mirror of
https://github.com/opentffoundation/opentf.git
synced 2025-12-26 03:00:29 -05:00
c5c1f31db3
When using the enhanced remote backend, a subset of all Terraform operations are supported. Of these, only plan and apply can be executed on the remote infrastructure (e.g. Terraform Cloud). Other operations run locally and use the remote backend for state storage. This causes problems when the local version of Terraform does not match the configured version from the remote workspace. If the two versions are incompatible, an `import` or `state mv` operation can cause the remote workspace to be unusable until a manual fix is applied. To prevent this from happening accidentally, this commit introduces a check that the local Terraform version and the configured remote workspace Terraform version are compatible. This check is skipped for commands which do not write state, and can also be disabled by the use of a new command-line flag, `-ignore-remote-version`. Terraform version compatibility is defined as: - For all releases before 0.14.0, local must exactly equal remote, as two different versions cannot share state; - 0.14.0 to 1.0.x are compatible, as we will not change the state version number until at least Terraform 1.1.0; - Versions after 1.1.0 must have the same major and minor versions, as we will not change the state version number in a patch release. If the two versions are incompatible, a diagnostic is displayed, advising that the error can be suppressed with `-ignore-remote-version`. When this flag is used, the diagnostic is still displayed, but as a warning instead of an error. Commands which will not write state can assert this fact by calling the helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the checks. Those which can write state should instead call the helper `meta.remoteBackendVersionCheck`, which will return diagnostics for display. In addition to these explicit paths for managing the version check, we have an implicit check in the remote backend's state manager initialization method. Both of the above helpers will disable this check. This fallback is in place to ensure that future code paths which access state cannot accidentally skip the remote version check.
371 lines
12 KiB
Go
371 lines
12 KiB
Go
package command
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"log"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/hashicorp/hcl/v2"
|
|
"github.com/hashicorp/hcl/v2/hclsyntax"
|
|
|
|
"github.com/hashicorp/terraform/addrs"
|
|
"github.com/hashicorp/terraform/backend"
|
|
"github.com/hashicorp/terraform/configs"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
"github.com/hashicorp/terraform/tfdiags"
|
|
)
|
|
|
|
// ImportCommand is a cli.Command implementation that imports resources
|
|
// into the Terraform state.
|
|
type ImportCommand struct {
|
|
Meta
|
|
}
|
|
|
|
func (c *ImportCommand) Run(args []string) int {
|
|
// Get the pwd since its our default -config flag value
|
|
pwd, err := os.Getwd()
|
|
if err != nil {
|
|
c.Ui.Error(fmt.Sprintf("Error getting pwd: %s", err))
|
|
return 1
|
|
}
|
|
|
|
var configPath string
|
|
args = c.Meta.process(args)
|
|
|
|
cmdFlags := c.Meta.extendedFlagSet("import")
|
|
cmdFlags.BoolVar(&c.ignoreRemoteVersion, "ignore-remote-version", false, "continue even if remote and local Terraform versions differ")
|
|
cmdFlags.IntVar(&c.Meta.parallelism, "parallelism", DefaultParallelism, "parallelism")
|
|
cmdFlags.StringVar(&c.Meta.statePath, "state", "", "path")
|
|
cmdFlags.StringVar(&c.Meta.stateOutPath, "state-out", "", "path")
|
|
cmdFlags.StringVar(&c.Meta.backupPath, "backup", "", "path")
|
|
cmdFlags.StringVar(&configPath, "config", pwd, "path")
|
|
cmdFlags.BoolVar(&c.Meta.stateLock, "lock", true, "lock state")
|
|
cmdFlags.DurationVar(&c.Meta.stateLockTimeout, "lock-timeout", 0, "lock timeout")
|
|
cmdFlags.BoolVar(&c.Meta.allowMissingConfig, "allow-missing-config", false, "allow missing config")
|
|
cmdFlags.Usage = func() { c.Ui.Error(c.Help()) }
|
|
if err := cmdFlags.Parse(args); err != nil {
|
|
return 1
|
|
}
|
|
|
|
args = cmdFlags.Args()
|
|
if len(args) != 2 {
|
|
c.Ui.Error("The import command expects two arguments.")
