Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backend/azurerm: upgrading the SDK / support for proxies #19414

Merged
merged 4 commits into from
Nov 21, 2018

Conversation

tombuildsstuff
Copy link
Contributor

@tombuildsstuff tombuildsstuff commented Nov 20, 2018

This PR upgrades to v21.3.0 of github.com/Azure/azure-sdk-for-go, v10.15.4 of github.comAzure/go-autorest and vendors github.com/hashicorp/go-azure-helpers @ 0.1.1

This is the first in a couple of PR's to the Backend which allows us to support additional authentication modes for the backend, which will allow us to fix #18425 and #16763.

This PR intentionally doesn't fix the locking issue tracked in #17046 (see more details below) - however it should be possible to fix that once this is merged (since this changeset's already quite big)

Tasks:

  • Upgrade Azure/go-autorest / Azure/azure-sdk-for-go
  • Threading through the new auth package
  • Proxy Support
  • Switching to use the Resources Profile
  • Switching to use the Storage Profile
  • Setting the User Agent
  • Additional Acceptance Tests coverage for Service Principal Client Secret / Access Key
  • Manual Testing

@tombuildsstuff
Copy link
Contributor Author

This test currently fails in master:

$ TF_ACC=1 envchain azurerm go test -v ./backend/remote-state/azure/ -run="TestBackendLocked"
=== RUN   TestBackendLocked
2018/11/20 21:37:58 [DEBUG] Could not lock as state blob did not exist, creating with empty state
--- FAIL: TestBackendLocked (136.20s)
    backend_test.go:120: creating resource group terraform-backend-testing-1587647403404359918
    backend_test.go:126: creating storage account tfbackendtesting4ahk
    backend_test.go:140: fetching access key for storage account
    backend_test.go:157: creating container terraform
    backend_test.go:77: TestBackendConfig on *azure.Backend with configs.synthBody{Filename:"<TestWrapConfig>", Values:map[string]cty.Value{"access_key":cty.StringVal("/nAdA86fOV+5XQZPSyBW/GuXG4OSTamTbKneOw8ucg3pg3w8JYgRxPGcOxrJ/2IUgTTdekiJviJ65jAc25i3LQ=="), "container_name":cty.StringVal("terraform"), "key":cty.StringVal("testState"), "storage_account_name":cty.StringVal("tfbackendtesting4ahk")}}
    backend_test.go:84: TestBackendConfig on *azure.Backend with configs.synthBody{Filename:"<TestWrapConfig>", Values:map[string]cty.Value{"access_key":cty.StringVal("/nAdA86fOV+5XQZPSyBW/GuXG4OSTamTbKneOw8ucg3pg3w8JYgRxPGcOxrJ/2IUgTTdekiJviJ65jAc25i3LQ=="), "container_name":cty.StringVal("terraform"), "key":cty.StringVal("testState"), "storage_account_name":cty.StringVal("tfbackendtesting4ahk")}}
    backend_test.go:91: TestBackend: testing state locking for *azure.Backend
    backend_test.go:92: TestBackend: testing state locking for *azure.Backend
    backend_test.go:92: could not unlock with the reported ID "d4dcc229-3c31-8f1c-3bce-341391bd10f4": failed to delete lock info from metadata: storage: service returned error: StatusCode=412, ErrorCode=LeaseIdMissing, ErrorMessage=There is currently a lease on the blob and no lease ID was specified in the request.
        RequestId:7763c56f-901e-0022-3f10-811362000000
        Time:2018-11-20T20:38:02.3230462Z, RequestInitiated=Tue, 20 Nov 2018 20:38:02 GMT, RequestId=7763c56f-901e-0022-3f10-811362000000, API Version=2016-05-31, QueryParameterName=, QueryParameterValue=
        Lock Info:
          ID:        d4dcc229-3c31-8f1c-3bce-341391bd10f4
          Path:      terraform/testState
          Operation: test
          Who:       clientA
          Version:   0.12.0
          Created:   2018-11-20 20:38:00.379197 &#43;0000 UTC
          Info:
    backend_test.go:174: destroying created resources
    backend_test.go:184: Azure resources destroyed
FAIL
FAIL	github.com/hashicorp/terraform/backend/remote-state/azure	137.146s

And also fails in this branch:

$ TF_ACC=1 envchain azurerm go test -v ./backend/remote-state/azure/ -run="TestBackendLocked"
=== RUN   TestBackendLocked
2018/11/20 21:35:17 Testing if Service Principal / Client Certificate is applicable for Authentication..
2018/11/20 21:35:17 Testing if Service Principal / Client Secret is applicable for Authentication..
2018/11/20 21:35:17 Using Service Principal / Client Secret for Authentication
2018/11/20 21:35:17 Creating Resource Group "acctestrg-backend-9xc2"
2018/11/20 21:35:20 Creating Storage Account "acctestsa9xc2" in Resource Group "acctestrg-backend-9xc2"
2018/11/20 21:35:40 fetching access key for storage account
2018/11/20 21:35:40 Creating Container "acctestcont" in Storage Account "acctestsa9xc2" (Resource Group "acctestrg-backend-9xc2")
2018/11/20 21:35:41 [DEBUG] Could not lock as state blob did not exist, creating with empty state
2018/11/20 21:35:46 [DEBUG] Deleting Resource Group "acctestrg-backend-9xc2"..
2018/11/20 21:35:47 [DEBUG] Waiting for deletion of Resource Group "acctestrg-backend-9xc2"..
--- FAIL: TestBackendLocked (123.95s)
    backend_test.go:75: TestBackendConfig on *azure.Backend with configs.synthBody{Filename:"<TestWrapConfig>", Values:map[string]cty.Value{"key":cty.StringVal("testState"), "storage_account_name":cty.StringVal("acctestsa9xc2"), "access_key":cty.StringVal("S8wiuV5VHzlzWd36JpHZKeq1qkwh0cdOcbec+vmP/Z1ETV7e+Au4QI2jkyDPRiD53GWLAAKS6th8muxOT5F8mA=="), "container_name":cty.StringVal("acctestcont")}}
    backend_test.go:82: TestBackendConfig on *azure.Backend with configs.synthBody{Filename:"<TestWrapConfig>", Values:map[string]cty.Value{"access_key":cty.StringVal("S8wiuV5VHzlzWd36JpHZKeq1qkwh0cdOcbec+vmP/Z1ETV7e+Au4QI2jkyDPRiD53GWLAAKS6th8muxOT5F8mA=="), "container_name":cty.StringVal("acctestcont"), "key":cty.StringVal("testState"), "storage_account_name":cty.StringVal("acctestsa9xc2")}}
    backend_test.go:89: TestBackend: testing state locking for *azure.Backend
    backend_test.go:90: TestBackend: testing state locking for *azure.Backend
    backend_test.go:90: could not unlock with the reported ID "a1e0bd92-5967-e906-ccff-dd5a04e590f0": failed to delete lock info from metadata: storage: service returned error: StatusCode=412, ErrorCode=LeaseIdMissing, ErrorMessage=There is currently a lease on the blob and no lease ID was specified in the request.
        RequestId:e7446ee4-101e-0088-8010-81dd44000000
        Time:2018-11-20T20:35:45.6724620Z, RequestInitiated=Tue, 20 Nov 2018 20:35:45 GMT, RequestId=e7446ee4-101e-0088-8010-81dd44000000, API Version=2016-05-31, QueryParameterName=, QueryParameterValue=
        Lock Info:
          ID:        a1e0bd92-5967-e906-ccff-dd5a04e590f0
          Path:      acctestcont/testState
          Operation: test
          Who:       clientA
          Version:   0.12.0
          Created:   2018-11-20 20:35:43.604863 &#43;0000 UTC
          Info:
FAIL
FAIL	github.com/hashicorp/terraform/backend/remote-state/azure	124.944s

The underlying issue is being tracked in #17046 - since this functionality is currently broken in master, I'm going to tackle this in the next PR, since this PR's already quite large.

@tombuildsstuff
Copy link
Contributor Author

Tests prior to updating the names:

screenshot 2018-11-21 at 16 04 53

@tombuildsstuff tombuildsstuff changed the title [WIP] AzureRM Backend: SDK upgrades AzureRM Backend: upgrading the SDK / support for proxies Nov 21, 2018
@tombuildsstuff tombuildsstuff force-pushed the f/backend/azurerm-upgrade branch 2 times, most recently from 9dce791 to 2bf839d Compare November 21, 2018 16:20
@tombuildsstuff tombuildsstuff requested review from katbyte and a team November 21, 2018 16:49
- updating to v21.3.0 of github.com/Azure/azure-sdk-for-go
- updating to v10.15.4 of github.com/Azure/go-autorest
- vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1
- refactoring the backend to use a shared client via the new auth package
- adding tests covering both Service Principal and Access Key auth
- support for authenticating using a proxy
- rewriting the backend documentation to include examples of both authentication types
@tombuildsstuff
Copy link
Contributor Author

Now that we're testing both Access Key and Service Principal authentication explicitly - the failing test has been duplicated (which is intentional) - but this otherwise passes on Azure Public & Azure Germany:

screenshot 2018-11-21 at 18 15 54

The failing tests in question (which will be fixed in the follow up PR):

screenshot 2018-11-21 at 18 16 12

@tombuildsstuff tombuildsstuff changed the title AzureRM Backend: upgrading the SDK / support for proxies backend/azurerm: upgrading the SDK / support for proxies Nov 21, 2018
Copy link
Member

@radeksimko radeksimko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM except the log level thingy.

backend/remote-state/azure/sender.go Outdated Show resolved Hide resolved
@radeksimko
Copy link
Member

Also this certainly needs review from someone more familiar with Azure than me.

Copy link
Contributor

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @tombuildsstuff 👍

@tombuildsstuff tombuildsstuff removed the request for review from a team November 21, 2018 20:47
@tombuildsstuff tombuildsstuff merged commit 0ec109b into master Nov 21, 2018
@tombuildsstuff tombuildsstuff deleted the f/backend/azurerm-upgrade branch November 21, 2018 21:06
tombuildsstuff added a commit that referenced this pull request Nov 21, 2018
@ghost
Copy link

ghost commented Mar 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Mar 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support MSI (like EC2 roles) authentication when using a remote backend?
3 participants