From d227ea7b7b4ed4ecf81b0b0e1b7cea1199818cad Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Wed, 3 Jul 2024 16:24:17 -0400 Subject: [PATCH] Add CI/CD check ensuring Terraform resources are up-to-date (#43788) * check if Terraform resources and docs are up-to-date * move proto lint into a dedicated job * re-render TF resources * run proto checks on Terraform template or exmaple changes * run proto checks on generator changes * address alan's feedback --- .github/workflows/lint.yaml | 94 ++++++++++++++----- Makefile | 10 ++ .../data-sources/auth_preference.mdx | 1 + .../resources/auth_preference.mdx | 1 + .../terraform/tfschema/types_terraform.go | 44 +++++++++ 5 files changed, 124 insertions(+), 26 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 97ac91ed64da1..73190df604dc4 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -40,6 +40,23 @@ jobs: - 'Cargo.lock' - 'build.assets/versions.mk' - 'Makefile' + has_proto: + # workflow changes + - '.github/workflows/lint.yaml' + # proto files or buf changes + - 'go.mod' + - 'go.sum' + - 'api/proto/**' + - 'proto/**' + # operator protoc generator change + - 'integrations/operator/crdgen' + # terraform protoc generator changes + - 'integrations/terraform/go.mod' + - 'integrations/terraform/gen/docs.sh' + - 'integrations/terraform/protoc-gen-terraform-*' + - 'integrations/terraform/Makefile' + - 'integrations/terraform/examples/**' + - 'integrations/terraform/templates/**' lint-go: name: Lint (Go) @@ -66,12 +83,10 @@ jobs: - name: Set linter versions run: | - echo BUF_VERSION=$(cd build.assets; make print-buf-version) >> $GITHUB_ENV echo GOLANGCI_LINT_VERSION=$(cd build.assets; make print-golangci-lint-version) >> $GITHUB_ENV - name: Print linter versions run: | - echo "BUF_VERSION=$BUF_VERSION" echo "GOLANGCI_LINT_VERSION=$GOLANGCI_LINT_VERSION" # Run various golangci-lint checks. @@ -118,33 +133,9 @@ jobs: args: --out-format=colored-line-number skip-cache: true - - uses: bufbuild/buf-setup-action@35c243d7f2a909b1d4e40399b348a7fdab27d78d # v1.34.0 - with: - github_token: ${{ github.token }} - version: ${{ env.BUF_VERSION }} - - uses: bufbuild/buf-lint-action@06f9dd823d873146471cfaaf108a993fe00e5325 # v1.1.1 - - name: buf breaking from parent to self - uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4 - with: - against: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=${{ github.event.pull_request.base.sha || github.event.merge_group.base_sha }}' - - name: buf breaking from self to master - uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4 - if: ${{ github.base_ref != 'master' && github.event.merge_group.base_ref != 'refs/heads/master' }} - with: - input: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=master' - against: '.' - - name: Run (non-action) linters run: make lint-no-actions - - name: Check if protos are up to date - # We have to add the current directory as a safe directory or else git commands will not work as expected. - run: git config --global --add safe.directory $(realpath .) && make protos-up-to-date/host - - - name: Check if Operator CRDs are up to date - # We have to add the current directory as a safe directory or else git commands will not work as expected. - run: git config --global --add safe.directory $(realpath .) && make crds-up-to-date - - name: Check if derived functions are up to date # We have to add the current directory as a safe directory or else git commands will not work as expected. run: git config --global --add safe.directory $(realpath .) && make derive-up-to-date @@ -177,3 +168,54 @@ jobs: - name: Run Rust linters run: make lint-rust + + lint-proto: + name: Lint (Proto) + needs: changes + if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_proto == 'true' }} + runs-on: ubuntu-22.04-16core + + permissions: + contents: read + + container: + image: ghcr.io/gravitational/teleport-buildbox:teleport16 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set