Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

builtin/providers/terraform: Disable remote state file version checks #26692

Merged
merged 4 commits into from
Nov 4, 2020
Merged

builtin/providers/terraform: Disable remote state file version checks #26692

merged 4 commits into from
Nov 4, 2020

Commits on Oct 26, 2020

  1. states: Extract version check logic from read 

    Instead of always checking the Terraform version associated with a state
file when reading it, we add a CheckTerraformVersion method and call it
from locations where we care about enforcing this check.

For this commit, the check has been retained at all call sites for
states/statefile.Read, with these exceptions:

- Unit tests, which shouldn't care about the state file version;
- E2E test runner which should always be using valid state files;
- terraform.ShimLegacyState, where the check is pointless as the state
  file was just created by the current Terraform version.
    @alisdair
    alisdair committed Oct 26, 2020
    Configuration menu
    Copy the full SHA
    ff73826 View commit details
    Browse the repository at this point in the history

  2. states: RefreshStateWithoutCheckVersion 

    Add RefreshStateWithoutCheckVersion method to the statemgr.Persistent
interface, allowing callers to refresh state from the backend without
raising errors if the state's Terraform version is thought to be
not fully compatible.

This enables use cases where we can be extremely confident that any
state file we can read is suitable, such as the Terraform provider's
remote state data source, which only reads outputs.
    @alisdair
    alisdair committed Oct 26, 2020
    Configuration menu
    Copy the full SHA
    06af227 View commit details
    Browse the repository at this point in the history

  3. backend: StateMgrWithoutCheckVersion 

    Allow users of backends to initialize a state manager instance without
checking the Terraform version of any state files which are retrieved
during this process. Many backends call RefreshState as part of
initialization, and this new method instead calls the new
RefreshStateWithoutCheckVersion method to prevent version checking.
    @alisdair
    alisdair committed Oct 26, 2020
    Configuration menu
    Copy the full SHA
    c8d7515 View commit details
    Browse the repository at this point in the history

  4. builtin: Disable Terraform provider version checks 

    The builtin Terraform provider's remote state data source uses a
configured backend to fetch a given state, in order to allow access to
its root module outputs. Until this commit, this was only possible
with remote states which are from the current Terraform version or
older, forcing multi-state users to carefully orchestrate Terraform
upgrades.

Building on previous commits in this branch, we now disable this version
check, and allow any Terraform state file that the current Terraform
version can parse. Since we are only ever accessing root module outputs,
this is very likely to be safe for the foreseeable future.
    @alisdair
    alisdair committed Oct 26, 2020
    Configuration menu
    Copy the full SHA
    7c905c5 View commit details
    Browse the repository at this point in the history