Commit ac3916a5 authored by Tiger's avatar Tiger

Use pessimistic locking when accessing Terraform state

Previously Terraform states were accessed with an optimistic lock, which
retries if an update fails due to concurrent modification.

This worked as intended when the file data was stored on the state
record itself, however storing individual versions separately means the
state record is never updated when creating a new version, giving no
opportunity for it to become stale and therefore defeating the locking.

In some circumstances this could lead to the same version being created
twice, which fails a unique constraint.

Explicitly locking the record should force the caller to wait until
the previous update has finished, at which point it will see the newly
created version (and not attempt to create it again).

Changelog: fixed
parent e8989fc6
...@@ -2,8 +2,6 @@ ...@@ -2,8 +2,6 @@
module Terraform module Terraform
class RemoteStateHandler < BaseService class RemoteStateHandler < BaseService
include Gitlab::OptimisticLocking
StateLockedError = Class.new(StandardError) StateLockedError = Class.new(StandardError)
UnauthorizedError = Class.new(StandardError) UnauthorizedError = Class.new(StandardError)
...@@ -60,7 +58,7 @@ module Terraform ...@@ -60,7 +58,7 @@ module Terraform
private private
def retrieve_with_lock(find_only: false) def retrieve_with_lock(find_only: false)
create_or_find!(find_only: find_only).tap { |state| retry_optimistic_lock(state, name: 'terraform_remote_state_handler_retrieve') { |state| yield state } } create_or_find!(find_only: find_only).tap { |state| state.with_lock { yield state } }
end end
def create_or_find!(find_only:) def create_or_find!(find_only:)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment