command: Unmanaged providers

This adds supports for "unmanaged" providers, or providers with process
lifecycles not controlled by Terraform. These providers are assumed to
be started before Terraform is launched, and are assumed to shut
themselves down after Terraform has finished running.

To do this, we must update the go-plugin dependency to v1.3.0, which
added support for the "test mode" plugin serving that powers all this.

As a side-effect of not needing to manage the process lifecycle anymore,
Terraform also no longer needs to worry about the provider's binary, as
it won't be used for anything anymore. Because of this, we can disable
the init behavior that concerns itself with downloading that provider's
binary, checking its version, and otherwise managing the binary.

This is all managed on a per-provider basis, so managed providers that
Terraform downloads, starts, and stops can be used in the same commands
as unmanaged providers. The TF_REATTACH_PROVIDERS environment variable
is added, and is a JSON encoding of the provider's address to the
information we need to connect to it.

This change enables two benefits: first, delve and other debuggers can
now be attached to provider server processes, and Terraform can connect.
This allows for attaching debuggers to provider processes, which before
was difficult to impossible. Second, it allows the SDK test framework to
host the provider in the same process as the test driver, while running
a production Terraform binary against the provider. This allows for Go's
built-in race detector and test coverage tooling to work as expected in
provider tests.

Unmanaged providers are expected to work in the exact same way as
managed providers, with one caveat: Terraform kills provider processes
and restarts them once per graph walk, meaning multiple times during
most Terraform CLI commands. As unmanaged providers can't be killed by
Terraform, and have no visibility into graph walks, unmanaged providers
are likely to have differences in how their global mutable state behaves
when compared to managed providers. Namely, unmanaged providers are
likely to retain global state when managed providers would have reset
it. Developers relying on global state should be aware of this.

Author: Paddy

builtin/providers/test/provider.go

@@ -42,6 +42,7 @@ func Provider() terraform.ResourceProvider {
 			"test_resource_config_mode":      testResourceConfigMode(),
 			"test_resource_nested_id":        testResourceNestedId(),
 			"test_resource_provider_meta":    testResourceProviderMeta(),
+			"test_resource_signal":           testResourceSignal(),
 			"test_undeleteable":              testResourceUndeleteable(),
 			"test_resource_required_min":     testResourceRequiredMin(),
 		},

builtin/providers/test/resource_signal.go

@@ -0,0 +1,43 @@
+package test
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func testResourceSignal() *schema.Resource {
+	return &schema.Resource{
+		Create: testResourceSignalCreate,
+		Read:   testResourceSignalRead,
+		Update: testResourceSignalUpdate,
+		Delete: testResourceSignalDelete,
+
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"optional": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+		},
+	}
+}
+
+func testResourceSignalCreate(d *schema.ResourceData, meta interface{}) error {
+	d.SetId("testId")
+
+	return testResourceSignalRead(d, meta)
+}
+
+func testResourceSignalRead(d *schema.ResourceData, meta interface{}) error {
+	return nil
+}
+
+func testResourceSignalUpdate(d *schema.ResourceData, meta interface{}) error {
+	return testResourceSignalRead(d, meta)
+}
+
+func testResourceSignalDelete(d *schema.ResourceData, meta interface{}) error {
+	return nil
+}

command/e2etest/testdata/test-provider/main.tf

@@ -0,0 +1,6 @@
+provider "test" {
+
+}
+
+resource "test_resource_signal" "test" {
+}

