Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce S3-native state locking #35661

Merged
merged 18 commits into from
Oct 11, 2024
Merged

Introduce S3-native state locking #35661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
8be88f7
feat: add lock file support for S3 backend
bschaatsbergen Sep 1, 2024
ea8cb6d
Merge remote-tracking branch 'upstream/main' into use-s3-conditional-…
bschaatsbergen Sep 24, 2024
408b0a1
Merge branch 'main' into use-s3-conditional-writes
bschaatsbergen Sep 24, 2024
9efadb7
refactor: redirect to PutObject, use info.ID as lock ID
bschaatsbergen Sep 24, 2024
23ea7c2
Merge branch 'main' into use-s3-conditional-writes
bschaatsbergen Sep 26, 2024
9f71ac2
refactor: remove lock delimeter
bschaatsbergen Sep 26, 2024
8e853fb
Merge branch 'main' into use-s3-conditional-writes
bschaatsbergen Sep 27, 2024
81a9425
backend/s3(test): skip object lock tests by default
jar-b Oct 2, 2024
d09ea5e
backend/s3(test): handle versioned buckets during delete
jar-b Oct 2, 2024
2ac2917
backend/s3(test): fix TestBackendLockFileWithPrefix
jar-b Oct 2, 2024
b8450c8
Merge branch 'main' into use-s3-conditional-writes
bschaatsbergen Oct 3, 2024
c234ba6
backend/s3: encrypt lock file when configured
jar-b Oct 4, 2024
ec8be55
backend/s3: apply acl to lock file when configured
jar-b Oct 4, 2024
0e022a8
backend/s3(doc): update state locking section
jar-b Oct 4, 2024
740719d
backend/s3: handle out of band lock deletion
jar-b Oct 4, 2024
293e8c8
Improve logic and readability of Lock and Unlock
YakDriver Oct 10, 2024
c11f868
Merge branch 'main' into use-s3-conditional-writes
jar-b Oct 10, 2024
1ccbcad
Merge branch 'main' into use-s3-conditional-writes
bschaatsbergen Oct 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions internal/backend/remote-state/s3/backend.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ type Backend struct {
acl string
kmsKeyID string
ddbTable string
useLockFile bool
workspaceKeyPrefix string
skipS3Checksum bool
}
Expand Down Expand Up @@ -152,6 +153,11 @@ func (b *Backend) ConfigSchema() *configschema.Block {
Optional: true,
Description: "DynamoDB table for state locking and consistency",
},
"use_lockfile": {
Type: cty.Bool,
Optional: true,
Description: "(Experimental) Whether to use a lockfile for locking the state file.",
},
"profile": {
Type: cty.String,
Optional: true,
Expand Down Expand Up @@ -822,6 +828,7 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
b.serverSideEncryption = boolAttr(obj, "encrypt")
b.kmsKeyID = stringAttr(obj, "kms_key_id")
b.ddbTable = stringAttr(obj, "dynamodb_table")
b.useLockFile = boolAttr(obj, "use_lockfile")
b.skipS3Checksum = boolAttr(obj, "skip_s3_checksum")

if _, ok := stringAttrOk(obj, "kms_key_id"); ok {
Expand Down
10 changes: 10 additions & 0 deletions internal/backend/remote-state/s3/backend_state.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ const (
// defaultWorkspaceKeyPrefix is the default prefix for workspace storage.
// The colon is used to reduce the chance of name conflicts with existing objects.
defaultWorkspaceKeyPrefix = "env:"
// lockFileSuffix defines the suffix for Terraform state lock files.
lockFileSuffix = ".tflock"
)

func (b *Backend) Workspaces() ([]string, error) {
Expand Down Expand Up @@ -163,6 +165,8 @@ func (b *Backend) remoteClient(name string) (*RemoteClient, error) {
kmsKeyID: b.kmsKeyID,
ddbTable: b.ddbTable,
skipS3Checksum: b.skipS3Checksum,
lockFilePath: b.getLockFilePath(name),
useLockFile: b.useLockFile,
}

return client, nil
Expand Down Expand Up @@ -276,3 +280,9 @@ func newBucketRegionError(requestRegion, bucketRegion string) bucketRegionError
func (err bucketRegionError) Error() string {
return fmt.Sprintf("requested bucket from %q, actual location %q", err.requestRegion, err.bucketRegion)
}

// getLockFilePath returns the path to the lock file for the given Terraform state.
// For `default.tfstate`, the lock file is stored at `default.tfstate.tflock`.
func (b *Backend) getLockFilePath(name string) string {
return b.path(name) + lockFileSuffix
}
Loading
Loading