feat: warn when .terraform.lock.hcl is modified during terraform init #18276
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change addresses issue #18237 by adding checksum validation for .terraform.lock.hcl files before and after running terraform init. When the lock file is modified during init, it indicates that provider hashes may be missing for the target architecture, leading to unnecessary provider downloads and slower provisioning. Changes: - Add calculateFileChecksum() helper function using SHA256 - Add getTerraformLockFilePath() helper function - Modify init() function to calculate checksums before/after terraform init - Log warning when lock file changes with actionable guidance - Add unit tests for new functionality The warning message guides users to regenerate the lock file on the same OS/architecture as their Coder instance to improve performance. Co-authored-by: kylecarbs <7122116+kylecarbs@users.noreply.github.com>
Co-authored-by: kylecarbs <7122116+kylecarbs@users.noreply.github.com>
Co-authored-by: kylecarbs <7122116+kylecarbs@users.noreply.github.com>
Co-authored-by: kylecarbs <7122116+kylecarbs@users.noreply.github.com>
Fixes gosec G306 linting error that expects WriteFile permissions to be 0600 or less for security reasons. Co-authored-by: kylecarbs <7122116+kylecarbs@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #18237
This PR adds checksum validation for
.terraform.lock.hclfiles before and after runningterraform initto detect when provider hashes are missing for the target architecture.Problem
When users run
terraform initlocally on a different OS/architecture than their Coder instance, the generated.terraform.lock.hclfile may be missing provider hashes for the target architecture. This causes Terraform to download providers unnecessarily during provisioning, slowing down the process.Solution
.terraform.lock.hclbefore runningterraform initterraform initcompletesChanges
calculateFileChecksum()helper function using SHA256getTerraformLockFilePath()helper functioninit()function to perform checksum validationTesting
The warning message provides clear guidance on how to resolve the issue by regenerating the lock file on the same OS/architecture as the Coder instance.