|
|
cmdFlags.Usage()
|
|
return 1
|
|
}
|
|
|
|
var diags tfdiags.Diagnostics
|
|
|
|
// Parse the provided resource address.
|
|
traversalSrc := []byte(args[0])
|
|
traversal, travDiags := hclsyntax.ParseTraversalAbs(traversalSrc, "<import-address>", hcl.Pos{Line: 1, Column: 1})
|
|
diags = diags.Append(travDiags)
|
|
if travDiags.HasErrors() {
|
|
c.registerSynthConfigSource("<import-address>", traversalSrc) // so we can include a source snippet
|
|
c.showDiagnostics(diags)
|
|
c.Ui.Info(importCommandInvalidAddressReference)
|
|
return 1
|
|
}
|
|
addr, addrDiags := addrs.ParseAbsResourceInstance(traversal)
|
|
diags = diags.Append(addrDiags)
|
|
if addrDiags.HasErrors() {
|
|
c.registerSynthConfigSource("<import-address>", traversalSrc) // so we can include a source snippet
|
|
c.showDiagnostics(diags)
|
|
c.Ui.Info(importCommandInvalidAddressReference)
|
|
return 1
|
|
}
|
|
|
|
if addr.Resource.Resource.Mode != addrs.ManagedResourceMode {
|
|
diags = diags.Append(errors.New("A managed resource address is required. Importing into a data resource is not allowed."))
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
if !c.dirIsConfigPath(configPath) {
|
|
diags = diags.Append(&hcl.Diagnostic{
|
|
Severity: hcl.DiagError,
|
|
Summary: "No Terraform configuration files",
|
|
Detail: fmt.Sprintf(
|
|
"The directory %s does not contain any Terraform configuration files (.tf or .tf.json). To specify a different configuration directory, use the -config=\"...\" command line option.",
|
|
configPath,
|
|
),
|
|
})
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
// Load the full config, so we can verify that the target resource is
|
|
// already configured.
|
|
config, configDiags := c.loadConfig(configPath)
|
|
diags = diags.Append(configDiags)
|
|
if configDiags.HasErrors() {
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
// Verify that the given address points to something that exists in config.
|
|
// This is to reduce the risk that a typo in the resource address will
|
|
// import something that Terraform will want to immediately destroy on
|
|
// the next plan, and generally acts as a reassurance of user intent.
|
|
targetConfig := config.DescendentForInstance(addr.Module)
|
|
if targetConfig == nil {
|
|
modulePath := addr.Module.String()
|
|
diags = diags.Append(&hcl.Diagnostic{
|
|
Severity: hcl.DiagError,
|
|
Summary: "Import to non-existent module",
|
|
Detail: fmt.Sprintf(
|
|
"%s is not defined in the configuration. Please add configuration for this module before importing into it.",
|
|
modulePath,
|
|
),
|
|
})
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
targetMod := targetConfig.Module
|
|
rcs := targetMod.ManagedResources
|
|
var rc *configs.Resource
|
|
resourceRelAddr := addr.Resource.Resource
|
|
for _, thisRc := range rcs {
|
|
if resourceRelAddr.Type == thisRc.Type && resourceRelAddr.Name == thisRc.Name {
|
|
rc = thisRc
|
|
break
|
|
}
|
|
}
|
|
if !c.Meta.allowMissingConfig && rc == nil {
|
|
modulePath := addr.Module.String()
|
|
if modulePath == "" {
|
|
modulePath = "the root module"
|
|
}
|
|
|
|
c.showDiagnostics(diags)
|
|
|
|
// This is not a diagnostic because currently our diagnostics printer
|
|
// doesn't support having a code example in the detail, and there's
|
|
// a code example in this message.
|
|
// TODO: Improve the diagnostics printer so we can use it for this
|
|
// message.
