move function results hashing to lang

We need to abstract the function results verification to use internally
too, so start by moving it out of the providers code.

Author: jbardin

internal/lang/function_results.go

@@ -0,0 +1,129 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package lang
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"io"
+	"log"
+	"sync"
+
+	"github.com/hashicorp/terraform/internal/addrs"
+	"github.com/zclconf/go-cty/cty"
+)
+
+type priorResult struct {
+	hash [sha256.Size]byte
+	// when the result was from a current run, we keep a record of the result
+	// value to aid in debugging. Results stored in the plan will only have the
+	// hash to avoid bloating the plan with what could be many very large
+	// values.
+	value cty.Value
+}
+
+type FunctionResults struct {
+	mu sync.Mutex
+	// results stores the prior result from a function call, keyed by
+	// the hash of the function name and arguments.
+	results map[[sha256.Size]byte]priorResult
+}
+
+// NewFunctionResultsTable initializes a mapping of function calls to prior
+// results used to validate function calls. The hashes argument is an
+// optional slice of prior result hashes used to preload the cache.
+func NewFunctionResultsTable(hashes []FunctionHash) *FunctionResults {
+	res := &FunctionResults{
+		results: make(map[[sha256.Size]byte]priorResult),
+	}
+
+	res.insertHashes(hashes)
+	return res
+}
+
+// CheckPrior compares the function call against any cached results, and returns
+// an error if the result does not match a prior call. A zero-value provider
+// address can be used for internal functions which need this validation.
+func (f *FunctionResults) CheckPrior(provider addrs.Provider, name string, args []cty.Value, result cty.Value) error {
+	argSum := sha256.New()
+
+	if !provider.IsZero() {
+		io.WriteString(argSum, provider.String()+"|")
+	}
+	io.WriteString(argSum, name)
+
+	for _, arg := range args {
+		// cty.Values have a Hash method, but it is not collision resistant. We
+		// are going to rely on the GoString formatting instead, which gives
+		// detailed results for all values.
+		io.WriteString(argSum, "|"+arg.GoString())
+	}
+
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	argHash := [sha256.Size]byte(argSum.Sum(nil))
+	resHash := sha256.Sum256([]byte(result.GoString()))
+
+	res, ok := f.results[argHash]
+	if !ok {
+		f.results[argHash] = priorResult{
+			hash:  resHash,
+			value: result,
+		}
+		return nil
+	}
+
+	if resHash != res.hash {
+		provPrefix := ""
+		if !provider.IsZero() {
+			provPrefix = fmt.Sprintf("provider %s ", provider)
+		}
+		// Log the args for debugging in case the hcl context is
+		// insufficient. The error should be adequate most of the time, and
+		// could already be quite long, so we don't want to add all
+		// arguments too.
+		log.Printf("[ERROR] %sfunction %s returned an inconsistent result with args: %#v\n", provPrefix, name, args)
+		// The hcl package will add the necessary context around the error in
+		// the diagnostic, but we add the differing results when we can.
+		if res.value != cty.NilVal {
+			return fmt.Errorf("function returned an inconsistent result,\nwas: %#v,\nnow: %#v", res.value, result)
+		}
+		return fmt.Errorf("function returned an inconsistent result")
+	}
+
+	return nil
+}
+
+// insertHashes insert key-value pairs to the functionResults map. This is used
+// to preload stored values before any Verify calls are made.
+func (f *FunctionResults) insertHashes(hashes []FunctionHash) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	for _, res := range hashes {
+		f.results[[sha256.Size]byte(res.Key)] = priorResult{
+			hash: [sha256.Size]byte(res.Result),
+		}
+	}
+}
+
+// FunctionHash contains the key and result hash values from a prior function
+// call.
+type FunctionHash struct {
+	Key    []byte
+	Result []byte
+}
+
+// copy the hash values into a struct which can be recorded in the plan.
+func (f *FunctionResults) GetHashes() []FunctionHash {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	var res []FunctionHash
+	for k, r := range f.results {
+		res = append(res, FunctionHash{Key: k[:], Result: r.hash[:]})
+	}
+	return res
+}

internal/providers/functions_test.go renamed to internal/lang/function_results_test.go

@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-package providers
+package lang
 
 import (
 	"fmt"
@@ -162,12 +162,12 @@ func TestFunctionCache(t *testing.T) {
 	for i, test := range tests {
 		t.Run(fmt.Sprint(i), func(t *testing.T) {
 			results := NewFunctionResultsTable(nil)
-			err := results.checkPrior(test.first.provider, test.first.name, test.first.args, test.first.result)
+			err := results.CheckPrior(test.first.provider, test.first.name, test.first.args, test.first.result)
 			if err != nil {
 				t.Fatal("error on first call!", err)
 			}
 
