PSS : Add inmem state storage implementation to the builtin terraform provider, update grpcwrap package, use PSS implementation in E2E test
#37790
+1,135
−134
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nfig parsing needs to be explicitly added
… can use already parsed config
…eds to be refactored
…in use within operations backend
SarahFrench
added
the
no-changelog-needed
SarahFrench
commented
Oct 20, 2025
Comment on lines
+23
to
+30
| // InMemStoreSingle allows 'storing' state in memory for the purpose of testing. | ||
| // | ||
| // "Single" reflects the fact that this implementation does not use any global scope vars | ||
| // in its implementation, unlike the current inmem backend. HOWEVER, you can test whether locking | ||
| // blocks multiple clients trying to access the same state at once by creating multiple instances | ||
| // of backend.Backend that wrap the same provider.Interface instance. | ||
| type InMemStoreSingle struct { | ||
| states stateMap | ||
| locks lockMap |
There was a problem hiding this comment.
For context, the inmem backend uses these global vars:
terraform/internal/backend/remote-state/inmem/backend.go
Lines 24 to 30 in efb2a1c
Like the code comment says, multiple backends can attempt to access the same state by using the same providers.Interface instance to create them.
…to make relationship to (Meta).Backend more obvious.
SarahFrench
changed the title
inmem state storage implementation to the builtin terraform providerinmem state storage implementation to the builtin terraform provider, update grpcwrap package, use PSS implementation in E2E test
…tations, pass through requests to matching store based on type name.
… implementation; add embeddable unimplementedProviderInterface struct
…orm provider. Stop people using it unless TF_ACC is set.
…pace state already.
SarahFrench
force-pushed
the
pss/add-builtin-inmem-state-storage-implementation
branch
from
a4887d9 to
ef6dc39
Compare
SarahFrench
commented
Oct 24, 2025
Comment on lines
110
to
+111
| run: | | ||
| TF_ACC=1 go test -v ./internal/command/e2etest | ||
| TF_TEST_EXPERIMENT=1 TF_ACC=1 go test -v ./internal/command/e2etest |
There was a problem hiding this comment.
Something to bear in mind is that E2E tests also run in the context of the build workflow. I think it'd best to avoid enabling experiments to leak to that workflow, and instead have experimental tests skipped when running in that context.
…n terraform provider
…they can be reused.
SarahFrench
force-pushed
the
pss/add-builtin-inmem-state-storage-implementation
branch
from
15b80f9 to
0f01ff6
Compare
…ther work to allow PSS to be used with other commands.
This provider is not accessible to users so it's unnecessary.
SarahFrench
force-pushed
the
pss/add-builtin-inmem-state-storage-implementation
branch
from
0f01ff6 to
2fadb1e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR copies a bunch of code from the existing
inmembackend and uses it to create aninmemversion of a pluggable state store in the builtinterraformprovider.This will only be accessible if a user has TF_ACC set in their environment, which is a standard ENV for enabling test-specific behaviour or actions. This won't fully block a user from accessing the state store, but it provides more friction than the current inmem backend, which is just not documented.
I'm sharing this work for feedback before adding it to terraform-provider-simple6, for E2E testing
Target Release
N/A
Rollback Plan
Changes to Security Controls
Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.
CHANGELOG entry