upbound · balu-ce · Jan 3, 2024 · Jan 5, 2024 · Jan 5, 2024 · Jan 5, 2024
@@ -119,7 +119,13 @@ type WorkspaceParameters struct {
 	// +optional
 	Entrypoint string `json:"entrypoint"`
 
-	// Environment variables.
+	// Include the output of terraform plan in the status.
+	// The plan will be gzipped and base64 encoded.
+	// +kubebuilder:default=false
+	// +optional
+	IncludePlan *bool `json:"includePlan"`
+
+  // Environment variables.
 	// +optional
 	Env []EnvVar `json:"env,omitempty"`
 
@@ -151,6 +157,8 @@ type WorkspaceParameters struct {
 
 // WorkspaceObservation are the observable fields of a Workspace.
 type WorkspaceObservation struct {
+	// +optional
+	Plan     *string                      `json:"tfPlan,omitempty"`
 	Checksum string                       `json:"checksum,omitempty"`
 	Outputs  map[string]extensionsV1.JSON `json:"outputs,omitempty"`
 }

@@ -13,6 +13,7 @@ spec:
     # For simple cases you can use an inline source to specify the content of
     # main.tf as opaque, inline HCL.
     source: Inline
+    showPlan: true
     module: |
       // Outputs are written to the connection secret.
       output "url" {
@@ -29,7 +30,7 @@ spec:
         name = "crossplane-example-${terraform.workspace}-${random_id.example.hex}"
         location      = "US"
         force_destroy = true
-      
+
         public_access_prevention = "enforced"
       }
   writeConnectionSecretToRef:

@@ -112,4 +112,4 @@ require (
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
-)
+)
@@ -31,6 +31,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	extensionsV1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -104,7 +105,7 @@ type tfclient interface {
 	Workspace(ctx context.Context, name string) error
 	Outputs(ctx context.Context) ([]terraform.Output, error)
 	Resources(ctx context.Context) ([]string, error)
-	Diff(ctx context.Context, o ...terraform.Option) (bool, error)
+	Diff(ctx context.Context, o ...terraform.Option) (bool, string, error)
 	Apply(ctx context.Context, o ...terraform.Option) error
 	Destroy(ctx context.Context, o ...terraform.Option) error
 	DeleteCurrentWorkspace(ctx context.Context) error
@@ -350,32 +351,34 @@ type external struct {
 	logger logging.Logger
 }
 
-func (c *external) checkDiff(ctx context.Context, cr *v1beta1.Workspace) (bool, error) {
+func (c *external) checkDiff(ctx context.Context, cr *v1beta1.Workspace) (bool, string, error) {
 	o, err := c.options(ctx, cr.Spec.ForProvider)
 	if err != nil {
-		return false, errors.Wrap(err, errOptions)
+		return false, "", errors.Wrap(err, errOptions)
 	}
 
 	o = append(o, terraform.WithArgs(cr.Spec.ForProvider.PlanArgs))
-	differs, err := c.tf.Diff(ctx, o...)
+	differs, planOutput, err := c.tf.Diff(ctx, o...)
+
 	if err != nil {
 		if !meta.WasDeleted(cr) {
-			return false, errors.Wrap(err, errDiff)
+			return false, planOutput, errors.Wrap(err, errDiff)
 		}
 		// terraform plan can fail on deleted resources, so let the reconciliation loop
 		// call Delete() if there are still resources in the tfstate file
 		differs = false
 	}
-	return differs, nil
+	return differs, planOutput, nil
 }
 
+//nolint:gocyclo
 func (c *external) Observe(ctx context.Context, mg resource.Managed) (managed.ExternalObservation, error) {
 	cr, ok := mg.(*v1beta1.Workspace)
 	if !ok {
 		return managed.ExternalObservation{}, errors.New(errNotWorkspace)
 	}
 
-	differs, err := c.checkDiff(ctx, cr)
+	differs, planOutput, err := c.checkDiff(ctx, cr)
 	if err != nil {
 		return managed.ExternalObservation{}, err
 	}
@@ -402,6 +405,10 @@ func (c *external) Observe(ctx context.Context, mg resource.Managed) (managed.Ex
 	}
 	cr.Status.AtProvider.Checksum = checksum
 
