summaryrefslogtreecommitdiff
path: root/app/models/terraform/state.rb
blob: eb7d465d5854244c62f225eb381e90abcfd2d130 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# frozen_string_literal: true

module Terraform
  class State < ApplicationRecord
    include UsageStatistics

    HEX_REGEXP = %r{\A\h+\z}.freeze
    UUID_LENGTH = 32

    belongs_to :project
    belongs_to :locked_by_user, class_name: 'User'

    has_many :versions,
      class_name: 'Terraform::StateVersion',
      foreign_key: :terraform_state_id,
      inverse_of: :terraform_state

    has_one :latest_version, -> { ordered_by_version_desc },
      class_name: 'Terraform::StateVersion',
      foreign_key: :terraform_state_id,
      inverse_of: :terraform_state

    scope :versioning_not_enabled, -> { where(versioning_enabled: false) }
    scope :ordered_by_name, -> { order(:name) }
    scope :with_name, -> (name) { where(name: name) }

    validates :name, presence: true, uniqueness: { scope: :project_id }
    validates :project_id, presence: true
    validates :uuid, presence: true, uniqueness: true, length: { is: UUID_LENGTH },
              format: { with: HEX_REGEXP, message: 'only allows hex characters' }

    before_destroy :ensure_state_is_unlocked

    default_value_for(:uuid, allows_nil: false) { SecureRandom.hex(UUID_LENGTH / 2) }

    def latest_file
      latest_version&.file
    end

    def locked?
      self.lock_xid.present?
    end

    def update_file!(data, version:, build:)
      # This check is required to maintain backwards compatibility with
      # states that were created prior to versioning being supported.
      # This can be removed in 14.0 when support for these states is dropped.
      # See https://gitlab.com/gitlab-org/gitlab/-/issues/258960
      if versioning_enabled?
        create_new_version!(data: data, version: version, build: build)
      else
        migrate_legacy_version!(data: data, version: version, build: build)
      end
    end

    private

    ##
    # If a Terraform state was created before versioning support was
    # introduced, it will have a single version record whose file
    # uses a legacy naming scheme in object storage. To update
    # these states and versions to use the new behaviour, we must do
    # the following when creating the next version:
    #
    #  * Read the current, non-versioned file from the old location.
    #  * Update the :versioning_enabled flag, which determines the
    #    naming scheme
    #  * Resave the existing file with the updated name and location,
    #    using a version number one prior to the new version
    #  * Create the new version as normal
    #
    # This migration only needs to happen once for each state, from
    # then on the state will behave as if it was always versioned.
    #
    # The code can be removed in the next major version (14.0), after
    # which any states that haven't been migrated will need to be
    # recreated: https://gitlab.com/gitlab-org/gitlab/-/issues/258960
    def migrate_legacy_version!(data:, version:, build:)
      current_file = latest_version.file.read
      current_version = parse_serial(current_file) || version - 1

      update!(versioning_enabled: true)

      reload_latest_version.update!(version: current_version, file: CarrierWaveStringFile.new(current_file))
      create_new_version!(data: data, version: version, build: build)
    end

    def create_new_version!(data:, version:, build:)
      new_version = versions.build(version: version, created_by_user: locked_by_user, build: build)
      new_version.assign_attributes(file: data)
      new_version.save!
    end

    def ensure_state_is_unlocked
      return unless locked?

      errors.add(:base, s_("Terraform|You cannot remove the State file because it's locked. Unlock the State file first before removing it."))
      throw :abort # rubocop:disable Cop/BanCatchThrow
    end

    def parse_serial(file)
      Gitlab::Json.parse(file)["serial"]
    rescue JSON::ParserError
    end
  end
end