Fix Terraform workspace destroy (#336)

Fix bug in terraform destroy when using workspaces and add e2e test
coverage. Fix some pylint warning and remove missing docstring
exception.

Author: mpagot

scripts/qesap/lib/cmds.py

@@ -176,10 +176,10 @@ def cmd_terraform(configure_data, base_project, dryrun, workspace='default', des
     cmds = []
     terraform_common_cmd = [config.get_terraform_bin(), f"-chdir={cfg_paths['provider']}"]
     if destroy:
+        cmds.append(terraform_common_cmd + ['destroy', '-auto-approve', '-no-color'])
         if workspace != 'default':
             cmds.append(terraform_common_cmd + ['workspace', 'select', 'default', '-no-color'])
             cmds.append(terraform_common_cmd + ['workspace', 'delete', workspace, '-no-color'])
-        cmds.append(terraform_common_cmd + ['destroy', '-auto-approve', '-no-color'])
     else:
         cmds.append(terraform_common_cmd + ['init', '-no-color'])
         if workspace != 'default':
@@ -260,7 +260,7 @@ def ansible_command_sequence(configure_data_ansible, base_project, sequence, ver
     if 'roles_path' in configure_data_ansible:
         original_env['ANSIBLE_ROLES_PATH'] = configure_data_ansible['roles_path']
 
-    # 2. Verify that needed binary are usable
+    # 2. Verify that the two needed binaries are usable
     ansible_bin_paths = {}
     for ansible_bin in ['ansible', 'ansible-playbook']:
         binpath = shutil.which(ansible_bin)
@@ -292,6 +292,16 @@ def ansible_command_sequence(configure_data_ansible, base_project, sequence, ver
         ansible_cmd_seq.append({'cmd': ['mkdir', '-p', junit]})
 
     ssh_share = ansible_common.copy()
+
+    # This is to avoid any manual intervention during first connection.
+    # Without this code it is usually needed to interactively
+    # accept the ssh host fingerprint.
+    # It is implemented using https://docs.ansible.com/ansible/latest/command_guide/intro_adhoc.html
+    #  - the binary used is 'ansible' instead of 'ansible-playbook'
+    #  - option 'all' runs the same command on all hosts in the inventory (that comes from ansible_common)
+    #  - '-a' is for running a single command remotely,
+    #  - 'true' is just the simplest possible command as th epoint is not what we run but establishing a first connection
+    # to have the fingerprint saved in the local known_host file.
     ssh_share[0] = ansible_bin_paths['ansible']
     # Don't set '--ssh-extra-args="..."' but 'ssh-extra-args=...'
     # for avoiding the ansible ssh connection failure introduced by

scripts/qesap/lib/config.py

@@ -73,6 +73,10 @@ def __init__(self, configure_data):
         self.conf = configure_data
 
     def get_terraform_bin(self):
+        """
+           Allow to specify a custom binary to be used in place of terraform.
+           Could be maybe used to give a try to opentofu.
+        """
         if 'bin' in self.conf['terraform']:
             return self.conf['terraform']['bin']
         # The user does not specify any custom binary in its config.yaml
@@ -126,6 +130,9 @@ def terraform_yml(self):
         return True
 
     def has_tfvar_template(self):
+        """
+            Search for terraform template conf.yaml region
+        """
         if 'terraform' not in self.conf or self.conf['terraform'] is None:
             log.info("No 'terraform' in the config.yaml")
             return False
@@ -207,6 +214,9 @@ def validate(self):
         return True
 
     def has_ansible(self):
+        """
+            Check if the ansible conf.yaml region is present
+        """
         return 'ansible' in self.conf
 
     @staticmethod
@@ -254,6 +264,9 @@ def has_ansible_playbooks(self, sequence):
         return True
 
     def get_playbooks(self, sequence):
+        """
+            Get list of playbooks
+        """
         return self.conf['ansible'][sequence]
 
     def validate_ansible_config(self, sequence):

scripts/qesap/lib/status.py

@@ -19,6 +19,7 @@ class Status(int):
     msg = ""
 
     def __new__(cls, str_or_int):
+        value = None
         if isinstance(str_or_int, str):
             value = 0 if str_or_int == "ok" else 1
         elif isinstance(str_or_int, int):

scripts/qesap/pylint.rc

@@ -154,8 +154,6 @@ confidence=HIGH,
 #        use-symbolic-message-instead
 
 disable=line-too-long,
-        missing-class-docstring,
-        missing-function-docstring,
         missing-module-docstring,
         too-many-branches,
         unused-argument,

scripts/qesap/test/e2e/test.sh

@@ -268,6 +268,40 @@ test_file "${TEST_TERRAFORM_TFSTATE}"
 [[ ! -f "${TEST_PROVIDER}/foo.bar" ]] || test_die "Resource ${TEST_PROVIDER}/foo.bar has not to be deleted when calling terraform destroy"
 rm "${TEST_TERRAFORM_TFSTATE}"
 
+#######################################################################
+test_step "[${QESAP_CFG}] Run dryrun Terraform workspace"
+# correct execution of terraform with workspaces in dryrun mode:
+THIS_LOG="${QESAPROOT}/test_3_terraform.log"
+qesap.py --verbose -b ${QESAPROOT} -c ${QESAP_CFG} --dryrun terraform -w DONALDUCK || test_die "${QESAP_CFG} fail on dryrun terraform workspace"
+TEST_TERRAFORM_TFSTATE="${TEST_PROVIDER}/terraform.tfstate"
+[[ ! -f "${TEST_TERRAFORM_TFSTATE}" ]] || test_die "File ${TEST_TERRAFORM_TFVARS} has been generated but it should not be in dryrun mode!"
+
+test_split
+echo "Run the script again collecting the output"
+qesap.py -b ${QESAPROOT} -c ${QESAP_CFG} --dryrun terraform -w DONALDUCK |& tee "${THIS_LOG}"
+for t_step in init workspace plan apply; do
+  echo "***Detect ${t_step} command***"
+  grep -qE "terraform.*${t_step}" \
+    "${THIS_LOG}" || test_die "${QESAP_CFG} terraform workspace dryrun does not have expected ${t_step} command in the output"
+done
+rm ${THIS_LOG}
+
+#######################################################################
+test_step "[${QESAP_CFG}] Run Terraform with workspaces"
+
+# Test is using an empty main.tf placed in the right provider folder
+qesap.py --verbose -b ${QESAPROOT} -c ${QESAP_CFG} terraform -w DONALDUCK || test_die "${QESAP_CFG} fail on terraform with workspace"
+ls -lai "${TEST_PROVIDER}"
+
+[[ ! -f "${TEST_TERRAFORM_TFSTATE}" ]] || test_die "File ${TEST_TERRAFORM_TFVARS} has been generated but it should not"
+[[ -d "${TEST_TERRAFORM_TFSTATE}.d" ]] || test_die "Folder ${TEST_TERRAFORM_TFVARS}.d has not been generated"
+
+#######################################################################
+test_step "[${QESAP_CFG}] Run Terraform destroy with workspaces"
+
+qesap.py --verbose -b ${QESAPROOT} -c ${QESAP_CFG} terraform -w DONALDUCK -d || test_die "${QESAP_CFG} fail on terraform destroy with workspace"
+rm -rf "${TEST_TERRAFORM_TFSTATE}.d"
+
 #######################################################################
 test_step "[${QESAP_CFG}] test stdout for terraform PASS"
 # run `qesap.py terraform` both with and without `--verbose`