-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
terraform init: add link to documentation when a checksum is missing from the lock file #31408
Merged
liamcervante
merged 9 commits into
main
from
liamcervante/init-provider-checksums-failed
Jul 20, 2022
Merged
Changes from 2 commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
a21dcf2
terraform init: add suggested fix for when a checksum is missing from…
liamcervante 27a77de
improve error message
liamcervante fc5fadc
Merge branch 'main' of github.com:hashicorp/terraform into liamcervan…
liamcervante 9cc133a
add link to the documentation
liamcervante 9fc2358
cleanup leftovers from previous attempt
liamcervante 7031621
fix tests
liamcervante 7138abe
s/,/;
liamcervante bcae65e
Merge branch 'main' of github.com:hashicorp/terraform into liamcervan…
liamcervante daae556
fix imports
liamcervante File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package providercache | ||
|
||
import "github.com/hashicorp/terraform/internal/getproviders" | ||
|
||
// ErrProviderChecksumMiss is an error type used to indicate a provider | ||
// installation failed due to a mismatch in the terraform provider lock file. | ||
type ErrProviderChecksumMiss struct { | ||
Meta getproviders.PackageMeta | ||
Msg string | ||
} | ||
|
||
func (err ErrProviderChecksumMiss) Error() string { | ||
return err.Msg | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we might need to be careful about making this suggestion without some more context about the implications.
Specifically, when combining with this with the other change we recently made so that
terraform providers lock
will not honor existing checksums, I think this suggestion amounts to "The checksums didn't match the lock file, which you should fix by discarding the checksums in the lock file".I must admit I'm not sure how to inject further subtlety here without making the message incredibly verbose. I think the main qualifier we want to get across here is "If you got into this situation by not having a complete set of checksums for all platforms you intend to use...", but I don't really know how to concisely explain to a user how they would determine if that predicate is true, and how to securely differentiate it from the bad case where someone has actually maliciously tampered with the plugin package. 🤔
I think we might need to ask the product security team for a second opinion on whatever we decide here too, since we're changing the characteristics of a pretty sensitive area for the threat models of some users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've changed this so we just link directly to the relevant documentation, hopefully that avoids any potential security problems while still giving users a jump start on the potential fixes.
The relevant documentation does concretely suggest
terraform providers lock
, while providing context around how this could have happened.