+	if ptr.Deref[bool](cr.Spec.ForProvider.IncludePlan, false) {
+		cr.Status.AtProvider.Plan = &planOutput
+	}
+
 	if !differs {
 		// TODO(negz): Allow Workspaces to optionally derive their readiness from an
 		// output - similar to the logic XRs use to derive readiness from a field of

@@ -43,7 +43,12 @@ import (
 )
 
 const (
-	tfChecksum = "checksum"
+	tfChecksum   = "checksum"
+	noDiffInPlan = "No Change in terraform plan"
+)
+
+var (
+	emptyString = ""
 )
 
 type ErrFs struct {
@@ -72,7 +77,7 @@ type MockTf struct {
 	MockWorkspace              func(ctx context.Context, name string) error
 	MockOutputs                func(ctx context.Context) ([]terraform.Output, error)
 	MockResources              func(ctx context.Context) ([]string, error)
-	MockDiff                   func(ctx context.Context, o ...terraform.Option) (bool, error)
+	MockDiff                   func(ctx context.Context, o ...terraform.Option) (bool, string, error)
 	MockApply                  func(ctx context.Context, o ...terraform.Option) error
 	MockDestroy                func(ctx context.Context, o ...terraform.Option) error
 	MockDeleteCurrentWorkspace func(ctx context.Context) error
@@ -99,7 +104,7 @@ func (tf *MockTf) Resources(ctx context.Context) ([]string, error) {
 	return tf.MockResources(ctx)
 }
 
-func (tf *MockTf) Diff(ctx context.Context, o ...terraform.Option) (bool, error) {
+func (tf *MockTf) Diff(ctx context.Context, o ...terraform.Option) (bool, string, error) {
 	return tf.MockDiff(ctx, o...)
 }
 
