PSS: Fix use of reattached providers in init, enable use of reattached providers during plan-apply workflow#38182
Conversation
…ning to initialise a state store for use in a non-init command. Previously we passed all required providers into backend options to be used within `stateStoreConfig`, which is invoked via (Meta).Backend. The new approach enforces that the provider is present while assembling the backend options passed to (Meta).Backend from (Meta).backend, which is non-init specific. As this code is defending against users running non-init commands before an init, this place feels appropriate and isn't able to impact the init command.
…, and an empty locks file is only bad if there isn't a reattached PSS provider
…s when generating a plan file
… a workflow of init, plan with -out, and apply.
…ing called as the state storage provider isn't the provider used for resource management here
…ched providers could cause issues
| t.Run("the error isn't shown if the provider is supplied through reattach config", func(t *testing.T) { | ||
| t.Skip("This is implemented as an E2E test: TestPrimary_stateStore_Unmanaged_SeparatePlan") | ||
| }) |
There was a problem hiding this comment.
I could replace this with a code comment but my intention here was to try and create something more eye catching, or something that a person skimming test cases would see more easily.
| // | ||
| // Remember, the (Meta).backend method is used for non-init commands, so we expect dependency locks | ||
| // to be present or for the provider to be otherwise available, e.g. via reattach config. | ||
| depsDiags := root.StateStore.VerifyDependencySelection(locks, root.ProviderRequirements) |
There was a problem hiding this comment.
Nice, I haven't thought of doing the verification this early in my previous PR! Great to avoid all that plumbing that way. 👍🏻
radeksimko
left a comment
There was a problem hiding this comment.
I think the wording in the failing test may need updating.
Also you might want to preventatively rebase the PR after the copyright header changes. Otherwise I think the PR is aok and happy to approve.
|
Thanks for taking a look! That test failure should be resolved now - I've enabled auto-merge (and cleaned up the commit details in there 🙈 ) |
Fixes an issue where a reattached provider was no longer able to be used with PSS.
This PR:
Target Release
N/A
Rollback Plan
Changes to Security Controls
Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.
CHANGELOG entry