BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, Path: "./terraform-hello-world-example", diff --git a/controllers/tc000052_plan_and_manual_approve_with_files_test.go b/controllers/tc000052_plan_and_manual_approve_with_files_test.go index 6a14701e4..0a85a12c7 100644 --- a/controllers/tc000052_plan_and_manual_approve_with_files_test.go +++ b/controllers/tc000052_plan_and_manual_approve_with_files_test.go @@ -1,9 +1,10 @@ package controllers import ( - "github.com/weaveworks/tf-controller/utils" "testing" + "github.com/weaveworks/tf-controller/utils" + sourcev1 "github.com/fluxcd/source-controller/api/v1beta1" . "github.com/onsi/gomega" infrav1 "github.com/weaveworks/tf-controller/api/v1alpha1" @@ -91,6 +92,7 @@ func Test_000052_plan_and_manual_approve_with_files_test(t *testing.T) { Given("a Terraform resource with manual approval, attached to the given GitRepository resource") By("creating a new TF resource without specifying the .spec.approvePlan field.") By("attaching the TF resource to the repo via `sourceRef`.") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -99,7 +101,7 @@ func Test_000052_plan_and_manual_approve_with_files_test(t *testing.T) { Spec: infrav1.TerraformSpec{ BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, // Note that we do not specify the `ApprovePlan` field diff --git a/controllers/tc000121_destroy_on_delete_test.go b/controllers/tc000121_destroy_on_delete_test.go index 1356f12f4..3b96e7e37 100644 --- a/controllers/tc000121_destroy_on_delete_test.go +++ b/controllers/tc000121_destroy_on_delete_test.go @@ -82,6 +82,7 @@ func Test_000121_destroy_on_delete_test(t *testing.T) { Given("a Terraform object with auto approve, and attaching it to the GitRepository object") By("creating a new TF resource and attaching to the repo via sourceRef") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -90,7 +91,7 @@ func Test_000121_destroy_on_delete_test(t *testing.T) { Spec: infrav1.TerraformSpec{ BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, ApprovePlan: "auto", diff --git a/controllers/tc000130_destroy_no_outputs_test.go b/controllers/tc000130_destroy_no_outputs_test.go index 5aae0dd51..d746512ac 100644 --- a/controllers/tc000130_destroy_no_outputs_test.go +++ b/controllers/tc000130_destroy_no_outputs_test.go @@ -83,6 +83,7 @@ func Test_000130_destroy_no_outputs_test(t *testing.T) { Given("a Terraform object with auto approve, and attaching it to the GitRepository object") By("creating a new TF resource and attaching to the repo via sourceRef") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -91,7 +92,7 @@ func Test_000130_destroy_no_outputs_test(t *testing.T) { Spec: infrav1.TerraformSpec{ BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, ApprovePlan: "auto", diff --git a/controllers/tc000140_auto_applied_should_tx_to_plan_then_apply_when_drift_detected_test.go b/controllers/tc000140_auto_applied_should_tx_to_plan_then_apply_when_drift_detected_test.go index fe43f87f8..f570c582b 100644 --- a/controllers/tc000140_auto_applied_should_tx_to_plan_then_apply_when_drift_detected_test.go +++ b/controllers/tc000140_auto_applied_should_tx_to_plan_then_apply_when_drift_detected_test.go @@ -77,6 +77,7 @@ func Test_000140_auto_applied_resource_should_transit_to_plan_then_apply_when_dr Given("a Terraform object with auto approve, and attaching it to the GitRepository object") By("creating a new TF resource and attaching to the repo via sourceRef") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -85,7 +86,7 @@ func Test_000140_auto_applied_resource_should_transit_to_plan_then_apply_when_dr Spec: infrav1.TerraformSpec{ BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, ApprovePlan: "auto", diff --git a/controllers/tc000150_manual_apply_should_report_and_loop_when_drift_detected_test.go b/controllers/tc000150_manual_apply_should_report_and_loop_when_drift_detected_test.go index 0af3ee44e..4a75d6a01 100644 --- a/controllers/tc000150_manual_apply_should_report_and_loop_when_drift_detected_test.go +++ b/controllers/tc000150_manual_apply_should_report_and_loop_when_drift_detected_test.go @@ -78,6 +78,7 @@ func Test_000150_manual_apply_should_report_and_loop_when_drift_detected_test(t Given("a Terraform object with auto approve, and attaching it to the GitRepository object") By("creating a new TF resource and attaching to the repo via sourceRef") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -86,7 +87,7 @@ func Test_000150_manual_apply_should_report_and_loop_when_drift_detected_test(t Spec: infrav1.TerraformSpec{ BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, ApprovePlan: "", diff --git a/controllers/tc000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_test.go b/controllers/tc000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_test.go index 7fb333b1f..e67c87d85 100644 --- a/controllers/tc000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_test.go +++ b/controllers/tc000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_test.go @@ -91,6 +91,7 @@ func Test_000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_te Given("a Terraform resource with auto approve, attached to the given GitRepository resource.") By("creating a new TF resource and attaching to the repo via `sourceRef`.") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -101,7 +102,7 @@ func Test_000160_auto_applied_should_tx_to_plan_when_unrelated_source_changed_te Path: "./tf-k8s-configmap", BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, SourceRef: infrav1.CrossNamespaceSourceReference{ diff --git a/controllers/tc000170_if_apply_error_we_should_delete_the_plan_and_start_over_test.go b/controllers/tc000170_if_apply_error_we_should_delete_the_plan_and_start_over_test.go index 4a76edfe8..efb09c695 100644 --- a/controllers/tc000170_if_apply_error_we_should_delete_the_plan_and_start_over_test.go +++ b/controllers/tc000170_if_apply_error_we_should_delete_the_plan_and_start_over_test.go @@ -2,10 +2,11 @@ package controllers import ( "context" - "github.com/weaveworks/tf-controller/utils" "testing" "time" + "github.com/weaveworks/tf-controller/utils" + . "github.com/onsi/gomega" sourcev1 "github.com/fluxcd/source-controller/api/v1beta1" @@ -88,6 +89,7 @@ func Test_000170_if_apply_error_the_plan_should_be_deleted_and_start_over_test(t Given("a Terraform resource with auto approve, attached to the given GitRepository resource.") By("creating a new TF resource and attaching to the repo via `sourceRef`.") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -99,7 +101,7 @@ func Test_000170_if_apply_error_the_plan_should_be_deleted_and_start_over_test(t Interval: metav1.Duration{Duration: 5 * time.Second}, BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, SourceRef: infrav1.CrossNamespaceSourceReference{ diff --git a/controllers/tc000201_auto_approve_with_disabled_drift_detection_test.go b/controllers/tc000201_auto_approve_with_disabled_drift_detection_test.go index 698f8c14d..4db22158c 100644 --- a/controllers/tc000201_auto_approve_with_disabled_drift_detection_test.go +++ b/controllers/tc000201_auto_approve_with_disabled_drift_detection_test.go @@ -77,6 +77,7 @@ func Test_000201_auto_approve_with_disabled_drift_detection(t *testing.T) { testEnvKubeConfigPath, err := findKubeConfig(testEnv) g.Expect(err).Should(BeNil()) + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -89,7 +90,7 @@ func Test_000201_auto_approve_with_disabled_drift_detection(t *testing.T) { Path: "./terraform-hello-world-example", BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, SourceRef: infrav1.CrossNamespaceSourceReference{ diff --git