// Validate does some basic semantic checking of the configuration.
func (c *Config) Validate() error {
if c == nil {
return nil
}
var errs []error
for _, k := range c.unknownKeys {
errs = append(errs, fmt.Errorf(
"Unknown root level key: %s", k))
}
// Validate the Terraform config
if tf := c.Terraform; tf != nil {
if raw := tf.RequiredVersion; raw != "" {
// Check that the value has no interpolations
rc, err := NewRawConfig(map[string]interface{}{
"root": raw,
})
if err != nil {
errs = append(errs, fmt.Errorf(
"terraform.required_version: %s", err))
} else if len(rc.Interpolations) > 0 {
errs = append(errs, fmt.Errorf(
"terraform.required_version: cannot contain interpolations"))
} else {
// Check it is valid
_, err := version.NewConstraint(raw)
if err != nil {
errs = append(errs, fmt.Errorf(
"terraform.required_version: invalid syntax: %s", err))
}
}
}
}
vars := c.InterpolatedVariables()
varMap := make(map[string]*Variable)
for _, v := range c.Variables {
if _, ok := varMap[v.Name]; ok {
errs = append(errs, fmt.Errorf(
"Variable '%s': duplicate found. Variable names must be unique.",
v.Name))
}
varMap[v.Name] = v
}
for k, _ := range varMap {
if !NameRegexp.MatchString(k) {
errs = append(errs, fmt.Errorf(
"variable %q: variable name must match regular expresion %s",
k, NameRegexp))
}
}
for _, v := range c.Variables {
if v.Type() == VariableTypeUnknown {
errs = append(errs, fmt.Errorf(
"Variable '%s': must be a string or a map",
v.Name))
continue
}
interp := false
fn := func(ast.Node) (interface{}, error) {
interp = true
return "", nil
}
w := &interpolationWalker{F: fn}
if v.Default != nil {
if err := reflectwalk.Walk(v.Default, w); err == nil {
if interp {
errs = append(errs, fmt.Errorf(
"Variable '%s': cannot contain interpolations",
v.Name))
}
}
}
}
// Check for references to user variables that do not actually
// exist and record those errors.
for source, vs := range vars {
for _, v := range vs {
uv, ok := v.(*UserVariable)
if !ok {
continue
}
if _, ok := varMap[uv.Name]; !ok {
errs = append(errs, fmt.Errorf(
"%s: unknown variable referenced: '%s'. define it with 'variable' blocks",
source,
uv.Name))
}
}
}
// Check that all count variables are valid.
for source, vs := range vars {
for _, rawV := range vs {
switch v := rawV.(type) {
case *CountVariable:
if v.Type == CountValueInvalid {
errs = append(errs, fmt.Errorf(
"%s: invalid count variable: %s",
source,
v.FullKey()))
}
case *PathVariable:
if v.Type == PathValueInvalid {
errs = append(errs, fmt.Errorf(
"%s: invalid path variable: %s",
source,
v.FullKey()))
}
}
}
}
// Check that providers aren't declared multiple times.