linter versions + run: | + echo BUF_VERSION=$(cd build.assets; make print-buf-version) >> $GITHUB_ENV + + - name: Print linter versions + run: | + echo "BUF_VERSION=$BUF_VERSION" + - uses: bufbuild/buf-setup-action@35c243d7f2a909b1d4e40399b348a7fdab27d78d # v1.34.0 + with: + github_token: ${{ github.token }} + version: ${{ env.BUF_VERSION }} + - uses: bufbuild/buf-lint-action@06f9dd823d873146471cfaaf108a993fe00e5325 # v1.1.1 + - name: buf breaking from parent to self + uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4 + with: + against: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=${{ github.event.pull_request.base.sha || github.event.merge_group.base_sha }}' + - name: buf breaking from self to master + uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4 + if: ${{ github.base_ref != 'master' && github.event.merge_group.base_ref != 'refs/heads/master' }} + with: + input: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=master' + against: '.' + + - name: Check if protos are up to date + # We have to add the current directory as a safe directory or else git commands will not work as expected. + run: git config --global --add safe.directory $(realpath .) && make protos-up-to-date/host + + - name: Check if Operator CRDs are up to date + # We have to add the current directory as a safe directory or else git commands will not work as expected. + run: git config --global --add safe.directory $(realpath .) && make crds-up-to-date + + - name: Check if Terraform resources are up to date + # We have to add the current directory as a safe directory or else git commands will not work as expected. + run: git config --global --add safe.directory $(realpath .) && make terraform-resources-up-to-date diff --git a/Makefile b/Makefile index f583528b1a33d..36518a8ef2c67 100644 --- a/Makefile +++ b/Makefile @@ -1496,6 +1496,16 @@ crds-up-to-date: must-start-clean/host exit 1; \ fi +# tfdocs-up-to-date checks if the generated Terraform types and documentation from the protobuf stubs are up to date. +.PHONY: terraform-resources-up-to-date +terraform-resources-up-to-date: must-start-clean/host + $(MAKE) -C integrations/terraform docs + @if ! git diff --quiet; then \ + echo 'Please run make -C integrations/terraform docs.'; \ + git diff; \ + exit 1; \ + fi + print/env: env diff --git a/docs/pages/reference/terraform-provider/data-sources/auth_preference.mdx b/docs/pages/reference/terraform-provider/data-sources/auth_preference.mdx index 1dbd989aeff89..038773e72d34b 100644 --- a/docs/pages/reference/terraform-provider/data-sources/auth_preference.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/auth_preference.mdx @@ -39,6 +39,7 @@ Optional: - `piv_slot` (String) TODO(Joerger): DELETE IN 17.0.0 Deprecated, replaced by HardwareKey settings. - `require_session_mfa` (Number) RequireMFAType is the type of MFA requirement enforced for this cluster. 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH", 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN". - `second_factor` (String) SecondFactor is the type of second factor. +- `signature_algorithm_suite` (Number) SignatureAlgorithmSuite is the configured signature algorithm suite for the cluster. The current default value is "legacy". This field is not yet fully supported. - `type` (String) Type is the type of authentication. - `u2f` (Attributes) U2F are the settings for the U2F device. (see [below for nested schema](#nested-schema-for-specu2f)) - `webauthn` (Attributes) Webauthn are the settings for server-side Web Authentication support. (see [below for nested schema](#nested-schema-for-specwebauthn)) diff --git a/docs/pages/reference/terraform-provider/resources/auth_preference.mdx b/docs/pages/reference/terraform-provider/resources/auth_preference.mdx index 0f391cab325ba..f096b5b1eb3a7 100644 --- a/docs/pages/reference/terraform-provider/resources/auth_preference.mdx +++ b/docs/pages/reference/terraform-provider/resources/auth_preference.mdx @@ -57,6 +57,7 @@ Optional: - `piv_slot` (String) TODO(Joerger): DELETE IN 17.0.0 Deprecated, replaced by HardwareKey settings. - `require_session_mfa` (Number) RequireMFAType is the type of MFA requirement enforced for this cluster. 