From 90a6a627edf50afa17e61888f29931ae9e9b75e5 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Fri, 20 Feb 2015 09:18:08 -0800
Subject: [PATCH 1/3] config: validate configuration doens't contain splats to
 ourselves

---
 config/config.go                              | 20 +++++++++++++++++++
 config/config_test.go                         |  7 +++++++
 .../validate-prov-conn-splat-self/main.tf     |  7 +++++++
 3 files changed, 34 insertions(+)
 create mode 100644 config/test-fixtures/validate-prov-conn-splat-self/main.tf

diff --git a/config/config.go b/config/config.go
index 0a538449e..d70b86617 100644
--- a/config/config.go
+++ b/config/config.go
@@ -385,6 +385,26 @@ func (c *Config) Validate() error {
 					n, d))
 			}
 		}
+
+		// Verify provisioners don't contain any splats
+		for _, p := range r.Provisioners {
+			// This validation checks that there are now splat variables
+			// referencing ourself. This currently is not allowed.
+
+			for _, v := range p.ConnInfo.Variables {
+				rv, ok := v.(*ResourceVariable)
+				if !ok {
+					continue
+				}
+
+				if rv.Multi && rv.Index == -1 && rv.Type == r.Type && rv.Name == r.Name {
+					errs = append(errs, fmt.Errorf(
+						"%s: connection info cannot contain splat variable "+
+							"referencing itself", n))
+					break
+				}
+			}
+		}
 	}
 
 	for source, vs := range vars {
diff --git a/config/config_test.go b/config/config_test.go
index 5586f60f1..006101f45 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -179,6 +179,13 @@ func TestConfigValidate_pathVarInvalid(t *testing.T) {
 	}
 }
 
+func TestConfigValidate_provConnSplatSelf(t *testing.T) {
+	c := testConfig(t, "validate-prov-conn-splat-self")
+	if err := c.Validate(); err == nil {
+		t.Fatal("should not be valid")
+	}
+}
+
 func TestConfigValidate_unknownThing(t *testing.T) {
 	c := testConfig(t, "validate-unknownthing")
 	if err := c.Validate(); err == nil {
diff --git a/config/test-fixtures/validate-prov-conn-splat-self/main.tf b/config/test-fixtures/validate-prov-conn-splat-self/main.tf
new file mode 100644
index 000000000..9ebb5198a
--- /dev/null
+++ b/config/test-fixtures/validate-prov-conn-splat-self/main.tf
@@ -0,0 +1,7 @@
+resource "aws_instance" "bar" {
+    connection {
+        host = "${element(aws_instance.bar.*.private_ip, 0)}"
+    }
+
+    provisioner "local-exec" {}
+}

From f156d0d1bd5e6316939aff98716f31c25c791245 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Fri, 20 Feb 2015 09:19:13 -0800
Subject: [PATCH 2/3] config: test we can ref splat of other resources

---
 config/config_test.go                                    | 7 +++++++
 .../test-fixtures/validate-prov-conn-splat-other/main.tf | 9 +++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 config/test-fixtures/validate-prov-conn-splat-other/main.tf

diff --git a/config/config_test.go b/config/config_test.go
index 006101f45..0946358bd 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -179,6 +179,13 @@ func TestConfigValidate_pathVarInvalid(t *testing.T) {
 	}
 }
 
+func TestConfigValidate_provConnSplatOther(t *testing.T) {
+	c := testConfig(t, "validate-prov-conn-splat-other")
+	if err := c.Validate(); err != nil {
+		t.Fatalf("should be valid: %s", err)
+	}
+}
+
 func TestConfigValidate_provConnSplatSelf(t *testing.T) {
 	c := testConfig(t, "validate-prov-conn-splat-self")
 	if err := c.Validate(); err == nil {
diff --git a/config/test-fixtures/validate-prov-conn-splat-other/main.tf b/config/test-fixtures/validate-prov-conn-splat-other/main.tf
new file mode 100644
index 000000000..1abb2cc47
--- /dev/null
+++ b/config/test-fixtures/validate-prov-conn-splat-other/main.tf
@@ -0,0 +1,9 @@
+resource "aws_instance" "foo" {}
+
+resource "aws_instance" "bar" {
+    connection {
+        host = "${element(aws_instance.foo.*.private_ip, 0)}"
+    }
+
+    provisioner "local-exec" {}
+}

From c14e84a65750590503ad85b397a407e67d047573 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Fri, 20 Feb 2015 09:21:29 -0800
Subject: [PATCH 3/3] config: validate provisioner splats can only reference
 others

---
 config/config.go                                   | 14 ++++++++++++++
 config/config_test.go                              | 14 ++++++++++++++
 .../validate-prov-splat-other/main.tf              |  7 +++++++
 .../test-fixtures/validate-prov-splat-self/main.tf |  7 +++++++
 4 files changed, 42 insertions(+)
 create mode 100644 config/test-fixtures/validate-prov-splat-other/main.tf
 create mode 100644 config/test-fixtures/validate-prov-splat-self/main.tf

diff --git a/config/config.go b/config/config.go
index d70b86617..7469052a9 100644
--- a/config/config.go
+++ b/config/config.go
@@ -404,6 +404,20 @@ func (c *Config) Validate() error {
 					break
 				}
 			}
+
+			for _, v := range p.RawConfig.Variables {
+				rv, ok := v.(*ResourceVariable)
+				if !ok {
+					continue
+				}
+
+				if rv.Multi && rv.Index == -1 && rv.Type == r.Type && rv.Name == r.Name {
+					errs = append(errs, fmt.Errorf(
+						"%s: connection info cannot contain splat variable "+
+							"referencing itself", n))
+					break
+				}
+			}
 		}
 	}
 
diff --git a/config/config_test.go b/config/config_test.go
index 0946358bd..d49d9cdac 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -193,6 +193,20 @@ func TestConfigValidate_provConnSplatSelf(t *testing.T) {
 	}
 }
 
+func TestConfigValidate_provSplatOther(t *testing.T) {
+	c := testConfig(t, "validate-prov-splat-other")
+	if err := c.Validate(); err != nil {
+		t.Fatalf("should be valid: %s", err)
+	}
+}
+
+func TestConfigValidate_provSplatSelf(t *testing.T) {
+	c := testConfig(t, "validate-prov-splat-self")
+	if err := c.Validate(); err == nil {
+		t.Fatal("should not be valid")
+	}
+}
+
 func TestConfigValidate_unknownThing(t *testing.T) {
 	c := testConfig(t, "validate-unknownthing")
 	if err := c.Validate(); err == nil {
diff --git a/config/test-fixtures/validate-prov-splat-other/main.tf b/config/test-fixtures/validate-prov-splat-other/main.tf
new file mode 100644
index 000000000..b24b3284f
--- /dev/null
+++ b/config/test-fixtures/validate-prov-splat-other/main.tf
@@ -0,0 +1,7 @@
+resource "aws_instance" "foo" {}
+
+resource "aws_instance" "bar" {
+    provisioner "local-exec" {
+        command = "${element(aws_instance.foo.*.private_ip, 0)}"
+    }
+}
diff --git a/config/test-fixtures/validate-prov-splat-self/main.tf b/config/test-fixtures/validate-prov-splat-self/main.tf
new file mode 100644
index 000000000..0f82865e6
--- /dev/null
+++ b/config/test-fixtures/validate-prov-splat-self/main.tf
@@ -0,0 +1,7 @@
+resource "aws_instance" "foo" {}
+
+resource "aws_instance" "bar" {
+    provisioner "local-exec" {
+        command = "${element(aws_instance.bar.*.private_ip, 0)}"
+    }
+}