providerSet := make(map[string]struct{})
for _, p := range c.ProviderConfigs {
name := p.FullName()
if _, ok := providerSet[name]; ok {
errs = append(errs, fmt.Errorf(
"provider.%s: declared multiple times, you can only declare a provider once",
name))
continue
}
providerSet[name] = struct{}{}
}
// Check that all references to modules are valid
modules := make(map[string]*Module)
dupped := make(map[string]struct{})
for _, m := range c.Modules {
// Check for duplicates
if _, ok := modules[m.Id()]; ok {
if _, ok := dupped[m.Id()]; !ok {
dupped[m.Id()] = struct{}{}
errs = append(errs, fmt.Errorf(
"%s: module repeated multiple times",
m.Id()))
}
// Already seen this module, just skip it
continue
}
modules[m.Id()] = m
// Check that the source has no interpolations
rc, err := NewRawConfig(map[string]interface{}{
"root": m.Source,
})
if err != nil {
errs = append(errs, fmt.Errorf(
"%s: module source error: %s",
m.Id(), err))
} else if len(rc.Interpolations) > 0 {
errs = append(errs, fmt.Errorf(
"%s: module source cannot contain interpolations",
m.Id()))
}
// Check that the name matches our regexp
if !NameRegexp.Match([]byte(m.Name)) {
errs = append(errs, fmt.Errorf(
"%s: module name can only contain letters, numbers, "+
"dashes, and underscores",
m.Id()))
}
// Check that the configuration can all be strings, lists or maps
raw := make(map[string]interface{})
for k, v := range m.RawConfig.Raw {
var strVal string
if err := hilmapstructure.WeakDecode(v, &strVal); err == nil {
raw[k] = strVal
continue
}
var mapVal map[string]interface{}
if err := hilmapstructure.WeakDecode(v, &mapVal); err == nil {
raw[k] = mapVal
continue
}
var sliceVal []interface{}
if err := hilmapstructure.WeakDecode(v, &sliceVal); err == nil {
raw[k] = sliceVal
continue
}
errs = append(errs, fmt.Errorf(
"%s: variable %s must be a string, list or map value",
m.Id(), k))
}
// Check for invalid count variables
for _, v := range m.RawConfig.Variables {
switch v.(type) {
case *CountVariable:
errs = append(errs, fmt.Errorf(
"%s: count variables are only valid within resources", m.Name))
case *SelfVariable:
errs = append(errs, fmt.Errorf(
"%s: self variables are only valid within resources", m.Name))
}
}
// Update the raw configuration to only contain the string values
m.RawConfig, err = NewRawConfig(raw)
if err != nil {
errs = append(errs, fmt.Errorf(
"%s: can't initialize configuration: %s",
m.Id(), err))
}
}
dupped = nil
// Check that all variables for modules reference modules that
// exist.
for source, vs := range vars {
for _, v := range vs {
mv, ok := v.(*ModuleVariable)
if !ok {
continue
}
if _, ok := modules[mv.Name]; !ok {
errs = append(errs, fmt.Errorf(
"%s: unknown module referenced: %s",
source,
mv.Name))
}
}
}
// Check that all references to resources are valid
resources := make(map[string]*Resource)
dupped = make(map[string]struct{})
for _, r := range c.Resources {
if _, ok := resources[r.Id()]; ok {
if _, ok := dupped[r.Id()]; !ok {
dupped[r.Id()] = struct{}{}
errs = append(errs, fmt.Errorf(
"%s: resource repeated multiple times",
r.Id()))
}
}
resources[r.Id()] = r
}
dupped = nil
// Validate resources
for n, r := range resources {
// Verify count variables
for _, v := range r.RawCount.Variables {
switch v.(type) {
case *CountVariable:
errs = append(errs, fmt.Errorf(
"%s: resource count can't reference count variable: %s",
n,
v.FullKey()))
case *ModuleVariable:
errs = append(errs, fmt.Errorf(
"%s: resource count can't reference module variable: %s",
n,
v.FullKey()))
case *ResourceVariable:
errs = append(errs, fmt.Errorf(
"%s: resource count can't reference resource variable: %s",
n,
v.FullKey()))
case *SimpleVariable:
errs = append(errs, fmt.Errorf(
"%s: resource count can't reference variable: %s",
n,
v.FullKey()))
case *UserVariable:
// Good
default:
panic(fmt.Sprintf("Unknown type in count var in %s: %T", n, v))
}
}
// Interpolate with a fixed number to verify that its a number.
r.RawCount.interpolate(func(root ast.Node) (interface{}, error) {
// Execute the node but transform the AST so that it returns
// a fixed value of "5" for all interpolations.
result, err := hil.Eval(
hil.FixedValueTransform(
root, &ast.LiteralNode{Value: "5", Typex: ast.TypeString}),
nil)
if err != nil {
return "", err
}
return result.Value, nil
})
_, err := strconv.ParseInt(r.RawCount.Value().(string), 0, 0)
if err != nil {
errs = append(errs, fmt.Errorf(
"%s: resource count must be an integer",
n))
}
r.RawCount.init()
// Validate DependsOn
errs = append(errs, c.validateDependsOn(n, r.DependsOn, resources, modules)...)