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH", 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN". - `second_factor` (String) SecondFactor is the type of second factor. +- `signature_algorithm_suite` (Number) SignatureAlgorithmSuite is the configured signature algorithm suite for the cluster. The current default value is "legacy". This field is not yet fully supported. - `type` (String) Type is the type of authentication. - `u2f` (Attributes) U2F are the settings for the U2F device. (see [below for nested schema](#nested-schema-for-specu2f)) - `webauthn` (Attributes) Webauthn are the settings for server-side Web Authentication support. (see [below for nested schema](#nested-schema-for-specwebauthn)) diff --git a/integrations/terraform/tfschema/types_terraform.go b/integrations/terraform/tfschema/types_terraform.go index 9b90b33a0567d..2a46cada888f0 100644 --- a/integrations/terraform/tfschema/types_terraform.go +++ b/integrations/terraform/tfschema/types_terraform.go @@ -1312,6 +1312,11 @@ func GenSchemaAuthPreferenceV2(ctx context.Context) (github_com_hashicorp_terraf PlanModifiers: []github_com_hashicorp_terraform_plugin_framework_tfsdk.AttributePlanModifier{github_com_hashicorp_terraform_plugin_framework_tfsdk.UseStateForUnknown()}, Type: github_com_hashicorp_terraform_plugin_framework_types.StringType, }, + "signature_algorithm_suite": { + Description: "SignatureAlgorithmSuite is the configured signature algorithm suite for the cluster. The current default value is \"legacy\". This field is not yet fully supported.", + Optional: true, + Type: github_com_hashicorp_terraform_plugin_framework_types.Int64Type, + }, "type": { Computed: true, Description: "Type is the type of authentication.", @@ -12905,6 +12910,23 @@ func CopyAuthPreferenceV2FromTerraform(_ context.Context, tf github_com_hashicor } } } + { + a, ok := tf.Attrs["signature_algorithm_suite"] + if !ok { + diags.Append(attrReadMissingDiag{"AuthPreferenceV2.Spec.signature_algorithm_suite"}) + } else { + v, ok := a.(github_com_hashicorp_terraform_plugin_framework_types.Int64) + if !ok { + diags.Append(attrReadConversionFailureDiag{"AuthPreferenceV2.Spec.signature_algorithm_suite", "github.com/hashicorp/terraform-plugin-framework/types.Int64"}) + } else { + var t github_com_gravitational_teleport_api_types.SignatureAlgorithmSuite + if !v.Null && !v.Unknown { + t = github_com_gravitational_teleport_api_types.SignatureAlgorithmSuite(v.Value) + } + obj.SignatureAlgorithmSuite = t + } + } + } } } } @@ -14101,6 +14123,28 @@ func CopyAuthPreferenceV2ToTerraform(ctx context.Context, obj *github_com_gravit } } } + { + t, ok := tf.AttrTypes["signature_algorithm_suite"] + if !ok { + diags.Append(attrWriteMissingDiag{"AuthPreferenceV2.Spec.signature_algorithm_suite"}) + } else { + v, ok := tf.Attrs["signature_algorithm_suite"].(github_com_hashicorp_terraform_plugin_framework_types.Int64) + if !ok { + i, err := t.ValueFromTerraform(ctx, github_com_hashicorp_terraform_plugin_go_tftypes.NewValue(t.TerraformType(ctx), nil)) + if err != nil { + diags.Append(attrWriteGeneralError{"AuthPreferenceV2.Spec.signature_algorithm_suite", err}) + } + v, ok = i.(github_com_hashicorp_terraform_plugin_framework_types.Int64) + if !ok { + diags.Append(attrWriteConversionFailureDiag{"AuthPreferenceV2.Spec.signature_algorithm_suite", "github.com/hashicorp/terraform-plugin-framework/types.Int64"}) + } + v.Null = int64(obj.SignatureAlgorithmSuite) == 0 + } + v.Value = int64(obj.SignatureAlgorithmSuite) + v.Unknown = false + tf.Attrs["signature_algorithm_suite"] = v + } + } } v.Unknown = false tf.Attrs["spec"] = v