From 7fce859b90911aeb96f78be3184267ce49551d17 Mon Sep 17 00:00:00 2001 From: Dmitry Moskowski Date: Fri, 19 Aug 2022 16:14:43 +0000 Subject: [PATCH] fixing bug with terraform state transition for bastion for some reason when you add a bastion to the host the first run of terraform apply doesn't see the bastion, but see the changes in ssh settings (port in my case). found this while writing post about the provider (applied test configuration to localhost). teraform sdk is a piece of crap, it is simplier to just make all settings flat than try to maintain some sort of hierarchy (which is more obvious because bastion uses ssh.config if it is defined) --- docs/index.md | 23 ++++++++++--------- docs/resources/instance.md | 23 ++++++++++--------- makefile | 1 + provider/provider.go | 6 ++--- provider/schema.go | 46 +++++++++++++++++++------------------- provider/schema_test.go | 30 ++++++++++++------------- test/main.tf | 16 ++++++------- 7 files changed, 74 insertions(+), 71 deletions(-) diff --git a/docs/index.md b/docs/index.md index 67d8b05..4ea45e8 100644 --- a/docs/index.md +++ b/docs/index.md @@ -19,6 +19,7 @@ description: |- - `address_filter` (List of String) List of network cidr's to filter addresses used to connect to nixos_instance resources - `address_priority` (Map of Number) Map of network cidr's with associated weight which will affect address ordering for nixos_isntance resource +- `bastion` (Block Set, Max: 1) SSH configuration for bastion server (see [below for nested schema](#nestedblock--bastion)) - `nix` (Block Set, Max: 1) Nix package manager configuration options (see [below for nested schema](#nestedblock--nix)) - `retry` (Number) Amount of retries for retryable operations - `retry_wait` (Number) Amount of seconds to wait between retries @@ -26,6 +27,17 @@ description: |- - `secrets` (Block Set, Max: 1) Describes secrets settings (see [below for nested schema](#nestedblock--secrets)) - `ssh` (Block Set, Max: 1) SSH protocol settings (see [below for nested schema](#nestedblock--ssh)) + +### Nested Schema for `bastion` + +Optional: + +- `config` (Map of String) SSH configuration map +- `host` (String) SSH bastion remote hostname +- `port` (Number) SSH remote port +- `user` (String) SSH remote user name + + ### Nested Schema for `nix` @@ -98,17 +110,6 @@ Optional: Optional: -- `bastion` (Block Set, Max: 1) SSH configuration for bastion server (see [below for nested schema](#nestedblock--ssh--bastion)) -- `config` (Map of String) SSH configuration map -- `port` (Number) SSH remote port -- `user` (String) SSH remote user name - - -### Nested Schema for `ssh.bastion` - -Optional: - - `config` (Map of String) SSH configuration map -- `host` (String) SSH remote hostname - `port` (Number) SSH remote port - `user` (String) SSH remote user name diff --git a/docs/resources/instance.md b/docs/resources/instance.md index 4af77ec..ecef1f6 100644 --- a/docs/resources/instance.md +++ b/docs/resources/instance.md @@ -22,6 +22,7 @@ NixOS instance ### Optional +- `bastion` (Block Set, Max: 1) SSH configuration for bastion server (see [below for nested schema](#nestedblock--bastion)) - `derivations` (Block List) List of derivations which is built during apply (see [below for nested schema](#nestedblock--derivations)) - `nix` (Block Set, Max: 1) Nix package manager configuration options (see [below for nested schema](#nestedblock--nix)) - `secret` (Block Set) Describes secret which should be transfered to host (see [below for nested schema](#nestedblock--secret)) @@ -35,6 +36,17 @@ NixOS instance - `id` (String) The ID of this resource. - `secret_fingerprint` (Map of String) Secrets state fingerprint information which is used to maintain state + +### Nested Schema for `bastion` + +Optional: + +- `config` (Map of String) SSH configuration map +- `host` (String) SSH bastion remote hostname +- `port` (Number) SSH remote port +- `user` (String) SSH remote user name + + ### Nested Schema for `derivations` @@ -116,18 +128,7 @@ Optional: Optional: -- `bastion` (Block Set, Max: 1) SSH configuration for bastion server (see [below for nested schema](#nestedblock--ssh--bastion)) -- `config` (Map of String) SSH configuration map -- `port` (Number) SSH remote port -- `user` (String) SSH remote user name - - -### Nested Schema for `ssh.bastion` - -Optional: - - `config` (Map of String) SSH configuration map -- `host` (String) SSH remote hostname - `port` (Number) SSH remote port - `user` (String) SSH remote user name diff --git a/makefile b/makefile index 513d12c..d363202 100644 --- a/makefile +++ b/makefile @@ -2,6 +2,7 @@ .ONESHELL: export TF_LOG ?