// Verify provisioners don't contain any splats
for _, p := range r.Provisioners {
// This validation checks that there are now splat variables
// referencing ourself. This currently is not allowed.
for _, v := range p.ConnInfo.Variables {
rv, ok := v.(*ResourceVariable)
if !ok {
continue
}
if rv.Multi && rv.Index == -1 && rv.Type == r.Type && rv.Name == r.Name {
errs = append(errs, fmt.Errorf(
"%s: connection info cannot contain splat variable "+
"referencing itself", n))
break
}
}
for _, v := range p.RawConfig.Variables {
rv, ok := v.(*ResourceVariable)
if !ok {
continue
}
if rv.Multi && rv.Index == -1 && rv.Type == r.Type && rv.Name == r.Name {
errs = append(errs, fmt.Errorf(
"%s: connection info cannot contain splat variable "+
"referencing itself", n))
break
}
}
}
// Verify ignore_changes contains valid entries
for _, v := range r.Lifecycle.IgnoreChanges {
if strings.Contains(v, "*") && v != "*" {
errs = append(errs, fmt.Errorf(
"%s: ignore_changes does not support using a partial string "+
"together with a wildcard: %s", n, v))
}
}
// Verify ignore_changes has no interpolations
rc, err := NewRawConfig(map[string]interface{}{
"root": r.Lifecycle.IgnoreChanges,
})
if err != nil {
errs = append(errs, fmt.Errorf(
"%s: lifecycle ignore_changes error: %s",
n, err))
} else if len(rc.Interpolations) > 0 {
errs = append(errs, fmt.Errorf(
"%s: lifecycle ignore_changes cannot contain interpolations",
n))
}
// If it is a data source then it can't have provisioners
if r.Mode == DataResourceMode {
if _, ok := r.RawConfig.Raw["provisioner"]; ok {
errs = append(errs, fmt.Errorf(
"%s: data sources cannot have provisioners",
n))
}
}
}
for source, vs := range vars {
for _, v := range vs {
rv, ok := v.(*ResourceVariable)
if !ok {
continue
}
id := rv.ResourceId()
if _, ok := resources[id]; !ok {
errs = append(errs, fmt.Errorf(
"%s: unknown resource '%s' referenced in variable %s",
source,
id,
rv.FullKey()))
continue
}
}
}
// Check that all outputs are valid
{
found := make(map[string]struct{})
for _, o := range c.Outputs {
// Verify the output is new
if _, ok := found[o.Name]; ok {
errs = append(errs, fmt.Errorf(
"%s: duplicate output. output names must be unique.",
o.Name))
continue
}
found[o.Name] = struct{}{}
var invalidKeys []string
valueKeyFound := false
for k := range o.RawConfig.Raw {
if k == "value" {
valueKeyFound = true
continue
}
if k == "sensitive" {
if sensitive, ok := o.RawConfig.config[k].(bool); ok {
if sensitive {
o.Sensitive = true
}
continue
}
errs = append(errs, fmt.Errorf(
"%s: value for 'sensitive' must be boolean",
o.Name))
continue
}
if k == "description" {
if desc, ok := o.RawConfig.config[k].(string); ok {
o.Description = desc
continue
}
errs = append(errs, fmt.Errorf(
"%s: value for 'description' must be string",
o.Name))
continue
}
invalidKeys = append(invalidKeys, k)
}
if len(invalidKeys) > 0 {
errs = append(errs, fmt.Errorf(
"%s: output has invalid keys: %s",
o.Name, strings.Join(invalidKeys, ", ")))
}
if !valueKeyFound {
errs = append(errs, fmt.Errorf(
"%s: output is missing required 'value' key", o.Name))
}
for _, v := range o.RawConfig.Variables {
if _, ok := v.(*CountVariable); ok {
errs = append(errs, fmt.Errorf(
"%s: count variables are only valid within resources", o.Name))
}
}
}
}
// Check that all variables are in the proper context
for source, rc := range c.rawConfigs() {
walker := &interpolationWalker{
ContextF: c.validateVarContextFn(source, &errs),
}
if err := reflectwalk.Walk(rc.Raw, walker); err != nil {
errs = append(errs, fmt.Errorf(
"%s: error reading config: %s", source, err))
}
}
// Validate the self variable
for source, rc := range c.rawConfigs() {
// Ignore provisioners. This is a pretty brittle way to do this,
// but better than also repeating all the resources.