-			err = results.checkPrior(test.second.provider, test.second.name, test.second.args, test.second.result)
+			err = results.CheckPrior(test.second.provider, test.second.name, test.second.args, test.second.result)
 
 			if err != nil && !test.expectErr {
 				t.Fatal(err)
@@ -177,7 +177,7 @@ func TestFunctionCache(t *testing.T) {
 			newResults := NewFunctionResultsTable(results.GetHashes())
 
 			originalErr := err != nil
-			reloadedErr := newResults.checkPrior(test.second.provider, test.second.name, test.second.args, test.second.result) != nil
+			reloadedErr := newResults.CheckPrior(test.second.provider, test.second.name, test.second.args, test.second.result) != nil
 
 			if originalErr != reloadedErr {
 				t.Fatalf("original check returned err:%t, reloaded check returned err:%t", originalErr, reloadedErr)

internal/plans/plan.go

@@ -12,9 +12,9 @@ import (
 	"github.com/hashicorp/terraform/internal/addrs"
 	"github.com/hashicorp/terraform/internal/collections"
 	"github.com/hashicorp/terraform/internal/configs/configschema"
+	"github.com/hashicorp/terraform/internal/lang"
 	"github.com/hashicorp/terraform/internal/lang/globalref"
 	"github.com/hashicorp/terraform/internal/moduletest/mocking"
-	"github.com/hashicorp/terraform/internal/providers"
 	"github.com/hashicorp/terraform/internal/states"
 )
 
@@ -162,7 +162,7 @@ type Plan struct {
 	// ProviderFunctionResults stores hashed results from all provider
 	// function calls, so that calls during apply can be checked for
 	// consistency.
-	ProviderFunctionResults []providers.FunctionHash
+	ProviderFunctionResults []lang.FunctionHash
 }
 
 // ProviderAddrs returns a list of all of the provider configuration addresses

internal/plans/planfile/tfplan.go

@@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/terraform/internal/addrs"
 	"github.com/hashicorp/terraform/internal/checks"
 	"github.com/hashicorp/terraform/internal/collections"
+	"github.com/hashicorp/terraform/internal/lang"
 	"github.com/hashicorp/terraform/internal/lang/globalref"
 	"github.com/hashicorp/terraform/internal/plans"
 	"github.com/hashicorp/terraform/internal/plans/planproto"
@@ -171,7 +172,7 @@ func readTfplan(r io.Reader) (*plans.Plan, error) {
 
 	for _, hash := range rawPlan.ProviderFunctionResults {
 		plan.ProviderFunctionResults = append(plan.ProviderFunctionResults,
-			providers.FunctionHash{
+			lang.FunctionHash{
 				Key:    hash.Key,
 				Result: hash.Result,
 			},

internal/providers/functions.go

@@ -4,17 +4,14 @@
 package providers
 
 import (
-	"crypto/sha256"
 	"fmt"
-	"io"
-	"log"
-	"sync"
 
 	"github.com/zclconf/go-cty/cty"
 	"github.com/zclconf/go-cty/cty/function"
 
 	"github.com/hashicorp/terraform/internal/addrs"
 	"github.com/hashicorp/terraform/internal/configs/configschema"
+	"github.com/hashicorp/terraform/internal/lang"
 )
 
 type FunctionDecl struct {
@@ -59,7 +56,7 @@ type FunctionParam struct {
 //
 // The resTable argument is a shared instance of *FunctionResults, used to
 // check the result values from each function call.
-func (d FunctionDecl) BuildFunction(providerAddr addrs.Provider, name string, resTable *FunctionResults, factory func() (Interface, error)) function.Function {
+func (d FunctionDecl) BuildFunction(providerAddr addrs.Provider, name string, resTable *lang.FunctionResults, factory func() (Interface, error)) function.Function {
 
 	var params []function.Parameter
 	var varParam *function.Parameter
@@ -123,7 +120,7 @@ func (d FunctionDecl) BuildFunction(providerAddr addrs.Provider, name string, re
 			}
 