= ERROR +export SSH_AUTH_SOCK = root = $(dir $(abspath $(firstword $(MAKEFILE_LIST)))) result = $(root)/result/libexec/terraform-providers diff --git a/provider/provider.go b/provider/provider.go index 8f52a25..b05ede3 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -229,8 +229,8 @@ func (p *Provider) SshSettings(resource ResourceBox) map[string]interface{} { return p.settings(resource, KeySsh) } -func (p *Provider) SshBastionSettings(resource ResourceBox) map[string]interface{} { - return p.settings(resource, KeySsh, KeySshBastion) +func (p *Provider) BastionSettings(resource ResourceBox) map[string]interface{} { + return p.settings(resource, KeyBastion) } func (p *Provider) SshConfigMap(settings map[string]interface{}) *SshConfigMap { @@ -298,7 +298,7 @@ func (p *Provider) NewSsh(resource ResourceBox) *Ssh { settings = p.SshSettings(resource) configMap = p.SshConfigMap(settings) - bastionSettings = p.SshBastionSettings(resource) + bastionSettings = p.BastionSettings(resource) ) bastionHost, _ := bastionSettings[KeySshHost].(string) diff --git a/provider/schema.go b/provider/schema.go index c012647..560ec9f 100644 --- a/provider/schema.go +++ b/provider/schema.go @@ -50,12 +50,13 @@ const ( // - KeySsh = "ssh" - KeySshHost = "host" - KeySshUser = "user" - KeySshPort = "port" - KeySshConfig = "config" - KeySshBastion = "bastion" + KeySsh = "ssh" + KeySshHost = "host" + KeySshUser = "user" + KeySshPort = "port" + KeySshConfig = "config" + + KeyBastion = "bastion" // @@ -112,35 +113,32 @@ var ( DefaultFunc: DefaultSshConfig, }, } + ProviderSchemaSsh = SchemaWithDefaultFuncCtr(DefaultMapFromSchema, &schema.Schema{ + Description: "SSH protocol settings", + Type: schema.TypeSet, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: ProviderSchemaSshMap, + }, + Optional: true, + }) + ProviderSchemaBastionMap = SchemaMapExtend( ProviderSchemaSshMap, map[string]*schema.Schema{ KeySshHost: { - Description: "SSH remote hostname", + Description: "SSH bastion remote hostname", Type: schema.TypeString, Optional: true, }, }, ) - ProviderSchemaSsh = SchemaWithDefaultFuncCtr(DefaultMapFromSchema, &schema.Schema{ - Description: "SSH protocol settings", + ProviderSchemaBastion = SchemaWithDefaultFuncCtr(DefaultMapFromSchema, &schema.Schema{ + Description: "SSH configuration for bastion server", Type: schema.TypeSet, MaxItems: 1, Elem: &schema.Resource{ - Schema: SchemaMapExtend( - ProviderSchemaSshMap, - map[string]*schema.Schema{ - KeySshBastion: { - Description: "SSH configuration for bastion server", - Type: schema.TypeSet, - MaxItems: 1, - Elem: &schema.Resource{ - Schema: ProviderSchemaBastionMap, - }, - Optional: true, - }, - }, - ), + Schema: ProviderSchemaBastionMap, }, Optional: true, }) @@ -381,6 +379,7 @@ var ( KeyNix: ProviderSchemaNix, KeySsh: ProviderSchemaSsh, + KeyBastion: ProviderSchemaBastion, KeySecrets: ProviderSchemaSecrets, KeySecret: ProviderSchemaSecret, } @@ -424,6 +423,7 @@ var ( KeyNix: ProviderSchemaNix, KeySsh: ProviderSchemaSsh, + KeyBastion: ProviderSchemaBastion, KeySecrets: ProviderSchemaSecrets, KeySecret: ProviderSchemaSecret, diff --git a/provider/schema_test.go b/provider/schema_test.go index f94a507..32093ad 100644 --- a/provider/schema_test.go +++ b/provider/schema_test.go @@ -56,10 +56,10 @@ resource "nixos_instance" "test2" { pubKeyAuthentication = "no" passwordAuthentication = "yes" } - bastion { - host = "127.0.0.1" - port = 2222 - } + } + bastion { + host = "127.0.0.1" + port = 2222 } } ` @@ -78,15 +78,15 @@ provider "nixos" { pubKeyAuthentication = "no" passwordAuthentication = "yes" } - bastion { - host = "127.0.0.1" - port = 2222 - config = { - userKnownHostsFile = "/dev/null" - strictHostKeyChecking = "no" - pubKeyAuthentication = "no" - passwordAuthentication = "yes" - } + } + bastion { + host = "127.0.0.1" + port = 2222 + config = { + userKnownHostsFile = "/dev/null" + strictHostKeyChecking = "no" + pubKeyAuthentication = "no" + passwordAuthentication = "yes" } } secrets { @@ -152,8 +152,8 @@ func TestResourceNixosInstance(t *testing.T) { CheckEqual(t, "nixos_instance.test2", "address.2", ""), CheckEqual(t, "nixos_instance.test2", "configuration", "../test/test.nix"), CheckEqual(t, "nixos_instance.test2", "ssh.0.port", "2222"), - CheckEqual(t, "nixos_instance.test2", "ssh.0.bastion.0.host", "127.0.0.1"), - CheckEqual(t, "nixos_instance.test2", "ssh.0.bastion.0.port", "2222"), + CheckEqual(t, "nixos_instance.test2", "bastion.0.host", "127.0.0.1"), + CheckEqual(t, "nixos_instance.test2", "bastion.0.port", "2222"), ), }, { diff --git a/test/main.tf b/test/main.tf index 54b4461..9580b4e 100644 --- a/test/main.tf +++ b/test/main.tf @@ -19,10 +19,10 @@ provider "nixos" { pubKeyAuthentication = "no" passwordAuthentication = "yes" } - bastion { - host = "127.0.0.1" - port = 777 - } + } + bastion { + host = "127.0.0.1" + port = 777 } } @@ -41,10 +41,10 @@ resource "nixos_instance" "test" { pubKeyAuthentication = "no" passwordAuthentication = "yes" } - bastion { - host = "127.0.0.1" - port = 2222 - } + } + bastion { + host = "127.0.0.1" + port = 2222 } secret {