if strings.Contains(source, "provision") {
continue
}
for _, v := range rc.Variables {
if _, ok := v.(*SelfVariable); ok {
errs = append(errs, fmt.Errorf(
"%s: cannot contain self-reference %s", source, v.FullKey()))
}
}
}
if len(errs) > 0 {
return &multierror.Error{Errors: errs}
}
return nil
}
// Validate does some basic semantic checking of the configuration.
func (c *Config) Validate() error {
if c == nil {
return nil
}
var errs []error
for _, k := range c.unknownKeys {
errs = append(errs, fmt.Errorf(
"Unknown root level key: %s", k))
}
vars := c.InterpolatedVariables()
varMap := make(map[string]*Variable)
for _, v := range c.Variables {
varMap[v.Name] = v
}
for _, v := range c.Variables {
if v.Type() == VariableTypeUnknown {
errs = append(errs, fmt.Errorf(
"Variable '%s': must be a string or a map",
v.Name))
continue
}
interp := false
fn := func(ast.Node) (string, error) {
interp = true
return "", nil
}
w := &interpolationWalker{F: fn}
if v.Default != nil {
if err := reflectwalk.Walk(v.Default, w); err == nil {
if interp {
errs = append(errs, fmt.Errorf(
"Variable '%s': cannot contain interpolations",
v.Name))
}
}
}
}
// Check for references to user variables that do not actually
// exist and record those errors.
for source, vs := range vars {
for _, v := range vs {
uv, ok := v.(*UserVariable)
if !ok {
continue
}
if _, ok := varMap[uv.Name]; !ok {
errs = append(errs, fmt.Errorf(
"%s: unknown variable referenced: '%s'. define it with 'variable' blocks",
source,
uv.Name))
}
}
}
// Check that all count variables are valid.
for source, vs := range vars {
for _, rawV := range vs {
switch v := rawV.(type) {
case *CountVariable:
if v.Type == CountValueInvalid {
errs = append(errs, fmt.Errorf(
"%s: invalid count variable: %s",
source,
v.FullKey()))
}
case *PathVariable:
if v.Type == PathValueInvalid {
errs = append(errs, fmt.Errorf(
"%s: invalid path variable: %s",
source,
v.FullKey()))
}
}
}
}
// Check that providers aren't declared multiple times.