|
|
c.Ui.Error(fmt.Sprintf(
|
|
importCommandMissingResourceFmt,
|
|
addr, modulePath, resourceRelAddr.Type, resourceRelAddr.Name,
|
|
))
|
|
return 1
|
|
}
|
|
|
|
// Check for user-supplied plugin path
|
|
if c.pluginPath, err = c.loadPluginPath(); err != nil {
|
|
c.Ui.Error(fmt.Sprintf("Error loading plugin path: %s", err))
|
|
return 1
|
|
}
|
|
|
|
// Load the backend
|
|
b, backendDiags := c.Backend(&BackendOpts{
|
|
Config: config.Module.Backend,
|
|
})
|
|
diags = diags.Append(backendDiags)
|
|
if backendDiags.HasErrors() {
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
// We require a backend.Local to build a context.
|
|
// This isn't necessarily a "local.Local" backend, which provides local
|
|
// operations, however that is the only current implementation. A
|
|
// "local.Local" backend also doesn't necessarily provide local state, as
|
|
// that may be delegated to a "remotestate.Backend".
|
|
local, ok := b.(backend.Local)
|
|
if !ok {
|
|
c.Ui.Error(ErrUnsupportedLocalOp)
|
|
return 1
|
|
}
|
|
|
|
// Build the operation
|
|
opReq := c.Operation(b)
|
|
opReq.ConfigDir = configPath
|
|
opReq.ConfigLoader, err = c.initConfigLoader()
|
|
if err != nil {
|
|
diags = diags.Append(err)
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
{
|
|
var moreDiags tfdiags.Diagnostics
|
|
opReq.Variables, moreDiags = c.collectVariableValues()
|
|
diags = diags.Append(moreDiags)
|
|
if moreDiags.HasErrors() {
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
}
|
|
|
|
// Check remote Terraform version is compatible
|
|
remoteVersionDiags := c.remoteBackendVersionCheck(b, opReq.Workspace)
|
|
diags = diags.Append(remoteVersionDiags)
|
|
c.showDiagnostics(diags)
|
|
if diags.HasErrors() {
|
|
return 1
|
|
}
|
|
|
|
// Get the context
|
|
ctx, state, ctxDiags := local.Context(opReq)
|
|
diags = diags.Append(ctxDiags)
|
|
if ctxDiags.HasErrors() {
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
// Successfully creating the context can result in a lock, so ensure we release it
|
|
defer func() {
|
|
err := opReq.StateLocker.Unlock(nil)
|
|
if err != nil {
|
|
c.Ui.Error(err.Error())
|
|
}
|
|
}()
|
|
|
|
// Perform the import. Note that as you can see it is possible for this
|
|
// API to import more than one resource at once. For now, we only allow
|
|
// one while we stabilize this feature.
|
|
newState, importDiags := ctx.Import(&terraform.ImportOpts{
|
|
Targets: []*terraform.ImportTarget{
|
|
&terraform.ImportTarget{
|
|
Addr: addr,
|
|
ID: args[1],
|
|
},
|
|
},
|
|
})
|
|
diags = diags.Append(importDiags)
|
|
if diags.HasErrors() {
|
|
c.showDiagnostics(diags)
|
|
return 1
|
|
}
|
|
|
|
// Persist the final state
|
|
log.Printf("[INFO] Writing state output to: %s", c.Meta.StateOutPath())
|
|
if err := state.WriteState(newState); err != nil {
|
|
c.Ui.Error(fmt.Sprintf("Error writing state file: %s", err))
|
|
return 1
|
|
}
|
|
if err := state.PersistState(); err != nil {
|
|
c.Ui.Error(fmt.Sprintf("Error writing state file: %s", err))
|
|
return 1
|
|
}
|
|
|
|
c.Ui.Output(c.Colorize().Color("[reset][green]\n" + importCommandSuccessMsg))
|
|
|
|
if c.Meta.allowMissingConfig && rc == nil {
|
|
c.Ui.Output(c.Colorize().Color("[reset][yellow]\n" + importCommandAllowMissingResourceMsg))
|
|
}
|
|
|
|
c.showDiagnostics(diags)
|
|
if diags.HasErrors() {
|
|
return 1
|
|
}
|
|
|
|
return 0
|
|
}
|
|
|
|
func (c *ImportCommand) Help() string {
|
|
helpText := `
|
|
Usage: terraform import [options] ADDR ID
|
|
|
|
Import existing infrastructure into your Terraform state.
