Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

providercache: Discard lock entries for unused providers #30192

Merged
merged 1 commit into from
Dec 17, 2021
Merged

providercache: Discard lock entries for unused providers #30192

merged 1 commit into from
Dec 17, 2021

Conversation

apparentlymart
Copy link
Member

Previously we would only ever add new lock entries or update existing ones. However, it's possible that over time a module may cease using a particular provider, at which point we ought to remove it from the lock file so that operations won't fail when seeing that the provider cache directory is inconsistent with the lock file.

Now the provider installer (EnsureProviderVersions) will remove any lock file entries that relate to providers not included in the given requirements, which therefore makes the resulting lock file properly match the set of packages the installer wrote into the cache.

This does potentially mean that someone could inadvertently defeat the lock by removing a provider dependency, running terraform init, then undoing that removal, and finally running "terraform init" again. However, that seems relatively unlikely compared to the likelihood of removing a provider and keeping it removed, and in the event it did happen the changes to the lock entry for that provider would be visible in the diff of the provider lock file as usual, and so could be noticed in code review just as for any other change to dependencies.

This fixes #30122.

I included a note in the updated documentation about the possibility of needing to run terraform init to clean up stale entries after upgrading to Terraform v1.1, but that note only really applies in the unusual case of upgrading to Terraform v1.1 in an already-initialized working directory and trying to directly run a command like terraform apply without first re-running terraform init using the new version. In the more usual case of initializing the directory with Terraform v1.1 before running any other commands, the removal will happen automatically and no extra step will be required.

@apparentlymart
providercache: Discard lock entries for unused providers
df4f86c 
Previously we would only ever add new lock entries or update existing
ones. However, it's possible that over time a module may _cease_ using
a particular provider, at which point we ought to remove it from the lock
file so that operations won't fail when seeing that the provider cache
directory is inconsistent with the lock file.

Now the provider installer (EnsureProviderVersions) will remove any lock
file entries that relate to providers not included in the given
requirements, which therefore makes the resulting lock file properly match
the set of packages the installer wrote into the cache.

This does potentially mean that someone could inadvertently defeat the
lock by removing a provider dependency, running "terraform init", then
undoing that removal, and finally running "terraform init" again. However,
that seems relatively unlikely compared to the likelihood of removing
a provider and keeping it removed, and in the event it _did_ happen the
changes to the lock entry for that provider would be visible in the diff
of the provider lock file as usual, and so could be noticed in code
review just as for any other change to dependencies.
@apparentlymart apparentlymart added bug cli v1.1 Issues (primarily bugs) reported against v1.1 releases 1.1-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged labels Dec 17, 2021
@apparentlymart apparentlymart requested a review from a team December 17, 2021 00:16
@apparentlymart apparentlymart self-assigned this Dec 17, 2021
@apparentlymart
Copy link
Member Author

The "website-link-check" is not yet updated for the new website platform, and so is just always failing for any update. My documentation update here only includes an intra-page link to an earlier section header.

@apparentlymart apparentlymart merged commit 23395a1 into main Dec 17, 2021
@apparentlymart apparentlymart deleted the b-tf-init-lock-cleanup branch December 17, 2021 23:30
@teamterraform teamterraform mentioned this pull request Dec 17, 2021
Merged
@apparentlymart apparentlymart added this to the v1.1.3 milestone Dec 17, 2021
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 17, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jbardin jbardin jbardin approved these changes

Assignees

@apparentlymart apparentlymart

Labels
1.1-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged bug cli v1.1 Issues (primarily bugs) reported against v1.1 releases
Projects
None yet
Milestone
v1.1.3
Development

Successfully merging this pull request may close these issues.

terraform 1.1.0 Error: missing or corrupted provider plugins
2 participants
@apparentlymart @jbardin