a/controllers/tc000230_drift_detection_only_mode_test.go b/controllers/tc000230_drift_detection_only_mode_test.go index 178eca258..89ab195eb 100644 --- a/controllers/tc000230_drift_detection_only_mode_test.go +++ b/controllers/tc000230_drift_detection_only_mode_test.go @@ -2,10 +2,11 @@ package controllers import ( "context" - "github.com/weaveworks/tf-controller/utils" "testing" "time" + "github.com/weaveworks/tf-controller/utils" + . "github.com/onsi/gomega" sourcev1 "github.com/fluxcd/source-controller/api/v1beta1" @@ -82,6 +83,7 @@ func Test_000230_drift_detection_only_mode(t *testing.T) { testEnvKubeConfigPath, err := findKubeConfig(testEnv) g.Expect(err).Should(BeNil()) + inClusterConfig := false testTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -90,7 +92,7 @@ func Test_000230_drift_detection_only_mode(t *testing.T) { Spec: infrav1.TerraformSpec{ BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, ApprovePlan: infrav1.ApprovePlanAutoValue, diff --git a/controllers/tc000241_auto_approve_with_health_checks_test.go b/controllers/tc000241_auto_approve_with_health_checks_test.go index ad4aa1253..6ead2857a 100644 --- a/controllers/tc000241_auto_approve_with_health_checks_test.go +++ b/controllers/tc000241_auto_approve_with_health_checks_test.go @@ -80,6 +80,7 @@ func Test_000241_auto_approve_with_health_checks_test(t *testing.T) { testEnvKubeConfigPath, err := findKubeConfig(testEnv) g.Expect(err).Should(BeNil()) + inClusterConfig := false healthCheckTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -91,7 +92,7 @@ func Test_000241_auto_approve_with_health_checks_test(t *testing.T) { Path: "./tf-health-check-example", BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, SourceRef: infrav1.CrossNamespaceSourceReference{ diff --git a/controllers/tc000242_bad_health_checks_test.go b/controllers/tc000242_bad_health_checks_test.go index e49170b09..879b3a9f4 100644 --- a/controllers/tc000242_bad_health_checks_test.go +++ b/controllers/tc000242_bad_health_checks_test.go @@ -76,6 +76,7 @@ func Test_000242_bad_healt_checks_test(t *testing.T) { testEnvKubeConfigPath, err := findKubeConfig(testEnv) g.Expect(err).Should(BeNil()) + inClusterConfig := false healthCheckTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -87,7 +88,7 @@ func Test_000242_bad_healt_checks_test(t *testing.T) { Path: "./tf-health-check-example", BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, SourceRef: infrav1.CrossNamespaceSourceReference{ @@ -151,7 +152,7 @@ func Test_000242_bad_healt_checks_test(t *testing.T) { Path: "./tf-health-check-example", BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName + "2", - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, SourceRef: infrav1.CrossNamespaceSourceReference{ diff --git a/controllers/tc000260_runner_pod_test.go b/controllers/tc000260_runner_pod_test.go index 8989281ff..79b587c88 100644 --- a/controllers/tc000260_runner_pod_test.go +++ b/controllers/tc000260_runner_pod_test.go @@ -423,6 +423,7 @@ func Test_000260_runner_pod_test_env_vars_proxy_output(t *testing.T) { By("creating a new TF resource and attaching to the repo via `sourceRef`.") By("specifying the .spec.writeOutputsToSecret.") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -432,7 +433,7 @@ func Test_000260_runner_pod_test_env_vars_proxy_output(t *testing.T) { ApprovePlan: "auto", BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, Path: "./terraform-envvar-variable-output", diff --git a/controllers/tc000280_inventory_test.go b/controllers/tc000280_inventory_test.go index 5d3054fc0..e0cd25b10 100644 --- a/controllers/tc000280_inventory_test.go +++ b/controllers/tc000280_inventory_test.go @@ -79,6 +79,7 @@ func Test_000280_inventory_test(t *testing.T) { Given("a Terraform object with auto approve, and attaching it to the GitRepository