-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto-detection of terraform executable & downloading #478
Conversation
This PR fixes #365 |
Also fixes #273 |
Changed the way how this works. There won't be any more parameter as |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am having a couple of concerns with this PR:
No Terraform executables
If there are no terraform executables at all, the feature won't attempt downloading it. Is this intended?
Terraform executable exists
If there is a terraform executable but with wrong version:
Running terraform-compliance resulted with the following output
-
Firstly, error message is wrong, need to use the path of the newly installed terraform executable.
-
In this case, shouldn’t terraform-compliance automatically try to fix the issue by creating the json for me, instead of prompting me to convert the plan manually and run terraform-compliance again?
Running the recommended command with correct terraform executable didn’t immediately convert my plan.out file to json:
The current setup I am testing with only has a plan.out file (and no terraform files or .terraform directory). Was I suppose to terraform init
and setup the correct providers by hand? Or was terraform-compliance supposed to do those automatically as well.
Might need more documentation on how to use this functionality and/or some changes so that there are less steps to be taken by the user to convert the plan to json and run the scenario.
Testing
It would be preferable if we had a testing harness that spins up a few containers and tests this feature.
if 'Could not satisfy plugin requirements' in terraform.stderr: | ||
print('Hint: You can avoid this problem by converting your plan file to a JSON file via running;\n ' | ||
'\n # terraform show -json {} > {}.json' | ||
'\n\n OR' | ||
'\n # terraform init' | ||
'\n\n in {} directory and then pass (with -p) {}.json to terraform-compliance'.format(terraform_plan_file, | ||
terraform_plan_file, | ||
path, | ||
terraform_plan_file)) | ||
|
||
sys.exit(1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should print out the path of the correct executable if it was just downloaded. More about this below above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm this can only happen where a -t
is used and a wrong version is enforced to use while creating the plan, right ? 🤔
In that case, we don't download anything,
The reason why you get the Converting |
Alright. I have misunderstood the use case then. I thought this change would handle everything regarding converting the different version plan.out to a JSON format. The user should still have .terraform directory close to the plan for auto-detection & downloading to work. I have tested this in two setups. Case 1: running a 0.13.0 plan with 0.15.3 (of Terraform)
Case 2: running a 0.15.3 plan with 0.13.0 (of Terraform)
Should this feature be able to handle Case 2 as well? |
You are right it should. Released 1.3.15 without this functionality, will test & improve this PR. |
This PR should also have a signature verification after the download as well. |
@Kudbettin the use case you mentioned is fixed on 04978f0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All my test cases are passing now. Looks good to me!
This PR will introduce new argument for providing a
terraform
version where it will be downloaded on the first run (and then cached). This was a feature request especially for docker users where we always download the latest version in the image.