providerSet := make(map[string]struct{})
for _, p := range c.ProviderConfigs {
name := p.FullName()
if _, ok := providerSet[name]; ok {
errs = append(errs, fmt.Errorf(
"provider.%s: declared multiple times, you can only declare a provider once",
name))
continue
}
providerSet[name] = struct{}{}
}
// Check that all references to modules are valid
modules := make(map[string]*Module)
dupped := make(map[string]struct{})
for _, m := range c.Modules {
// Check for duplicates
if _, ok := modules[m.Id()]; ok {
if _, ok := dupped[m.Id()]; !ok {
dupped[m.Id()] = struct{}{}
errs = append(errs, fmt.Errorf(
"%s: module repeated multiple times",
m.Id()))
}
// Already seen this module, just skip it
continue
}
modules[m.Id()] = m
// Check that the source has no interpolations
rc, err := NewRawConfig(map[string]interface{}{
"root": m.Source,
})
if err != nil {
errs = append(errs, fmt.Errorf(
"%s: module source error: %s",
m.Id(), err))
} else if len(rc.Interpolations) > 0 {
errs = append(errs, fmt.Errorf(
"%s: module source cannot contain interpolations",
m.Id()))
}
// Check that the name matches our regexp
if !NameRegexp.Match([]byte(m.Name)) {
errs = append(errs, fmt.Errorf(
"%s: module name can only contain letters, numbers, "+
"dashes, and underscores",
m.Id()))
}
// Check that the configuration can all be strings
raw := make(map[string]interface{})
for k, v := range m.RawConfig.Raw {
var strVal string
if err := mapstructure.WeakDecode(v, &strVal); err != nil {
errs = append(errs, fmt.Errorf(
"%s: variable %s must be a string value",
m.Id(), k))
}
raw[k] = strVal
}
// Check for invalid count variables
for _, v := range m.RawConfig.Variables {
switch v.(type) {
case *CountVariable:
errs = append(errs, fmt.Errorf(
"%s: count variables are only valid within resources", m.Name))
case *SelfVariable:
errs = append(errs, fmt.Errorf(
"%s: self variables are only valid within resources", m.Name))
}
}
// Update the raw configuration to only contain the string values
m.RawConfig, err = NewRawConfig(raw)
if err != nil {
errs = append(errs, fmt.Errorf(
"%s: can't initialize configuration: %s",
m.Id(), err))
}
}
dupped = nil
// Check that all variables for modules reference modules that
// exist.
for source, vs := range vars {
for _, v := range vs {
mv, ok := v.(*ModuleVariable)
if !ok {
continue
}
if _, ok := modules[mv.Name]; !ok {
errs = append(errs, fmt.Errorf(
"%s: unknown module referenced: %s",
source,
mv.Name))
}
}
}
// Check that all references to resources are valid
resources := make(map[string]*Resource)
dupped = make(map[string]struct{})
for _, r := range c.Resources {
if _, ok := resources[r.Id()]; ok {
if _, ok := dupped[r.Id()]; !ok {
dupped[r.Id()] = struct{}{}
errs = append(errs, fmt.Errorf(
"%s: resource repeated multiple times",
r.Id()))
}
}
resources[r.Id()] = r
}
dupped = nil
// Validate resources
for n, r := range resources {
// Verify count variables
for _, v := range r.RawCount.Variables {
switch v.(type) {
case *CountVariable:
errs = append(errs, fmt.Errorf(
"%s: resource count can't reference count variable: %s",
n,
v.FullKey()))
case *ModuleVariable:
errs = append(errs, fmt.Errorf(
"%s: resource count can't reference module variable: %s",
n,
v.FullKey()))
case *ResourceVariable:
errs = append(errs, fmt.Errorf(
"%s: resource count can't reference resource variable: %s",
n,
v.FullKey()))
case *UserVariable:
// Good
default:
panic("Unknown type in count var: " + n)
}
}
// Interpolate with a fixed number to verify that its a number.
r.RawCount.interpolate(func(root ast.Node) (string, error) {
// Execute the node but transform the AST so that it returns
// a fixed value of "5" for all interpolations.
