From 5c41225b5007e8540f0690845560575428c15976 Mon Sep 17 00:00:00 2001 From: joeduffy Date: Thu, 30 Nov 2017 16:42:55 -0800 Subject: [PATCH] Add a --disable-integrity-checking flag This lets us disable integrity checking in case the tool refuses to proceed and we want to force it, for use as a last resort. Someday we'll probably flip the polarity to --enable-integrity-checking if we find that checking takes too long (or maybe add a "quick" option). --- cmd/provider_local.go | 31 ++++++++++++++++++++----------- cmd/pulumi.go | 2 ++ 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/cmd/provider_local.go b/cmd/provider_local.go index 08dd6dda9..41cabc59f 100644 --- a/cmd/provider_local.go +++ b/cmd/provider_local.go @@ -20,6 +20,11 @@ import ( "github.com/pulumi/pulumi/pkg/util/contract" ) +// disableIntegrityChecking can be set to true to disable checkpoint state integrity verification. This is not +// recommended, because it could mean proceeding even in the face of a corrupted checkpoint state file, but can +// be used as a last resort when a command absolutely must be run. +var disableIntegrityChecking bool + type localStackProvider struct { decrypter config.ValueDecrypter } @@ -106,10 +111,12 @@ func getStack(name tokens.QName) (tokens.QName, return "", nil, nil, file, err } - // Ensure the snapshot passes verification before returning it, to catch bugs early. - if verifyerr := snapshot.VerifyIntegrity(); verifyerr != nil { - return "", nil, nil, file, - errors.Wrapf(verifyerr, "snapshot integrity failure; refusing to use it") + if !disableIntegrityChecking { + // Ensure the snapshot passes verification before returning it, to catch bugs early. + if verifyerr := snapshot.VerifyIntegrity(); verifyerr != nil { + return "", nil, nil, file, + errors.Wrapf(verifyerr, "%s: snapshot integrity failure; refusing to use it", file) + } } return name, config, snapshot, file, nil @@ -157,13 +164,15 @@ func saveStack(name tokens.QName, } } - // Finally, *after* writing the checkpoint, check the integrity. This is done afterwards so that we write - // out the checkpoint file since it may contain resource state updates. But we will warn the user that the - // file is already written and might be bad. - if verifyerr := snap.VerifyIntegrity(); verifyerr != nil { - return errors.Wrapf(verifyerr, - "snapshot integrity failure; it was already written to %s, but is invalid (a backup is available at %s)", - file, bck) + if !disableIntegrityChecking { + // Finally, *after* writing the checkpoint, check the integrity. This is done afterwards so that we write + // out the checkpoint file since it may contain resource state updates. But we will warn the user that the + // file is already written and might be bad. + if verifyerr := snap.VerifyIntegrity(); verifyerr != nil { + return errors.Wrapf(verifyerr, + "%s: snapshot integrity failure; it was already written, but is invalid (backup available at %s)", + file, bck) + } } return nil diff --git a/cmd/pulumi.go b/cmd/pulumi.go index 58e42ffca..edc00c284 100644 --- a/cmd/pulumi.go +++ b/cmd/pulumi.go @@ -56,6 +56,8 @@ func NewPulumiCmd(version string) *cobra.Command { } cmd.PersistentFlags().StringVarP(&cwd, "cwd", "C", "", "Run pulumi as if it had been started in another directory") + cmd.PersistentFlags().BoolVar(&disableIntegrityChecking, "disable-integrity-checking", false, + "Disable integrity checking of checkpoint files") cmd.PersistentFlags().BoolVar(&logFlow, "logflow", false, "Flow log settings to child processes (like plugins)") cmd.PersistentFlags().BoolVar(&logToStderr, "logtostderr", false, "Log to stderr instead of to files") cmd.PersistentFlags().StringVar(&tracing, "tracing", "", "Emit tracing to a Zipkin-compatible tracing endpoint")