terraform init: add link to documentation when a checksum is missing from the lock file

internal/command/init.go

@@ -761,6 +761,20 @@ func (c *InitCommand) getProviders(config *configs.Config, state *states.State,
 				// but rather just emit a single general message about it at
 				// the end, by checking ctx.Err().
 
+			case providercache.ErrProviderChecksumMiss:
+				// This is a special kind of error that can often be fixed using
+				// the `terraform providers lock` command. We're just going to
+				// amend the actual error message with some extra information
+				// about how to fix this.
+
+				diags = diags.Append(tfdiags.Sourceless(
+					tfdiags.Error,
+					"Failed to install provider",
+					fmt.Sprintf("Error while installing %s v%s: %s\n\nYou can ensure the current platform, %s, is included in the dependency lock file by running: `terraform providers lock -provider=%s`.\n\nIf this does not fix the problem you may need to reset any provider caching present in your setup or make sure you are connecting to valid provider distributions.",
+						provider.ForDisplay(), version, err.Msg, err.Meta.TargetPlatform.String(), err.Meta.TargetPlatform.String(),
+					),
+				))
+
 			default:
 				// We can potentially end up in here under cancellation too,
 				// in spite of our getproviders.ErrRequestCanceled case above,

internal/getproviders/errors.go

@@ -210,7 +210,7 @@ func (err ErrQueryFailed) Unwrap() error {
 	return err.Wrapped
 }
 
-// ErrRequestCancelled is an error type used to indicate that an operation
+// ErrRequestCanceled is an error type used to indicate that an operation
 // failed due to being cancelled via the given context.Context object.
 //
 // This error type doesn't include information about what was cancelled,

internal/providercache/errors.go

@@ -0,0 +1,14 @@
+package providercache
+
+import "github.com/hashicorp/terraform/internal/getproviders"
+
+// ErrProviderChecksumMiss is an error type used to indicate a provider
+// installation failed due to a mismatch in the terraform provider lock file.
+type ErrProviderChecksumMiss struct {
+	Meta getproviders.PackageMeta
+	Msg  string
+}
+
+func (err ErrProviderChecksumMiss) Error() string {
+	return err.Msg
+}

internal/providercache/package_install.go

@@ -116,10 +116,13 @@ func installFromLocalArchive(ctx context.Context, meta getproviders.PackageMeta,
 				meta.Provider, meta.Version, meta.Location, err,
 			)
 		} else if !matches {
-			return authResult, fmt.Errorf(
-				"the current package for %s %s doesn't match any of the checksums previously recorded in the dependency lock file",
-				meta.Provider, meta.Version,
-			)
+			return authResult, ErrProviderChecksumMiss{
+				Meta: meta,
+				Msg: fmt.Sprintf(
+					"the current package for %s %s doesn't match any of the checksums previously recorded in the dependency lock file",
+					meta.Provider, meta.Version,
+				),
+			}
 		}
 	}
 
@@ -198,10 +201,13 @@ func installFromLocalDir(ctx context.Context, meta getproviders.PackageMeta, tar
 				meta.Provider, meta.Version, meta.Location, err,
 			)
 		} else if !matches {
-			return authResult, fmt.Errorf(
-				"the local package for %s %s doesn't match any of the checksums previously recorded in the dependency lock file (this might be because the available checksums are for packages targeting different platforms)",
-				meta.Provider, meta.Version,
-			)
+			return authResult, ErrProviderChecksumMiss{
+				Meta: meta,
+				Msg: fmt.Sprintf(
+					"the local package for %s %s doesn't match any of the checksums previously recorded in the dependency lock file (this might be because the available checksums are for packages targeting different platforms)",
+					meta.Provider, meta.Version,
+				),
+			}
 		}
 	}