Skip to content

PSS: Add initial (incomplete) version of code changes to the init command for using pluggable state storage #37321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Jul 18, 2025
Merged

PSS: Add initial (incomplete) version of code changes to the init command for using pluggable state storage #37321

merged 22 commits into from
Jul 18, 2025

Conversation

SarahFrench
Copy link
Member

@SarahFrench SarahFrench commented Jul 11, 2025
edited
Loading

(Stacked on top of #37278)

Context

This PR updates backend-related code that is hit by all Terraform commands that use a backend.

The Meta struct's Backend method is used in most if not all Terraform commands. This method returns an operations backend that's used to run a given operation/command.

That method invokes Meta's backendFromConfig method, which uses the current configuration and the backend state file to either:

  • Return a configured backend.Backend (all commands)
  • Identify that the current command needs to stop and the user needs to be prompted to run an init command
  • Perform init command logic to navigate initialising a backend/state store/etc for the first time, or handle changes to how a working directory has state storage configured (e.g. reconfiguring or migrating state).

This code performs all these functions, and what it does is impacted by:

  • If the operations backend is told via BackendOpts that it is performing an init command (opt.Init set to true)
  • The current configuration
  • The backend state file contents
  • Other bits, like init-specific CLI flags.

This PR

This PR mostly updates code in internal/command/meta_backend.go to handle the increasing number of possible combinations of prior state (backend state files) and current state (configuration) of a working directory. These different scenarios are handled in a large switch statement in backendFromConfig that invokes scenario-specific logic implemented in separate methods.

This PR adds new cases to that switch statement that are mostly empty and have no scenario-specific logic implemented. Instead, there are tests that assert that when a working directory's state resembles a given scenario then the corresponding case is invoked.

Target Release

1.14.x

Rollback Plan

  • If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@SarahFrench SarahFrench added the no-changelog-needed Add this to your PR if the change does not require a changelog entry label Jul 11, 2025
@SarahFrench SarahFrench changed the base branch from main to pss/hash-of-state-store-block July 11, 2025 14:54
@SarahFrench SarahFrench force-pushed the pss/enable-init-of-new-pss-workingdir branch 2 times, most recently from abf3b49 to 072096d Compare July 11, 2025 15:06
SarahFrench
SarahFrench commented Jul 11, 2025
View reviewed changes
internal/command/meta_backend.go
Comment on lines +632 to 649
if opts.StateStoreConfig != nil {
// state store has been parsed from config and is included in opts
var ssDiags tfdiags.Diagnostics
stateStoreConfig, cHash, _, ssDiags = m.stateStoreConfig(opts)
diags = diags.Append(ssDiags)
if ssDiags.HasErrors() {
return nil, diags
}
} else {
// backend config may or may not have been parsed and included in opts,
// or may not exist in config at all (default/implied local backend)
var beDiags tfdiags.Diagnostics
backendConfig, cHash, beDiags = m.backendConfig(opts)
diags = diags.Append(beDiags)
if beDiags.HasErrors() {
return nil, diags
}
}
Copy link
Member Author

@SarahFrench SarahFrench Jul 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A nuance worth highlighting is in this section is that m.stateStoreConfig(opts) behaves a bit differently to m.backendConfig(opts)

What's different: backendConfig will re-parse the config to look for a backend block if opts.BackendConfig is nil. In stateStoreConfig there is no re-parsing; it assumes that the calling code has already parsed the configuration in the module correctly and that any state_store config will be represented in opts.

What's similar: these two methods both combine config with override config (-backend-config CLI flag values) and do some high-level validation of the config. E.g. backendConfig checks that the backend type exists, and stateStoreConfig checks that the PSS is present in the state storage provider.

Base automatically changed from pss/hash-of-state-store-block to main July 14, 2025 12:52
SarahFrench added 14 commits July 14, 2025 13:54
@SarahFrench
Store the FQN of the provider used in PSS in representations of the p…
a758e30 
…arsed config.

This can only be done once modules have been parsed and the required providers data is available. There are multiple places where config is parsed, into either Config or Module structs, so this needs to be implemented in multiple places.
@SarahFrench
Update affected tests, improve error diagnostic
ce84718
@SarahFrench
Begin enabling method to return a backend.Backend made using state_st…
7323ab0 
…ore config.

State store config can now be received via BackendOpts and there is rough validation of whether the config makes sense (does the provider offer a store with the given name?).
@SarahFrench
Update code's logic to include possibility of a state store being in use
1d30b5c 
At this point there are no cases that actually handle the state store scenarios though!
@SarahFrench
Add empty cases for handle all broad init scenarios involving PSS
7425707
@SarahFrench
Update default case's error to report state store variables
34ac3cd
@SarahFrench
Improve how we resolve the builtin terraform provider's address
0ccbea8
@SarahFrench
Add test that hits the code path for adding a state store to a new (o…
9ba1c91 
…r implied local) project
@SarahFrench
Add test for use of -reconfigure flag; show that it hits the code p…
8e17bce 
…ath for adding a state store for the first time
@SarahFrench
Add test that hits the code path for removing use of a state store, m…
b73f7b0 
…igrating to (implied) local backend
@SarahFrench
Add test that hits the code path for changing a state store's configu…
b282889 
…ration
@SarahFrench
Update existing test names to be backend-specific
f6016d3
@SarahFrench
Add tests that hits the code path for migrating between PSS and backends
4e86d59
@SarahFrench
Consolidate PSS-related tests at end of the file
81e0862
@SarahFrench SarahFrench force-pushed the pss/enable-init-of-new-pss-workingdir branch from 1e88968 to 81e0862 Compare July 14, 2025 12:54
@SarahFrench SarahFrench marked this pull request as ready for review July 14, 2025 13:04
@SarahFrench SarahFrench requested a review from a team as a code owner July 14, 2025 13:04
@SarahFrench
Copy link
Member Author

I found another test that can be added at this stage, but I think other tests in meta_backend_test.go for backends that don't have an equivalent for state stores should be added in future PRs when the features are being introduced.

@SarahFrench
Copy link
Member Author

I've also realised while working on a stacked PR that this PR would make more sense pulling in commit d06b639, but it would make this PR a lot larger.

I'll avoid cherry-picking it in for now. Without that commit, this PR's code is capable of determining the scenario that the working directory is in, but the code is currently unable to pass data about the state_store configuration block via the BackendOpts/opts struct, or any supplementary data needed to actually do anything PSS-related. However this PR doesn't do anything PSS-related, so I think this is ok to leave for the next PR?

radeksimko
radeksimko previously approved these changes Jul 15, 2025
View reviewed changes
internal/configs/state_store.go
Comment on lines +110 to +114
case !foundReqProviderEntry && stateStore.Provider.Name == "terraform":
// We do not expect users to include built in providers in required_providers
// So, if we don't find an entry in required_providers under local name 'terraform' we assume
// that the builtin provider is intended.
return addrs.NewBuiltInProvider("terraform"), nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Allowing this to be less explicit is aligned with #37234

@SarahFrench SarahFrench requested a review from radeksimko July 15, 2025 11:31
@SarahFrench SarahFrench merged commit d1e412f into main Jul 18, 2025
11 of 12 checks passed
@SarahFrench SarahFrench deleted the pss/enable-init-of-new-pss-workingdir branch July 18, 2025 13:08
@SarahFrench SarahFrench mentioned this pull request Jul 18, 2025
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@radeksimko radeksimko radeksimko approved these changes

Assignees
No one assigned
Labels
no-changelog-needed Add this to your PR if the change does not require a changelog entry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SarahFrench @radeksimko
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy