mirror of
https://github.com/opentffoundation/opentf.git
synced 2026-03-20 13:01:28 -04:00
328 lines
11 KiB
Go
328 lines
11 KiB
Go
// Copyright (c) The OpenTofu Authors
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
// Copyright (c) 2023 HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package command
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/mitchellh/cli"
|
|
"github.com/opentofu/opentofu/internal/addrs"
|
|
"github.com/opentofu/opentofu/internal/command/arguments"
|
|
"github.com/opentofu/opentofu/internal/command/clistate"
|
|
"github.com/opentofu/opentofu/internal/command/flags"
|
|
"github.com/opentofu/opentofu/internal/command/views"
|
|
"github.com/opentofu/opentofu/internal/states"
|
|
"github.com/opentofu/opentofu/internal/tfdiags"
|
|
"github.com/opentofu/opentofu/internal/tofu"
|
|
)
|
|
|
|
// TaintCommand is a cli.Command implementation that manually taints
|
|
// a resource, marking it for recreation.
|
|
type TaintCommand struct {
|
|
Meta
|
|
}
|
|
|
|
func (c *TaintCommand) Run(rawArgs []string) int {
|
|
ctx := c.CommandContext()
|
|
|
|
// new view
|
|
common, rawArgs := arguments.ParseView(rawArgs)
|
|
c.View.Configure(common)
|
|
// Because the legacy UI was using println to show diagnostics and the new view is using, by default, print,
|
|
// in order to keep functional parity, we setup the view to add a new line after each diagnostic.
|
|
c.View.DiagsWithNewline()
|
|
|
|
// Propagate -no-color for legacy use of Ui. The remote backend and
|
|
// cloud package use this; it should be removed when/if they are
|
|
// migrated to views.
|
|
c.Meta.color = !common.NoColor
|
|
c.Meta.Color = c.Meta.color
|
|
|
|
// Parse and validate flags
|
|
args, closer, diags := arguments.ParseTaint(true, rawArgs)
|
|
defer closer()
|
|
// TODO meta-refactor: move these values to their right place once it's clear how to propagate their values to
|
|
// the functionality that is using these.
|
|
c.Meta.backupPath = args.State.BackupPath
|
|
c.Meta.stateLock = args.State.Lock
|
|
c.Meta.stateLockTimeout = args.State.LockTimeout
|
|
c.Meta.statePath = args.State.StatePath
|
|
c.Meta.stateOutPath = args.State.StateOutPath
|
|
|
|
// Instantiate the view, even if there are flag errors, so that we render
|
|
// diagnostics according to the desired view
|
|
view := views.NewTaint(args.ViewOptions, c.View)
|
|
// ... and initialise the Meta.Ui to wrap Meta.View into a new implementation
|
|
// that is able to print by using View abstraction and use the Meta.Ui
|
|
// to ask for the user input.
|
|
c.Meta.configureUiFromView(args.ViewOptions)
|
|
|
|
if diags.HasErrors() {
|
|
view.Diagnostics(diags)
|
|
return cli.RunResultHelp
|
|
}
|
|
c.GatherVariables(args.Vars)
|
|
addr := args.TargetAddress
|
|
|
|
if diags := c.Meta.checkRequiredVersion(ctx); diags != nil {
|
|
view.Diagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
// Load the encryption configuration
|
|
enc, encDiags := c.Encryption(ctx)
|
|
if encDiags.HasErrors() {
|
|
view.Diagnostics(encDiags)
|
|
return 1
|
|
}
|
|
|
|
// Load the backend
|
|
b, backendDiags := c.Backend(ctx, nil, enc.State())
|
|
diags = diags.Append(backendDiags)
|
|
if backendDiags.HasErrors() {
|
|
view.Diagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
// Determine the workspace name
|
|
workspace, err := c.Workspace(ctx)
|
|
if err != nil {
|
|
view.Diagnostics(diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Error selecting the current workspace name",
|
|
fmt.Sprintf("Failed to select the current workspace: %s", err),
|
|
)))
|
|
return 1
|
|
}
|
|
|
|
// Check remote OpenTofu version is compatible
|
|
remoteVersionDiags := c.remoteVersionCheck(b, workspace)
|
|
diags = diags.Append(remoteVersionDiags)
|
|
view.Diagnostics(diags)
|
|
if diags.HasErrors() {
|
|
return 1
|
|
}
|
|
// since we already printed the diagnostics above, we can discard the possible warnings
|
|
diags = tfdiags.Diagnostics{}
|
|
|
|
// Get the state
|
|
stateMgr, err := b.StateMgr(ctx, workspace)
|
|
if err != nil {
|
|
view.Diagnostics(diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Error loading the state",
|
|
fmt.Sprintf("Failed to load the state: %s", err),
|
|
)))
|
|
return 1
|
|
}
|
|
|
|
if c.stateLock {
|
|
stateLocker := clistate.NewLocker(c.stateLockTimeout, views.NewStateLocker(args.ViewOptions, c.View))
|
|
if diags := stateLocker.Lock(stateMgr, "taint"); diags.HasErrors() {
|
|
view.Diagnostics(diags)
|
|
return 1
|
|
}
|
|
defer func() {
|
|
if diags := stateLocker.Unlock(); diags.HasErrors() {
|
|
view.Diagnostics(diags)
|
|
}
|
|
}()
|
|
}
|
|
|
|
if err := stateMgr.RefreshState(context.TODO()); err != nil {
|
|
view.Diagnostics(diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Error refreshing the state",
|
|
fmt.Sprintf("Failed to refresh the state: %s", err),
|
|
)))
|
|
return 1
|
|
}
|
|
|
|
// Get the actual state structure
|
|
state := stateMgr.State()
|
|
if state.Empty() {
|
|
if args.AllowMissing {
|
|
return c.allowMissingExit(addr, view)
|
|
}
|
|
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"No such resource instance",
|
|
"The state currently contains no resource instances whatsoever. This may occur if the configuration has never been applied or if it has recently been destroyed.",
|
|
))
|
|
view.Diagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
// Get schemas, if possible, before writing state
|
|
var schemas *tofu.Schemas
|
|
if isCloudMode(b) {
|
|
var schemaDiags tfdiags.Diagnostics
|
|
schemas, schemaDiags = c.MaybeGetSchemas(ctx, state, nil)
|
|
diags = diags.Append(schemaDiags)
|
|
}
|
|
|
|
ss := state.SyncWrapper()
|
|
|
|
// Get the resource and instance we're going to taint
|
|
rs := ss.Resource(addr.ContainingResource())
|
|
is := ss.ResourceInstance(addr)
|
|
if is == nil {
|
|
if args.AllowMissing {
|
|
return c.allowMissingExit(addr, view)
|
|
}
|
|
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"No such resource instance",
|
|
fmt.Sprintf("There is no resource instance in the state with the address %s. If the resource configuration has just been added, you must run \"tofu apply\" once to create the corresponding instance(s) before they can be tainted.", addr),
|
|
))
|
|
view.Diagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
obj := is.Current
|
|
if obj == nil {
|
|
if len(is.Deposed) != 0 {
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"No such resource instance",
|
|
fmt.Sprintf("Resource instance %s is currently part-way through a create_before_destroy replacement action. Run \"tofu apply\" to complete its replacement before tainting it.", addr),
|
|
))
|
|
} else {
|
|
// Don't know why we're here, but we'll produce a generic error message anyway.
|
|
diags = diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"No such resource instance",
|
|
fmt.Sprintf("Resource instance %s does not currently have a remote object associated with it, so it cannot be tainted.", addr),
|
|
))
|
|
}
|
|
view.Diagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
obj.Status = states.ObjectTainted
|
|
ss.SetResourceInstanceCurrent(addr, obj, rs.ProviderConfig, is.ProviderKey)
|
|
|
|
if err := stateMgr.WriteState(state); err != nil {
|
|
view.Diagnostics(diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Error writing state file",
|
|
fmt.Sprintf("Failed writing the new state: %s", err),
|
|
)))
|
|
return 1
|
|
}
|
|
if err := stateMgr.PersistState(context.TODO(), schemas); err != nil {
|
|
view.Diagnostics(diags.Append(tfdiags.Sourceless(
|
|
tfdiags.Error,
|
|
"Error writing state file",
|
|
fmt.Sprintf("Failed to persist the new state: %s", err),
|
|
)))
|
|
return 1
|
|
}
|
|
|
|
view.Diagnostics(diags)
|
|
view.TaintedSuccessfully(addr)
|
|
return 0
|
|
}
|
|
|
|
func (c *TaintCommand) Help() string {
|
|
helpText := `
|
|
Usage: tofu [global options] taint [options] <address>
|
|
|
|
OpenTofu uses the term "tainted" to describe a resource instance
|
|
which may not be fully functional, either because its creation
|
|
partially failed or because you've manually marked it as such using
|
|
this command.