object") By("creating a new TF resource and attaching to the repo via sourceRef") + inClusterConfig := false helloWorldTF := infrav1.Terraform{ ObjectMeta: metav1.ObjectMeta{ Name: terraformName, @@ -87,7 +88,7 @@ func Test_000280_inventory_test(t *testing.T) { Spec: infrav1.TerraformSpec{ BackendConfig: &infrav1.BackendConfigSpec{ SecretSuffix: terraformName, - InClusterConfig: false, + InClusterConfig: &inClusterConfig, ConfigPath: testEnvKubeConfigPath, }, ApprovePlan: "auto", diff --git a/controllers/terraform_controller.go b/controllers/terraform_controller.go index 8f91a4409..2b7e6c164 100644 --- a/controllers/terraform_controller.go +++ b/controllers/terraform_controller.go @@ -641,30 +641,64 @@ func (r *TerraformReconciler) setupTerraform(ctx context.Context, runnerClient r workingDir := uploadAndExtractReply.WorkingDir tmpDir = uploadAndExtractReply.TmpDir - var backendConfig string + // Set the backendConfig assuming it is going to be disabled + var backendConfig string = ` +terraform { + backend "local" { } +} +` + // This variable is going to be used to force unlock the state if it is locked + forceUnlockID := "" + // Check if we want to Disable the K8S backend via an envvar DisableTFK8SBackend := os.Getenv("DISABLE_TF_K8S_BACKEND") == "1" + // Do we have a manually configured backend if terraform.Spec.BackendConfig != nil { - backendConfig = fmt.Sprintf(` + // Is the backend still enabled + if !terraform.Spec.BackendConfig.Disable { + // If we have an lock id we want to force unlock the state + if terraform.Spec.BackendConfig.State != nil { + if terraform.Spec.BackendConfig.State.ForceUnlock != "" { + forceUnlockID = terraform.Spec.BackendConfig.State.ForceUnlock + } + } + + // Set a default suffix if it is not set + if terraform.Spec.BackendConfig.SecretSuffix == "" { + terraform.Spec.BackendConfig.SecretSuffix = terraform.Name + } + + // Default to true if InClusterConfig is not set + if terraform.Spec.BackendConfig.InClusterConfig == nil { + icc := true + terraform.Spec.BackendConfig.InClusterConfig = &icc + } + + // The config path is only required if we're not setting up an InClusterConfig + configPath := "" + + // If it's not empty then we want to create the string that will be dropped into the config + if terraform.Spec.BackendConfig.ConfigPath != "" { + configPath = fmt.Sprintf("\n config_path = \"%s\"", terraform.Spec.BackendConfig.ConfigPath) + } + + // Setup the config, note the %v and %s together for in_cluster_config + backendConfig = fmt.Sprintf(` terraform { backend "kubernetes" { secret_suffix = "%s" - in_cluster_config = %v - config_path = "%s" + in_cluster_config = %v%s namespace = "%s" } } `, - terraform.Spec.BackendConfig.SecretSuffix, - terraform.Spec.BackendConfig.InClusterConfig, - terraform.Spec.BackendConfig.ConfigPath, - terraform.Namespace) - } else if DisableTFK8SBackend && terraform.Spec.BackendConfig == nil { - backendConfig = ` -terraform { - backend "local" { } -}` - } else if terraform.Spec.BackendConfig == nil { + terraform.Spec.BackendConfig.SecretSuffix, + terraform.Spec.BackendConfig.InClusterConfig, + configPath, + terraform.Namespace) + } + // This else should only be hit if we don't disable the backend via the envvar above + } else if !DisableTFK8SBackend { // TODO must be tested in cluster only backendConfig = fmt.Sprintf(` terraform { @@ -677,6 +711,17 @@ terraform { `, terraform.Name, terraform.Namespace) } + // If we have a lock id need to force unlock it + if forceUnlockID != "" { + _, err := runnerClient.ForceUnlock(context.Background(), &runner.ForceUnlockRequest{ + LockIdentifier: forceUnlockID, + }) + + if err != nil { + return terraform, tfInstance, tmpDir, err + } + } + if r.backendCompletelyDisable(terraform) { log.Info("BackendConfig is completely disabled") } else {