 			if resTable != nil {
-				err = resTable.checkPrior(providerAddr, name, args, resp.Result)
+				err = resTable.CheckPrior(providerAddr, name, args, resp.Result)
 				if err != nil {
 					return cty.UnknownVal(retType), err
 				}
@@ -154,113 +151,3 @@ func (p *FunctionParam) ctyParameter() function.Parameter {
 		AllowUnknown: p.AllowUnknownValues,
 	}
 }
-
-type priorResult struct {
-	hash [sha256.Size]byte
-	// when the result was from a current run, we keep a record of the result
-	// value to aid in debugging. Results stored in the plan will only have the
-	// hash to avoid bloating the plan with what could be many very large
-	// values.
-	value cty.Value
-}
-
-type FunctionResults struct {
-	mu sync.Mutex
-	// results stores the prior result from a provider function call, keyed by
-	// the hash of the function name and arguments.
-	results map[[sha256.Size]byte]priorResult
-}
-
-// NewFunctionResultsTable initializes a mapping of function calls to prior
-// results used to validate provider function calls. The hashes argument is an
-// optional slice of prior result hashes used to preload the cache.
-func NewFunctionResultsTable(hashes []FunctionHash) *FunctionResults {
-	res := &FunctionResults{
-		results: make(map[[sha256.Size]byte]priorResult),
-	}
-
-	res.insertHashes(hashes)
-	return res
-}
-
-// checkPrior compares the function call against any cached results, and
-// returns an error if the result does not match a prior call.
-func (f *FunctionResults) checkPrior(provider addrs.Provider, name string, args []cty.Value, result cty.Value) error {
-	argSum := sha256.New()
-
-	io.WriteString(argSum, provider.String())
-	io.WriteString(argSum, "|"+name)
-
-	for _, arg := range args {
-		// cty.Values have a Hash method, but it is not collision resistant. We
-		// are going to rely on the GoString formatting instead, which gives
-		// detailed results for all values.
-		io.WriteString(argSum, "|"+arg.GoString())
-	}
-
-	f.mu.Lock()
-	defer f.mu.Unlock()
-
-	argHash := [sha256.Size]byte(argSum.Sum(nil))
-	resHash := sha256.Sum256([]byte(result.GoString()))
-
-	res, ok := f.results[argHash]
-	if !ok {
-		f.results[argHash] = priorResult{
-			hash:  resHash,
-			value: result,
-		}
-		return nil
-	}
-
-	if resHash != res.hash {
-		// Log the args for debugging in case the hcl context is
-		// insufficient. The error should be adequate most of the time, and
-		// could already be quite long, so we don't want to add all
-		// arguments too.
-		log.Printf("[ERROR] provider %s returned an inconsistent result for function %q with args: %#v\n", provider, name, args)
-		// The hcl package will add the necessary context around the error in
-		// the diagnostic, but we add the differing results when we can.
-		// TODO: maybe we should add a call to action, since this is a bug in
-		//       the provider.
-		if res.value != cty.NilVal {
-			return fmt.Errorf("provider function returned an inconsistent result,\nwas: %#v,\nnow: %#v", res.value, result)
-
-		}
-		return fmt.Errorf("provider function returned an inconsistent result")
-	}
-
-	return nil
-}
-
-// insertHashes insert key-value pairs to the functionResults map. This is used
-// to preload stored values before any Verify calls are made.
-func (f *FunctionResults) insertHashes(hashes []FunctionHash) {
-	f.mu.Lock()
-	defer f.mu.Unlock()
-
-	for _, res := range hashes {
-		f.results[[sha256.Size]byte(res.Key)] = priorResult{
-			hash: [sha256.Size]byte(res.Result),
-		}
-	}
-}
-
-// FunctionHash contains the key and result hash values from a prior function
-// call.
-type FunctionHash struct {
-	Key    []byte
-	Result []byte
-}
-
-// copy the hash values into a struct which can be recorded in the plan.
-func (f *FunctionResults) GetHashes() []FunctionHash {
-	f.mu.Lock()
-	defer f.mu.Unlock()
-
-	var res []FunctionHash
-	for k, r := range f.results {
-		res = append(res, FunctionHash{Key: k[:], Result: r.hash[:]})
-	}
-	return res
-}

internal/stacks/stackplan/component.go

@@ -11,8 +11,8 @@ import (
 
 	"github.com/hashicorp/terraform/internal/addrs"
 	"github.com/hashicorp/terraform/internal/collections"
+	"github.com/hashicorp/terraform/internal/lang"
 	"github.com/hashicorp/terraform/internal/plans"
-	"github.com/hashicorp/terraform/internal/providers"
 	"github.com/hashicorp/terraform/internal/stacks/stackaddrs"
 	"github.com/hashicorp/terraform/internal/states"
 )
@@ -69,7 +69,7 @@ type Component struct {
 	// PlannedFunctionResults is a shared table of results from calling
 	// provider functions. This is stored and loaded from during the planning
 	// stage to use during apply operations.
-	PlannedFunctionResults []providers.FunctionHash
+	PlannedFunctionResults []lang.FunctionHash
 
 	// PlannedInputValues and PlannedInputValueMarks are the values that
 	// Terraform has planned to use for input variables in this component.