|
|
|
|
This will not modify your infrastructure directly, but subsequent
|
|
OpenTofu plans will include actions to destroy the remote object
|
|
and create a new object to replace it.
|
|
|
|
You can remove the "taint" state from a resource instance using
|
|
the "tofu untaint" command.
|
|
|
|
The address is in the usual resource address syntax, such as:
|
|
aws_instance.foo
|
|
aws_instance.bar[1]
|
|
module.foo.module.bar.aws_instance.baz
|
|
|
|
Use your shell's quoting or escaping syntax to ensure that the
|
|
address will reach OpenTofu correctly, without any special
|
|
interpretation.
|
|
|
|
Options:
|
|
|
|
-allow-missing If specified, the command will succeed (exit code 0)
|
|
even if the resource is missing.
|
|
|
|
-lock=false Don't hold a state lock during the operation. This is
|
|
dangerous if others might concurrently run commands
|
|
against the same workspace.
|
|
|
|
-lock-timeout=0s Duration to retry a state lock.
|
|
|
|
-ignore-remote-version A rare option used for the remote backend only. See
|
|
the remote backend documentation for more information.
|
|
|
|
-var 'foo=bar' Set a value for one of the input variables in the root
|
|
module of the configuration. Use this option more than
|
|
once to set more than one variable.
|
|
|
|
-var-file=filename Load variable values from the given file, in addition
|
|
to the default files terraform.tfvars and *.auto.tfvars.
|
|
Use this option more than once to include more than one
|
|
variables file.
|
|
|
|
-json Produce output in a machine-readable JSON format,
|
|
suitable for use in text editor integrations and other
|
|
automated systems. Always disables color.
|
|
|
|
-json-into=out.json Produce the same output as -json, but sent directly
|
|
to the given file. This allows automation to preserve
|
|
the original human-readable output streams, while
|
|
capturing more detailed logs for machine analysis.
|
|
|
|
-state, state-out, and -backup are legacy options supported for the local
|
|
backend only. For more information, see the local backend's documentation.
|
|
|
|
`
|
|
return strings.TrimSpace(helpText)
|
|
}
|
|
|
|
func (c *TaintCommand) Synopsis() string {
|
|
return "Mark a resource instance as not fully functional"
|
|
}
|
|
|
|
func (c *TaintCommand) allowMissingExit(name addrs.AbsResourceInstance, view views.Taint) int {
|
|
view.Diagnostics(tfdiags.Diagnostics{}.Append(tfdiags.Sourceless(
|
|
tfdiags.Warning,
|
|
"No such resource instance",
|
|
fmt.Sprintf("Resource instance %s was not found, but this is not an error because -allow-missing was set.", name),
|
|
)))
|
|
return 0
|
|
}
|
|
|
|
// TODO meta-refactor: move this to arguments once all commands are using the same shim logic
|
|
func (c *TaintCommand) GatherVariables(args *arguments.Vars) {
|
|
// FIXME the arguments package currently trivially gathers variable related
|
|
// arguments in a heterogeneous slice, in order to minimize the number of
|
|
// code paths gathering variables during the transition to this structure.
|
|
// Once all commands that gather variables have been converted to this
|
|
// structure, we could move the variable gathering code to the arguments
|
|
// package directly, removing this shim layer.
|
|
|
|
varArgs := args.All()
|
|
items := make([]flags.RawFlag, len(varArgs))
|
|
for i := range varArgs {
|
|
items[i].Name = varArgs[i].Name
|
|
items[i].Value = varArgs[i].Value
|
|
}
|
|
c.Meta.variableArgs = flags.RawFlags{Items: &items}
|
|
}
|