command/e2etest/unmanaged_test.go

@@ -0,0 +1,158 @@
+package e2etest
+
+import (
+	"context"
+	"encoding/json"
+	"io/ioutil"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-plugin"
+	"github.com/hashicorp/terraform/builtin/providers/test"
+	"github.com/hashicorp/terraform/e2e"
+	grpcplugin "github.com/hashicorp/terraform/helper/plugin"
+	proto "github.com/hashicorp/terraform/internal/tfplugin5"
+	tfplugin "github.com/hashicorp/terraform/plugin"
+)
+
+// The tests in this file are for the "unmanaged provider workflow", which
+// includes variants of the following sequence, with different details:
+// terraform init
+// terraform plan
+// terraform apply
+//
+// These tests are run against an in-process server, and checked to make sure
+// they're not trying to control the lifecycle of the binary. They are not
+// checked for correctness of the operations themselves.
+
+type reattachConfig struct {
+	Protocol string
+	Pid      int
+	Test     bool
+	Addr     reattachConfigAddr
+}
+
+type reattachConfigAddr struct {
+	Network string
+	String  string
+}
+
+type providerServer struct {
+	*grpcplugin.GRPCProviderServer
+	planResourceChangeCalled  bool
+	applyResourceChangeCalled bool
+}
+
+func (p *providerServer) PlanResourceChange(ctx context.Context, req *proto.PlanResourceChange_Request) (*proto.PlanResourceChange_Response, error) {
+	p.planResourceChangeCalled = true
+	return p.GRPCProviderServer.PlanResourceChange(ctx, req)
+}
+
+func (p *providerServer) ApplyResourceChange(ctx context.Context, req *proto.ApplyResourceChange_Request) (*proto.ApplyResourceChange_Response, error) {
+	p.applyResourceChangeCalled = true
+	return p.GRPCProviderServer.ApplyResourceChange(ctx, req)
+}
+
+func TestUnmanagedSeparatePlan(t *testing.T) {
+	t.Parallel()
+
+	fixturePath := filepath.Join("testdata", "test-provider")
+	tf := e2e.NewBinary(terraformBin, fixturePath)
+	defer tf.Close()
+
+	reattachCh := make(chan *plugin.ReattachConfig)
+	closeCh := make(chan struct{})
+	provider := &providerServer{
+		GRPCProviderServer: grpcplugin.NewGRPCProviderServerShim(test.Provider()),
+	}
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	go plugin.Serve(&plugin.ServeConfig{
+		Logger: hclog.New(&hclog.LoggerOptions{
+			Name:   "plugintest",
+			Level:  hclog.Trace,
+			Output: ioutil.Discard,
+		}),
+		Test: &plugin.ServeTestConfig{
+			Context:          ctx,
+			ReattachConfigCh: reattachCh,
+			CloseCh:          closeCh,
+		},
+		GRPCServer: plugin.DefaultGRPCServer,
+		VersionedPlugins: map[int]plugin.PluginSet{
+			5: plugin.PluginSet{
+				"provider": &tfplugin.GRPCProviderPlugin{
+					GRPCProvider: func() proto.ProviderServer {
+						return provider
+					},
+				},
+			},
+		},
+	})
+	config := <-reattachCh
+	if config == nil {
+		t.Fatalf("no reattach config received")
+	}
+	reattachStr, err := json.Marshal(map[string]reattachConfig{
+		"hashicorp/test": reattachConfig{
+			Protocol: string(config.Protocol),
+			Pid:      config.Pid,
+			Test:     true,
+			Addr: reattachConfigAddr{
+				Network: config.Addr.Network(),
+				String:  config.Addr.String(),
+			},
+		},
+	})
+	tf.AddEnv("TF_REATTACH_PROVIDERS=" + string(reattachStr))
+	tf.AddEnv("PLUGIN_PROTOCOL_VERSION=5")
+
+	//// INIT
+	stdout, stderr, err := tf.Run("init")
+	if err != nil {
+		t.Fatalf("unexpected init error: %s\nstderr:\n%s", err, stderr)
+	}
+
+	// Make sure we didn't download the binary
+	if strings.Contains(stdout, "Installing hashicorp/test v") {
+		t.Errorf("test provider download message is present in init output:\n%s", stdout)
+	}
+	if tf.FileExists(filepath.Join(".terraform", "plugins", "registry.terraform.io", "hashicorp", "test")) {
+		t.Errorf("test provider binary found in .terraform dir")
+	}
+
+	//// PLAN
+	_, stderr, err = tf.Run("plan", "-out=tfplan")
+	if err != nil {
+		t.Fatalf("unexpected plan error: %s\nstderr:\n%s", err, stderr)
+	}
+
+	if !provider.planResourceChangeCalled {
+		t.Error("PlanResourceChange not called on in-process provider")
+	}
+
+	//// APPLY
+	_, stderr, err = tf.Run("apply", "tfplan")
+	if err != nil {
+		t.Fatalf("unexpected apply error: %s\nstderr:\n%s", err, stderr)
+	}
+
+	if !provider.applyResourceChangeCalled {
+		t.Error("ApplyResourceChange not called on in-process provider")
+	}
+	provider.applyResourceChangeCalled = false
+
+	//// DESTROY
+	_, stderr, err = tf.Run("destroy", "-auto-approve")
+	if err != nil {
+		t.Fatalf("unexpected destroy error: %s\nstderr:\n%s", err, stderr)
+	}
+
+	if !provider.applyResourceChangeCalled {
+		t.Error("ApplyResourceChange (destroy) not called on in-process provider")
+	}
+	cancel()
+	<-closeCh
+}

