Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat(provisioner): warn when .terraform.lock.hcl is modified during init#20451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
mtojek merged 6 commits intomainfrom18237-terraform-lock-modified
Oct 24, 2025
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 29 additions & 1 deletionprovisioner/terraform/executor.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -6,6 +6,7 @@ import (
"context"
"encoding/json"
"fmt"
"hash/crc32"
"io"
"os"
"os/exec"
Expand DownExpand Up@@ -220,6 +221,10 @@ func (e *executor) init(ctx, killCtx context.Context, logr logSink) error {
e.mut.Lock()
defer e.mut.Unlock()

// Record lock file checksum before init
lockFilePath := filepath.Join(e.workdir, ".terraform.lock.hcl")
preInitChecksum := checksumFileCRC32(ctx, e.logger, lockFilePath)

outWriter, doneOut := logWriter(logr, proto.LogLevel_DEBUG)
errWriter, doneErr := logWriter(logr, proto.LogLevel_ERROR)
defer func() {
Expand All@@ -246,7 +251,30 @@ func (e *executor) init(ctx, killCtx context.Context, logr logSink) error {
return &textFileBusyError{exitErr: exitErr, stderr: errBuf.b.String()}
}
}
return err
if err != nil {
return err
}

// Check if lock file was modified
postInitChecksum := checksumFileCRC32(ctx, e.logger, lockFilePath)
if preInitChecksum != 0 && postInitChecksum != 0 && preInitChecksum != postInitChecksum {
e.logger.Warn(ctx, fmt.Sprintf(".terraform.lock.hcl was modified during init. This means provider hashes "+
"are missing for the current platform (%s_%s). Update the lock file with:\n\n"+
" terraform providers lock -platform=linux_amd64 -platform=linux_arm64 "+
"-platform=darwin_amd64 -platform=darwin_arm64 -platform=windows_amd64\n",
runtime.GOOS, runtime.GOARCH),
)
}
return nil
}

func checksumFileCRC32(ctx context.Context, logger slog.Logger, path string) uint32 {
content, err := os.ReadFile(path)
if err != nil {
logger.Debug(ctx, "file %s does not exist or can't be read, skip checksum calculation")
return 0
}
return crc32.ChecksumIEEE(content)
}

func getPlanFilePath(workdir string) string {
Expand Down
45 changes: 45 additions & 0 deletionsprovisioner/terraform/executor_internal_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -2,12 +2,14 @@ package terraform

import (
"encoding/json"
"os"
"testing"

tfjson "github.com/hashicorp/terraform-json"
"github.com/stretchr/testify/require"

"github.com/coder/coder/v2/provisionersdk/proto"
"github.com/coder/coder/v2/testutil"
)

type mockLogger struct {
Expand DownExpand Up@@ -171,3 +173,46 @@ func TestOnlyDataResources(t *testing.T) {
})
}
}

func TestChecksumFileCRC32(t *testing.T) {
t.Parallel()

t.Run("file exists", func(t *testing.T) {
t.Parallel()

ctx := testutil.Context(t, testutil.WaitShort)
logger := testutil.Logger(t)

tmpfile, err := os.CreateTemp("", "lockfile-*.hcl")
require.NoError(t, err)
defer os.Remove(tmpfile.Name())

content := []byte("provider \"aws\" { version = \"5.0.0\" }")
_, err = tmpfile.Write(content)
require.NoError(t, err)
tmpfile.Close()

// Calculate checksum - expected value for this specific content
expectedChecksum := uint32(0x08f39f51)
checksum := checksumFileCRC32(ctx, logger, tmpfile.Name())
require.Equal(t, expectedChecksum, checksum)

// Modify file
err = os.WriteFile(tmpfile.Name(), []byte("modified content"), 0o600)
require.NoError(t, err)

// Checksum should be different
modifiedChecksum := checksumFileCRC32(ctx, logger, tmpfile.Name())
require.NotEqual(t, expectedChecksum, modifiedChecksum)
})

t.Run("file does not exist", func(t *testing.T) {
t.Parallel()

ctx := testutil.Context(t, testutil.WaitShort)
logger := testutil.Logger(t)

checksum := checksumFileCRC32(ctx, logger, "/nonexistent/file.hcl")
require.Zero(t, checksum)
})
}
Loading
[8]ページ先頭
©2009-2025 Movatter.jp