From 0c16f78bbdc61ef72f2933cbdcd8fa6829edde31 Mon Sep 17 00:00:00 2001
From: Shawna Monero <66325812+smonero@users.noreply.github.com>
Date: Mon, 17 Jun 2024 11:49:31 -0700
Subject: [PATCH] add env var for PluginCacheMayBreakDependencyLockFile (#761)

---
 .../neptune/workflows/activities/terraform.go  | 18 ++++++++++++------
 .../workflows/activities/terraform_test.go     | 17 ++++++++++++++++-
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/server/neptune/workflows/activities/terraform.go b/server/neptune/workflows/activities/terraform.go
index e3989dcfb..7c880149c 100644
--- a/server/neptune/workflows/activities/terraform.go
+++ b/server/neptune/workflows/activities/terraform.go
@@ -5,12 +5,13 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"github.com/runatlantis/atlantis/server/neptune/workflows/activities/command"
 	"io"
 	"path/filepath"
 	"strings"
 	"sync"
 
+	"github.com/runatlantis/atlantis/server/neptune/workflows/activities/command"
+
 	key "github.com/runatlantis/atlantis/server/neptune/context"
 	"go.temporal.io/sdk/activity"
 
@@ -23,11 +24,12 @@ import (
 )
 
 const (
-	TFInAutomation           = "TF_IN_AUTOMATION"
-	TFInAutomationVal        = "true"
-	AtlantisTerraformVersion = "ATLANTIS_TERRAFORM_VERSION"
-	Dir                      = "DIR"
-	TFPluginCacheDir         = "TF_PLUGIN_CACHE_DIR"
+	TFInAutomation                        = "TF_IN_AUTOMATION"
+	TFInAutomationVal                     = "true"
+	AtlantisTerraformVersion              = "ATLANTIS_TERRAFORM_VERSION"
+	Dir                                   = "DIR"
+	TFPluginCacheDir                      = "TF_PLUGIN_CACHE_DIR"
+	PluginCacheMayBreakDependencyLockFile = "TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE"
 )
 
 // TerraformClientError can be used to assert a non-retryable error type for
@@ -419,4 +421,8 @@ func (t *terraformActivities) addTerraformEnvs(envs map[string]string, path stri
 	envs[AtlantisTerraformVersion] = tfVersion.String()
 	envs[Dir] = path
 	envs[TFPluginCacheDir] = t.CacheDir
+	// This is not a long-term fix. Eventually the underlying functionality in terraform will be changed.
+	// See https://developer.hashicorp.com/terraform/cli/config/config-file#allowing-the-provider-plugin-cache-to-break-the-dependency-lock-file
+	// and https://github.com/hashicorp/terraform/issues/32205 for discussions and context.
+	envs[PluginCacheMayBreakDependencyLockFile] = "true"
 }
diff --git a/server/neptune/workflows/activities/terraform_test.go b/server/neptune/workflows/activities/terraform_test.go
index 4c28a5c04..4dbaea4e4 100644
--- a/server/neptune/workflows/activities/terraform_test.go
+++ b/server/neptune/workflows/activities/terraform_test.go
@@ -3,11 +3,12 @@ package activities
 import (
 	"context"
 	"fmt"
-	"github.com/runatlantis/atlantis/server/neptune/workflows/activities/command"
 	"strings"
 	"sync"
 	"testing"
 
+	"github.com/runatlantis/atlantis/server/neptune/workflows/activities/command"
+
 	"github.com/hashicorp/go-version"
 	"github.com/runatlantis/atlantis/server/neptune/workflows/activities/file"
 	"github.com/runatlantis/atlantis/server/neptune/workflows/activities/terraform"
@@ -133,6 +134,7 @@ func TestTerraformInit_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 		},
 		{
@@ -157,6 +159,7 @@ func TestTerraformInit_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 		},
 		{
@@ -173,6 +176,7 @@ func TestTerraformInit_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 
 			// defaults
@@ -267,6 +271,7 @@ func TestTerraformInit_StreamsOutput(t *testing.T) {
 			"DIR":                        "some/path",
 			"TF_IN_AUTOMATION":           "true",
 			"TF_PLUGIN_CACHE_DIR":        "some/dir",
+			"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 		},
 		version: expectedVersion,
 		resp:    expectedMsgStr,
@@ -337,6 +342,7 @@ func TestTerraformPlan_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 		},
 		{
@@ -367,6 +373,7 @@ func TestTerraformPlan_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 		},
 		{
@@ -387,6 +394,7 @@ func TestTerraformPlan_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 		},
 		{
@@ -404,6 +412,7 @@ func TestTerraformPlan_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 
 			// default
@@ -512,6 +521,7 @@ func TestTerraformPlan_ReturnsResponse(t *testing.T) {
 					"DIR":                        "some/path",
 					"TF_IN_AUTOMATION":           "true",
 					"TF_PLUGIN_CACHE_DIR":        "some/dir",
+					"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 				},
 				version: expectedVersion,
 				resp:    expectedMsgStr,
@@ -526,6 +536,7 @@ func TestTerraformPlan_ReturnsResponse(t *testing.T) {
 					"DIR":                        "some/path",
 					"TF_IN_AUTOMATION":           "true",
 					"TF_PLUGIN_CACHE_DIR":        "some/dir",
+					"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 				},
 				version: expectedVersion,
 				resp:    "{\"format_version\": \"1.0\",\"resource_changes\":[{\"change\":{\"actions\":[\"update\"]},\"address\":\"type.resource\"}]}",
@@ -602,6 +613,7 @@ func TestTerraformApply_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 		},
 		{
@@ -624,6 +636,7 @@ func TestTerraformApply_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 		},
 		{
@@ -640,6 +653,7 @@ func TestTerraformApply_RequestValidation(t *testing.T) {
 				"DIR":                        "some/path",
 				"TF_IN_AUTOMATION":           "true",
 				"TF_PLUGIN_CACHE_DIR":        "some/dir",
+				"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 			},
 
 			//default
@@ -720,6 +734,7 @@ func TestTerraformApply_StreamsOutput(t *testing.T) {
 			"DIR":                        "some/path",
 			"TF_IN_AUTOMATION":           "true",
 			"TF_PLUGIN_CACHE_DIR":        "some/dir",
+			"TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE": "true",
 		},
 		version: expectedVersion,
 		resp:    expectedMsgStr,