command/meta.go

@@ -14,6 +14,7 @@ import (
 	"strings"
 	"time"
 
+	plugin "github.com/hashicorp/go-plugin"
 	"github.com/hashicorp/terraform-svchost/disco"
 	"github.com/hashicorp/terraform/addrs"
 	"github.com/hashicorp/terraform/backend"
@@ -92,6 +93,9 @@ type Meta struct {
 	// When this channel is closed, the command will be cancelled.
 	ShutdownCh <-chan struct{}
 
+	// UnmanagedProviders are a set of providers that exist as processes predating Terraform, which Terraform should use but not worry about the lifecycle of.
+	UnmanagedProviders map[addrs.Provider]*plugin.ReattachConfig
+
 	//----------------------------------------------------------
 	// Protected: commands can set these
 	//----------------------------------------------------------

command/meta_providers.go

@@ -63,6 +63,11 @@ func (m *Meta) providerInstallerCustomSource(source getproviders.Source) *provid
 		builtinProviderTypes = append(builtinProviderTypes, ty)
 	}
 	inst.SetBuiltInProviderTypes(builtinProviderTypes)
+	unmanagedProviderTypes := make(map[addrs.Provider]struct{}, len(m.UnmanagedProviders))
+	for ty := range m.UnmanagedProviders {
+		unmanagedProviderTypes[ty] = struct{}{}
+	}
+	inst.SetUnmanagedProviderTypes(unmanagedProviderTypes)
 	return inst
 }
 
@@ -172,10 +177,13 @@ func (m *Meta) providerFactories() (map[addrs.Provider]providers.Factory, error)
 	// and they'll just be ignored if not used.
 	internalFactories := m.internalProviders()
 
-	factories := make(map[addrs.Provider]providers.Factory, len(selected)+len(internalFactories))
+	factories := make(map[addrs.Provider]providers.Factory, len(selected)+len(internalFactories)+len(m.UnmanagedProviders))
 	for name, factory := range internalFactories {
 		factories[addrs.NewBuiltInProvider(name)] = factory
 	}
+	for provider, reattach := range m.UnmanagedProviders {
+		factories[provider] = unmanagedProviderFactory(provider, reattach)
+	}
 	for provider, cached := range selected {
 		factories[provider] = providerFactory(cached)
 	}
@@ -202,14 +210,15 @@ func providerFactory(meta *providercache.CachedProvider) providers.Factory {
 		})
 