|
|
|
|
This will find and import the specified resource into your Terraform
|
|
state, allowing existing infrastructure to come under Terraform
|
|
management without having to be initially created by Terraform.
|
|
|
|
The ADDR specified is the address to import the resource to. Please
|
|
see the documentation online for resource addresses. The ID is a
|
|
resource-specific ID to identify that resource being imported. Please
|
|
reference the documentation for the resource type you're importing to
|
|
determine the ID syntax to use. It typically matches directly to the ID
|
|
that the provider uses.
|
|
|
|
The current implementation of Terraform import can only import resources
|
|
into the state. It does not generate configuration. A future version of
|
|
Terraform will also generate configuration.
|
|
|
|
Because of this, prior to running terraform import it is necessary to write
|
|
a resource configuration block for the resource manually, to which the
|
|
imported object will be attached.
|
|
|
|
This command will not modify your infrastructure, but it will make
|
|
network requests to inspect parts of your infrastructure relevant to
|
|
the resource being imported.
|
|
|
|
Options:
|
|
|
|
-backup=path Path to backup the existing state file before
|
|
modifying. Defaults to the "-state-out" path with
|
|
".backup" extension. Set to "-" to disable backup.
|
|
|
|
-config=path Path to a directory of Terraform configuration files
|
|
to use to configure the provider. Defaults to pwd.
|
|
If no config files are present, they must be provided
|
|
via the input prompts or env vars.
|
|
|
|
-allow-missing-config Allow import when no resource configuration block exists.
|
|
|
|
-input=true Ask for input for variables if not directly set.
|
|
|
|
-lock=true Lock the state file when locking is supported.
|
|
|
|
-lock-timeout=0s Duration to retry a state lock.
|
|
|
|
-no-color If specified, output won't contain any color.
|
|
|
|
-state=PATH Path to the source state file. Defaults to the configured
|
|
backend, or "terraform.tfstate"
|
|
|
|
-state-out=PATH Path to the destination state file to write to. If this
|
|
isn't specified, the source state file will be used. This
|
|
can be a new or existing path.
|
|
|
|
-var 'foo=bar' Set a variable in the Terraform configuration. This
|
|
flag can be set multiple times. This is only useful
|
|
with the "-config" flag.
|
|
|
|
-var-file=foo Set variables in the Terraform configuration from
|
|
a file. If "terraform.tfvars" or any ".auto.tfvars"
|
|
files are present, they will be automatically loaded.
|
|
|
|
-ignore-remote-version Continue even if remote and local Terraform versions
|
|
differ. This may result in an unusable workspace, and
|
|
should be used with extreme caution.
|
|
|
|
`
|
|
return strings.TrimSpace(helpText)
|
|
}
|
|
|
|
func (c *ImportCommand) Synopsis() string {
|
|
return "Associate existing infrastructure with a Terraform resource"
|
|
}
|
|
|
|
const importCommandInvalidAddressReference = `For information on valid syntax, see:
|
|
https://www.terraform.io/docs/internals/resource-addressing.html`
|
|
|
|
const importCommandMissingResourceFmt = `[reset][bold][red]Error:[reset][bold] resource address %q does not exist in the configuration.[reset]
|
|
|
|
Before importing this resource, please create its configuration in %s. For example:
|
|
|
|
resource %q %q {
|
|
# (resource arguments)
|
|
}
|
|
`
|
|
|
|
const importCommandSuccessMsg = `Import successful!
|
|
|
|
The resources that were imported are shown above. These resources are now in
|
|
your Terraform state and will henceforth be managed by Terraform.
|
|
`
|
|
|
|
const importCommandAllowMissingResourceMsg = `Import does not generate resource configuration, you must create a resource
|
|
configuration block that matches the current or desired state manually.
|
|
|
|
If there is no matching resource configuration block for the imported
|
|
resource, Terraform will delete the resource on the next "terraform apply".
|
|
It is recommended that you run "terraform plan" to verify that the
|
|
configuration is correct and complete.
|
|
`
|