command: Always validate workspace name

[alisdair]

The workspace name can be overridden by setting a TF_WORKSPACE environment variable. If this is done, we should still validate the resulting workspace name; otherwise, we could end up with an invalid and unselectable workspace.

This change updates the Meta.Workspace function to return an error, and handles that error wherever necessary.

Fixes #24564

Screenshot

[codecov]

Codecov Report

Merging #25262 into master will decrease coverage by 0.04%.
The diff coverage is 38.31%.

Impacted Files	Coverage Δ
command/output.go	46.41% <25.00%> (-0.68%)	⬇️
command/providers.go	53.93% <25.00%> (-1.89%)	⬇️
command/show.go	54.79% <25.00%> (-1.15%)	⬇️
command/state_list.go	35.61% <25.00%> (-1.53%)	⬇️
command/state_pull.go	30.95% <25.00%> (-2.39%)	⬇️
command/state_push.go	34.14% <25.00%> (-1.30%)	⬇️
command/state_show.go	46.31% <25.00%> (-1.52%)	⬇️
command/taint.go	38.46% <25.00%> (-0.83%)	⬇️
command/unlock.go	34.61% <25.00%> (-1.39%)	⬇️
command/untaint.go	37.67% <25.00%> (-0.80%)	⬇️
... and 11 more

[mildwonkey]

Looks good to me! I left one very small question but to be clear it isn't a merge blocker.

[mildwonkey]

I'm curious why you're only checking if the workspace name is valid when it's the result of an override? (I presume it's checked elsewhere/before this runs, but if so that might be a helpful comment!)

[alisdair]

This is an extremely good question, and it highlights that I haven't thought this all the way through yet! 🙏

My concern here was that because of this bug, users may have found themselves with an invalid workspace name. I wanted to make sure that they had a way out of this situation, so if the invalid workspace is selected via the .terraform/environment file, I didn't want to throw an error here.

That said, this should at the minimum have a test. And (assuming this path is even the right one) I think it should probably also result in changes to terraform workspace select and delete so that users can deal with any invalid workspaces they've already created.

I'll think this through further and come up with some next steps. But if all this sounds like a bad idea please do let me know.

[alisdair]

Here's what I arrived at:

• 7f51be8 adds a test for this branch, which hopefully explains the intent in code. Having an invalid workspace name currently selected (using the .terraform/environment file) shouldn't break everything by returning an error from Meta.Workspace.
• 512878a ensures that users can delete workspaces which have an invalid name. This really should only have happened as a result of TF_WORKSPACE allows workspace names 'terraform workspace' does not #24564, but it seems to me that we needn't validate workspace name on delete anyway—it's closing the barn door after the horse has been badly named.

Does this all make sense?

[mildwonkey]

it's closing the barn door after the horse has been badly named.
😂 😂 😂 👍

[alisdair]

I don't currently intend to make any further changes to this (unless there are more review comments), but since we're approaching an 0.13.0 release candidate, I plan to delay the merge until after 0.13.0 final is released.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.