@@ -599,6 +604,7 @@ func TestConnect(t *testing.T) {
 					},
 					Status: v1beta1.WorkspaceStatus{
 						AtProvider: v1beta1.WorkspaceObservation{
+							Plan:     &emptyString,
 							Checksum: tfChecksum,
 						},
 					},
@@ -634,6 +640,7 @@ func TestConnect(t *testing.T) {
 					},
 					Status: v1beta1.WorkspaceStatus{
 						AtProvider: v1beta1.WorkspaceObservation{
+							Plan:     &emptyString,
 							Checksum: tfChecksum,
 						},
 					},
@@ -863,7 +870,9 @@ func TestObserve(t *testing.T) {
 			reason: "We should return any error encountered while diffing the Terraform configuration",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, errBoom },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, noDiffInPlan, errBoom
+					},
 				},
 			},
 			args: args{
@@ -877,7 +886,9 @@ func TestObserve(t *testing.T) {
 			reason: "We should return ResourceUpToDate true when resource is deleted and there are existing resources but terraform plan fails",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff:             func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, errBoom },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, emptyString, errBoom
+					},
 					MockGenerateChecksum: func(ctx context.Context) (string, error) { return tfChecksum, nil },
 					MockOutputs:          func(ctx context.Context) ([]terraform.Output, error) { return nil, nil },
 					MockResources: func(ctx context.Context) ([]string, error) {
@@ -899,6 +910,7 @@ func TestObserve(t *testing.T) {
 					ConnectionDetails: managed.ConnectionDetails{},
 				},
 				wo: v1beta1.WorkspaceObservation{
+					Plan:     nil,
 					Checksum: tfChecksum,
 					Outputs:  map[string]extensionsV1.JSON{},
 				},
@@ -908,7 +920,9 @@ func TestObserve(t *testing.T) {
 			reason: "We should return ResourceUpToDate true when resource is deleted and there are no existing resources and terraform plan fails",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff:                   func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, errBoom },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, emptyString, errBoom
+					},
 					MockGenerateChecksum:       func(ctx context.Context) (string, error) { return tfChecksum, nil },
 					MockOutputs:                func(ctx context.Context) ([]terraform.Output, error) { return nil, nil },
 					MockResources:              func(ctx context.Context) ([]string, error) { return nil, nil },
@@ -929,6 +943,7 @@ func TestObserve(t *testing.T) {
 					ConnectionDetails: managed.ConnectionDetails{},
 				},
 				wo: v1beta1.WorkspaceObservation{
+					Plan:     nil,
 					Checksum: tfChecksum,
 					Outputs:  map[string]extensionsV1.JSON{},
 				},
@@ -938,7 +953,9 @@ func TestObserve(t *testing.T) {
 			reason: "We should return ResourceUpToDate true when resource is deleted and there are no existing resources and terraform plan fails",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff:                   func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, errBoom },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, noDiffInPlan, errBoom
+					},
 					MockResources:              func(ctx context.Context) ([]string, error) { return nil, nil },
 					MockDeleteCurrentWorkspace: func(ctx context.Context) error { return errBoom },
 				},
@@ -958,7 +975,9 @@ func TestObserve(t *testing.T) {
 			reason: "We should return any error encountered while listing extant Terraform resources",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff:      func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, nil },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, noDiffInPlan, nil
+					},
 					MockResources: func(ctx context.Context) ([]string, error) { return nil, errBoom },
 				},
 			},
@@ -973,7 +992,9 @@ func TestObserve(t *testing.T) {
 			reason: "We should return any error encountered while listing Terraform outputs",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff:      func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, nil },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, noDiffInPlan, nil
+					},
 					MockResources: func(ctx context.Context) ([]string, error) { return nil, nil },
 					MockOutputs:   func(ctx context.Context) ([]terraform.Output, error) { return nil, errBoom },
 				},
@@ -989,7 +1010,9 @@ func TestObserve(t *testing.T) {
 			reason: "A workspace with zero resources should be considered to be non-existent",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff:             func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, nil },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, emptyString, nil
+					},
 					MockGenerateChecksum: func(ctx context.Context) (string, error) { return tfChecksum, nil },
 					MockResources:        func(ctx context.Context) ([]string, error) { return []string{}, nil },
 					MockOutputs:          func(ctx context.Context) ([]terraform.Output, error) { return nil, nil },
@@ -1005,6 +1028,7 @@ func TestObserve(t *testing.T) {
 					ConnectionDetails: managed.ConnectionDetails{},
 				},
 				wo: v1beta1.WorkspaceObservation{
+					Plan:     nil,
 					Checksum: tfChecksum,
 					Outputs:  map[string]extensionsV1.JSON{},
 				},
@@ -1014,7 +1038,9 @@ func TestObserve(t *testing.T) {
 			reason: "A workspace with resources should return its outputs as connection details",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff:             func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, nil },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, emptyString, nil
+					},
 					MockGenerateChecksum: func(ctx context.Context) (string, error) { return tfChecksum, nil },
 					MockResources: func(ctx context.Context) ([]string, error) {
 						return []string{"cool_resource.very"}, nil
@@ -1046,6 +1072,7 @@ func TestObserve(t *testing.T) {
 					},
 				},
 				wo: v1beta1.WorkspaceObservation{
+					Plan:     nil,
 					Checksum: tfChecksum,
 					Outputs: map[string]extensionsV1.JSON{
 						"string": {Raw: []byte("null")},
@@ -1057,7 +1084,9 @@ func TestObserve(t *testing.T) {
 			reason: "A workspace with only outputs and no resources should set ResourceExists to true",
 			fields: fields{
 				tf: &MockTf{
-					MockDiff:             func(ctx context.Context, o ...terraform.Option) (bool, error) { return false, nil },
+					MockDiff: func(ctx context.Context, o ...terraform.Option) (bool, string, error) {
+						return false, emptyString, nil
+					},
 					MockGenerateChecksum: func(ctx context.Context) (string, error) { return tfChecksum, nil },
 					MockResources: func(ctx context.Context) ([]string, error) {
 						return nil, nil
@@ -1090,6 +1119,7 @@ func TestObserve(t *testing.T) {
 				},
 				wo: v1beta1.WorkspaceObservation{
 					Checksum: tfChecksum,
+					Plan:     nil,
 					Outputs: map[string]extensionsV1.JSON{
 						"string": {Raw: []byte("null")},
 					},