out, _, err := hil.Eval(
hil.FixedValueTransform(
root, &ast.LiteralNode{Value: "5", Typex: ast.TypeString}),
nil)
if err != nil {
return "", err
}
return out.(string), nil
})
_, err := strconv.ParseInt(r.RawCount.Value().(string), 0, 0)
if err != nil {
errs = append(errs, fmt.Errorf(
"%s: resource count must be an integer",
n))
}
r.RawCount.init()
// Verify depends on points to resources that all exist
for _, d := range r.DependsOn {
// Check if we contain interpolations
rc, err := NewRawConfig(map[string]interface{}{
"value": d,
})
if err == nil && len(rc.Variables) > 0 {
errs = append(errs, fmt.Errorf(
"%s: depends on value cannot contain interpolations: %s",
n, d))
continue
}
if _, ok := resources[d]; !ok {
errs = append(errs, fmt.Errorf(
"%s: resource depends on non-existent resource '%s'",
n, d))
}
}
// Verify provider points to a provider that is configured
if r.Provider != "" {
if _, ok := providerSet[r.Provider]; !ok {
errs = append(errs, fmt.Errorf(
"%s: resource depends on non-configured provider '%s'",
n, r.Provider))
}
}
// Verify provisioners don't contain any splats
for _, p := range r.Provisioners {
// This validation checks that there are now splat variables
// referencing ourself. This currently is not allowed.
for _, v := range p.ConnInfo.Variables {
rv, ok := v.(*ResourceVariable)
if !ok {
continue
}
if rv.Multi && rv.Index == -1 && rv.Type == r.Type && rv.Name == r.Name {
errs = append(errs, fmt.Errorf(
"%s: connection info cannot contain splat variable "+
"referencing itself", n))
break
}
}
for _, v := range p.RawConfig.Variables {
rv, ok := v.(*ResourceVariable)
if !ok {
continue
}
if rv.Multi && rv.Index == -1 && rv.Type == r.Type && rv.Name == r.Name {
errs = append(errs, fmt.Errorf(
"%s: connection info cannot contain splat variable "+
"referencing itself", n))
break
}
}
}
}
for source, vs := range vars {
for _, v := range vs {
rv, ok := v.(*ResourceVariable)
if !ok {
continue
}
id := fmt.Sprintf("%s.%s", rv.Type, rv.Name)
if _, ok := resources[id]; !ok {
errs = append(errs, fmt.Errorf(
"%s: unknown resource '%s' referenced in variable %s",
source,
id,
rv.FullKey()))
continue
}
}
}
// Check that all outputs are valid
for _, o := range c.Outputs {
var invalidKeys []string
valueKeyFound := false
for k := range o.RawConfig.Raw {
if k == "value" {
valueKeyFound = true
} else {
invalidKeys = append(invalidKeys, k)
}
}
if len(invalidKeys) > 0 {
errs = append(errs, fmt.Errorf(
"%s: output has invalid keys: %s",
o.Name, strings.Join(invalidKeys, ", ")))
}
if !valueKeyFound {
errs = append(errs, fmt.Errorf(
"%s: output is missing required 'value' key", o.Name))
}
for _, v := range o.RawConfig.Variables {
if _, ok := v.(*CountVariable); ok {
errs = append(errs, fmt.Errorf(
"%s: count variables are only valid within resources", o.Name))
}
}
}
// Check that all variables are in the proper context
for source, rc := range c.rawConfigs() {
walker := &interpolationWalker{
ContextF: c.validateVarContextFn(source, &errs),
}
if err := reflectwalk.Walk(rc.Raw, walker); err != nil {
errs = append(errs, fmt.Errorf(
"%s: error reading config: %s", source, err))
}
}
// Validate the self variable
for source, rc := range c.rawConfigs() {
// Ignore provisioners. This is a pretty brittle way to do this,
// but better than also repeating all the resources.
if strings.Contains(source, "provision") {
continue
}
for _, v := range rc.Variables {
if _, ok := v.(*SelfVariable); ok {
errs = append(errs, fmt.Errorf(
"%s: cannot contain self-reference %s", source, v.FullKey()))
}
}
}
if len(errs) > 0 {
return &multierror.Error{Errors: errs}
}
return nil
}