 		config := &plugin.ClientConfig{
-			Cmd:              exec.Command(meta.ExecutableFile),
 			HandshakeConfig:  tfplugin.Handshake,
-			VersionedPlugins: tfplugin.VersionedPlugins,
-			Managed:          true,
 			Logger:           logger,
 			AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC},
+			Managed:          true,
+			Cmd:              exec.Command(meta.ExecutableFile),
 			AutoMTLS:         enableProviderAutoMTLS,
+			VersionedPlugins: tfplugin.VersionedPlugins,
 		}
+
 		client := plugin.NewClient(config)
 		rpcClient, err := client.Client()
 		if err != nil {
@@ -224,6 +233,51 @@ func providerFactory(meta *providercache.CachedProvider) providers.Factory {
 		// store the client so that the plugin can kill the child process
 		p := raw.(*tfplugin.GRPCProvider)
 		p.PluginClient = client
+
+		return p, nil
+	}
+}
+
+// unmanagedProviderFactory produces a provider factory that uses the passed
+// reattach information to connect to go-plugin processes that are already
+// running, and implements providers.Interface against it.
+func unmanagedProviderFactory(provider addrs.Provider, reattach *plugin.ReattachConfig) providers.Factory {
+	return func() (providers.Interface, error) {
+		logger := hclog.New(&hclog.LoggerOptions{
+			Name:   "unmanaged-plugin",
+			Level:  hclog.Trace,
+			Output: os.Stderr,
+		})
+
+		config := &plugin.ClientConfig{
+			HandshakeConfig:  tfplugin.Handshake,
+			Logger:           logger,
+			AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC},
+			Managed:          false,
+			Reattach:         reattach,
+		}
+		// TODO: we probably shouldn't hardcode the protocol version
+		// here, but it'll do for now, because only one protocol
+		// version is supported. Eventually, we'll probably want to
+		// sneak it into the JSON ReattachConfigs.
+		if plugins, ok := tfplugin.VersionedPlugins[5]; !ok {
+			return nil, fmt.Errorf("no supported plugins for protocol 5")
+		} else {
+			config.Plugins = plugins
+		}
+
+		client := plugin.NewClient(config)
+		rpcClient, err := client.Client()
+		if err != nil {
+			return nil, err
+		}
+
+		raw, err := rpcClient.Dispense(tfplugin.ProviderPluginName)
+		if err != nil {
+			return nil, err
+		}
+
+		p := raw.(*tfplugin.GRPCProvider)
 		return p, nil
 	}
 }

commands.go

@@ -6,9 +6,11 @@ import (
 
 	"github.com/mitchellh/cli"
 
+	"github.com/hashicorp/go-plugin"
 	svchost "github.com/hashicorp/terraform-svchost"
 	"github.com/hashicorp/terraform-svchost/auth"
 	"github.com/hashicorp/terraform-svchost/disco"
+	"github.com/hashicorp/terraform/addrs"
 	"github.com/hashicorp/terraform/command"
 	"github.com/hashicorp/terraform/command/cliconfig"
 	"github.com/hashicorp/terraform/command/webbrowser"
@@ -38,7 +40,7 @@ const (
 	OutputPrefix = "o:"
 )
 
-func initCommands(config *cliconfig.Config, services *disco.Disco, providerSrc getproviders.Source) {
+func initCommands(config *cliconfig.Config, services *disco.Disco, providerSrc getproviders.Source, unmanagedProviders map[addrs.Provider]*plugin.ReattachConfig) {
 	var inAutomation bool
 	if v := os.Getenv(runningInAutomationEnvName); v != "" {
 		inAutomation = true
@@ -76,7 +78,8 @@ func initCommands(config *cliconfig.Config, services *disco.Disco, providerSrc g
 		PluginCacheDir:      config.PluginCacheDir,
 		OverrideDataDir:     dataDir,
 
-		ShutdownCh: makeShutdownCh(),
+		ShutdownCh:         makeShutdownCh(),
+		UnmanagedProviders: unmanagedProviders,
 	}
 
 	// The command list is included in the terraform -help