fix: add a lock file logic as the terraform is spawned as a subprocess

rafatio · rafatio · commit a6de87da04ce · 2025-10-22T18:02:09.000-03:00
diff --git a/pkg/utils/terraform_utils.go b/pkg/utils/terraform_utils.go
@@ -9,7 +9,9 @@ import (
 	"regexp"
 	"strings"
 	"sync"
+	"syscall"
 	"text/template"
+	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/hashicorp/terraform-exec/tfexec"
@@ -28,6 +30,51 @@ var templates embed.FS
 
 var tfPluginMux sync.Mutex
 
+func lockPluginCache(pluginCacheDir string) (*os.File, error) {
+	if err := os.MkdirAll(pluginCacheDir, 0755); err != nil {
+		return nil, err
+	}
+
+	lockPath := filepath.Join(pluginCacheDir, ".lock")
+	lockFile, err := os.OpenFile(lockPath, os.O_CREATE|os.O_RDWR, 0644)
+	if err != nil {
+		return nil, err
+	}
+
+	// Wait up to 5 minutes for the lock
+	timeout := time.After(5 * time.Minute)
+	ticker := time.NewTicker(5 * time.Second)
+	defer ticker.Stop()
+
+	for {
+		err = syscall.Flock(int(lockFile.Fd()), syscall.LOCK_EX|syscall.LOCK_NB)
+		if err == nil {
+			return lockFile, nil
+		}
+
+		if err != syscall.EWOULDBLOCK {
+			lockFile.Close()
+			return nil, err
+		}
+
+		select {
+		case <-timeout:
+			lockFile.Close()
+			return nil, fmt.Errorf("timeout waiting for plugin cache lock")
+		case <-ticker.C:
+			// Retry
+		}
+	}
+}
+
+func unlockPluginCache(lockFile *os.File) error {
+	if lockFile == nil {
+		return nil
+	}
+	syscall.Flock(int(lockFile.Fd()), syscall.LOCK_UN)
+	return lockFile.Close()
+}
+
 // CreateTerraformFileFromTemplate populates a Terraform template and create files in the state
 func CreateTerraformFilesFromTemplate(terraformTemplateFilePath string, TerraformOutputFileName string, terraformOutputDir string, templateData any) error {
 	template := Template{
@@ -99,24 +146,31 @@ func initTerraform(ctx context.Context, workingDir, terraformExecPath string, cr
 		return nil, err
 	}
 
+	pluginCacheDir := fmt.Sprintf("%s/plugin-cache", filepath.Dir(terraformExecPath))
+
 	env := map[string]string{
 		"AWS_ACCESS_KEY_ID":     credentials.AccessKeyID,
 		"AWS_SECRET_ACCESS_KEY": credentials.SecretAccessKey,
 		"SPOTINST_TOKEN":        os.Getenv("SPOTINST_TOKEN"),
 		"SPOTINST_ACCOUNT":      os.Getenv("SPOTINST_ACCOUNT"),
-		"TF_PLUGIN_CACHE_DIR":   fmt.Sprintf("%s/plugin-cache", filepath.Dir(terraformExecPath)),
+		"TF_PLUGIN_CACHE_DIR":   pluginCacheDir,
 	}
 
-	// this overrides all ENVVARs that are passed to Terraform
 	err = tf.SetEnv(env)
 	if err != nil {
 		return nil, err
 	}
 
 	tfPluginMux.Lock()
-	err = tf.Init(ctx, tfexec.Upgrade(true))
-	tfPluginMux.Unlock()
+	defer tfPluginMux.Unlock()
+
+	lockFile, err := lockPluginCache(pluginCacheDir)
+	if err != nil {
+		return nil, fmt.Errorf("failed to acquire plugin cache lock: %w", err)
+	}
+	defer unlockPluginCache(lockFile)
 
+	err = tf.Init(ctx, tfexec.Upgrade(true))
 	if err != nil {
 		return nil, err
 	}
