command: pass the locked plugin hashes into ContextOpts
By reading our lock file and passing this into the context, we ensure that only the plugins referenced in the lock file can be used. As of this commit there is no way to create that lock file, but that will follow soon as part of "terraform init". We also provide a way to force a particular set of SHA256s. The main use for this is to allow us to persist a set of plugins in the plan and check the same plugins are used during apply, but it may also be useful for automated tests.
This commit is contained in:
Martin Atkins
parent
aa1c644499
commit
6ba6508ec9
|
|
@ -50,6 +50,11 @@ type Meta struct {
|
|||
// Override certain behavior for tests within this package
|
||||
testingOverrides *testingOverrides
|
||||
|
||||
// Override the set of provider plugin SHA256 digests we expect.
|
||||
// If this is nil we will instead read from the provider lock file
|
||||
// when setting up ContextOpts.
|
||||
forceProviderSHA256s map[string][]byte
|
||||
|
||||
//----------------------------------------------------------
|
||||
// Private: do not set these
|
||||
//----------------------------------------------------------
|
||||
|
|
@ -244,6 +249,12 @@ func (m *Meta) contextOpts() *terraform.ContextOpts {
|
|||
opts.Provisioners = m.provisionerFactories()
|
||||
}
|
||||
|
||||
if m.forceProviderSHA256s != nil {
|
||||
opts.ProviderSHA256s = m.forceProviderSHA256s
|
||||
} else {
|
||||
opts.ProviderSHA256s = m.providerPluginsLock().Read()
|
||||
}
|
||||
|
||||
opts.Meta = &terraform.ContextMeta{
|
||||
Env: m.Env(),
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue