Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add flag to disable downloading tf for airgapped environments #2843

Merged
merged 15 commits into from
Dec 22, 2022
Merged

feat: Add flag to disable downloading tf for airgapped environments #2843

merged 15 commits into from
Dec 22, 2022

Conversation

adam-verigin
Copy link
Contributor

@adam-verigin adam-verigin commented Dec 20, 2022
edited by nitrocode
Loading

what

  • Move the TF version listing logic into terraform_client.go
  • Add flag to enable or disable TF version listing & TF downloads
  • Reuse tf download url

why

  • Moved logic so it can leverage the existing --tf-download-url configuration option
  • If unable to list TF versions, fall back to the previous exact version regex to extract the version.

From #2701, this does not address the os.Exit() calls in https://github.com/warrensbox/terraform-switcher/blob/107631ffa4108d172909149d295c64c08cbedf00/lib/list_versions.go#L109-L139, though it does equip the code to handle it if an upstream change is made to return errors rather than exiting.

references

@adam-verigin adam-verigin requested a review from a team as a code owner December 20, 2022 23:59
@adam-verigin
Copy link
Contributor Author

Ah, missed that master was renamed to main, so my changes are behind. Looks like I need to rebase...

@nitrocode
Copy link
Member

Hi @adam-verigin thank you for the change.

Yes, please either rebase or merge the default branch and resolve conflicts.

@adam-verigin adam-verigin force-pushed the terraform-version-checking branch from 8417b8d to e10ed6d Compare December 21, 2022 02:51
nitrocode
nitrocode reviewed Dec 21, 2022
View reviewed changes
server/user_config.go Outdated Show resolved Hide resolved
@nitrocode nitrocode changed the title Improve Terraform Version Checking in Air-Gapped Environments feat: Add flag to disable downloading tf for airgapped environments Dec 21, 2022
krrrr38
krrrr38 reviewed Dec 21, 2022
View reviewed changes
server/core/terraform/terraform_client.go Show resolved Hide resolved
server/core/terraform/terraform_client.go Outdated Show resolved Hide resolved
server/events/project_command_context_builder.go Outdated Show resolved Hide resolved
server/events/project_command_context_builder.go Outdated Show resolved Hide resolved
server/events/project_command_context_builder.go Outdated Show resolved Hide resolved
nitrocode
nitrocode reviewed Dec 22, 2022
View reviewed changes
server/core/terraform/terraform_client.go
resp, err := http.Get(url)
if err != nil || resp.StatusCode != 200 {
return nil, fmt.Errorf("Unable to list Terraform versions: %s", err)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gosec alerts

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a #nosec comment here for this particular rule (G107) because terraform-switcher makes (AFAICT) the exact same call a few lines later. I guess that since their call is in a library and this one is not, it makes gosec unhappy.

I'm open to alternative suggestions if you have any.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unsure what the best strategy is here.

Is there an alternative beside setting the nosec comment?

cc @runatlantis/maintainers

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

G107 handle untrusted url, but this url is provided by server configuration. so it's ok to ignore it.

krrrr38
krrrr38 reviewed Dec 22, 2022
View reviewed changes
Copy link
Contributor

@krrrr38 krrrr38 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

otherwise lgtm

server/core/terraform/terraform_client.go
resp, err := http.Get(url)
if err != nil || resp.StatusCode != 200 {
return nil, fmt.Errorf("Unable to list Terraform versions: %s", err)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

G107 handle untrusted url, but this url is provided by server configuration. so it's ok to ignore it.

server/core/terraform/terraform_client.go Outdated Show resolved Hide resolved
@adam-verigin
Copy link
Contributor Author

If you're both content with the gosec work-around (discussed here), I think I've addressed all open feedback on this PR.

krrrr38
krrrr38 approved these changes Dec 22, 2022
View reviewed changes
Copy link
Contributor

@krrrr38 krrrr38 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Your refactoring code is also helpful.

@nitrocode nitrocode merged commit faa027a into runatlantis:main Dec 22, 2022
@nitrocode
Copy link
Member

Thank you @adam-verigin ! Please feel free to propose more changes!

@adam-verigin adam-verigin deleted the terraform-version-checking branch December 22, 2022 19:38
@adam-verigin
Copy link
Contributor Author

@nitrocode @krrrr38 Thank you both for the thorough review! This PR ended up in a better place because of it 😄

@nitrocode nitrocode added this to the 0.22.0 milestone Dec 23, 2022
@albertorm95 albertorm95 mentioned this pull request May 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamengual jamengual jamengual left review comments

@nitrocode nitrocode nitrocode approved these changes

@krrrr38 krrrr38 krrrr38 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.22.0
Development

Successfully merging this pull request may close these issues.

v0.21+: Override mirror URL for terraform downloads
4 participants
@adam-verigin @nitrocode @krrrr38 @jamengual