Enable single address locking in HTTP backend, fixes #23777

backend/remote-state/http/backend.go

@@ -55,6 +55,12 @@ func New() backend.Backend {
 				DefaultFunc: schema.EnvDefaultFunc("TF_HTTP_UNLOCK_METHOD", "UNLOCK"),
 				Description: "The HTTP method to use when unlocking",
 			},
+			"locking": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("TF_HTTP_LOCKING", false),
+				Description: "Wether to enable locking use on REST endpoint",
+			},
 			"username": &schema.Schema{
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -147,6 +153,18 @@ func (b *Backend) configure(ctx context.Context) error {
 
 	unlockMethod := data.Get("unlock_method").(string)
 
+	if data.Get("locking").(bool) {
+		// Use default address if no lock_address is provided
+		if lockURL == nil {
+			lockURL = updateURL
+		}
+
+		// Use default address if no unlock_address is provided
+		if unlockURL == nil {
+			unlockURL = updateURL
+		}
+	}
+
 	client := cleanhttp.DefaultPooledClient()
 
 	if data.Get("skip_cert_verification").(bool) {

backend/remote-state/http/backend_test.go

@@ -99,6 +99,7 @@ func TestHTTPClientFactoryWithEnv(t *testing.T) {
 		"lock_method":    "BLIP",
 		"unlock_address": "http://127.0.0.1:8888/baz",
 		"unlock_method":  "BLOOP",
+		"locking":        "false",
 		"username":       "user",
 		"password":       "pass",
 		"retry_max":      "999",
@@ -112,6 +113,7 @@ func TestHTTPClientFactoryWithEnv(t *testing.T) {
 	defer testWithEnv(t, "TF_HTTP_UNLOCK_ADDRESS", conf["unlock_address"])()
 	defer testWithEnv(t, "TF_HTTP_LOCK_METHOD", conf["lock_method"])()
 	defer testWithEnv(t, "TF_HTTP_UNLOCK_METHOD", conf["unlock_method"])()
+	defer testWithEnv(t, "TF_HTTP_LOCKING", conf["locking"])()
 	defer testWithEnv(t, "TF_HTTP_USERNAME", conf["username"])()
 	defer testWithEnv(t, "TF_HTTP_PASSWORD", conf["password"])()
 	defer testWithEnv(t, "TF_HTTP_RETRY_MAX", conf["retry_max"])()

command/apply_test.go

@@ -661,6 +661,7 @@ func TestApply_plan_remoteState(t *testing.T) {
 		"unlock_address":         cty.NullVal(cty.String),
 		"lock_method":            cty.NullVal(cty.String),
 		"unlock_method":          cty.NullVal(cty.String),
+		"locking":                cty.NullVal(cty.Bool),
 		"username":               cty.NullVal(cty.String),
 		"password":               cty.NullVal(cty.String),
 		"skip_cert_verification": cty.NullVal(cty.Bool),

website/docs/backends/types/http.html.md

@@ -48,6 +48,9 @@ The following configuration options / environment variables are supported:
  * `address` / `TF_HTTP_ADDRESS` - (Required) The address of the REST endpoint
  * `update_method` / `TF_HTTP_UPDATE_METHOD` - (Optional) HTTP method to use
    when updating state. Defaults to `POST`.
+ * `locking` / `TF_HTTP_LOCKING` - (Optional) Wether to enable locking use on
+   the REST endpoint. Defaults to `false`. Overriden by setting `lock_address`
+   and `unlock_address`.
  * `lock_address` / `TF_HTTP_LOCK_ADDRESS` - (Optional) The address of the lock
    REST endpoint. Defaults to disabled.
  * `lock_method` / `TF_HTTP_LOCK_METHOD` - (Optional) The HTTP method to use