Implement warning message about resources being refreshed and the option to stop that

[EugenKon]

Terraform Version

v1.7.4

Use Cases

It will be useful to prevent refresh of unwanted resources when -target option was used.

Attempted Solutions

#34962 (comment)

Proposal

• If -target option was used
• And other resource need to be refreshed/updated that is not listed in -target options.

Show the warning message with a list of resources need to be refreshed/updated and mention -refresh=false option. Eg.

These XXX, YYY resources additionally to -target are planned to be refreshed/updated.
Use -refresh=false if you want to prevent this refresh/udpate.

References

#34962 (comment)

[jbardin]

Hi @EugenKon,

Thanks for filing the issue. The -target option is intended to include all dependencies to ensure the targets can be fully evaluated -- I think it would be unusual to display a warning about the option working as designed. Since it seems you're looking for something which is not the intended use of -target, can you give an example of the problem you are trying to solve?

Thanks!

[EugenKon]

@jbardin This was described in the linked issue: #34962 (comment)

So I just want to use a different Launch Template, but TF suggest to update other related resources.

[jbardin]

@EugenKon, it sounds like you have resources which are being managed both by Terraform, and manually outside of Terraform, which isn't something that Terraform was designed to handle. If these resources are not meant to be managed by Terraform, then it would be more appropriate to use a data source to read the existing state rather than trying to -target around changes in managed resources. If you need to create the resources via Terraform but accept some changes externally, you could also use ignore_changes to avoid overwriting select attributes when the configuration no longer matches reality.

[EugenKon]

I understand that I can use additional options, but it would be nice (as was described in the linked issue) if TF could display hints about them.

I also understand that it is better to manage everything in TF, but there are transition period and TF should not break other parts of a cluster during it. If it tries, the appropriate message should be displayed. It will help a lot to understand what is happening.

[jbardin]

Thanks for the extra context @EugenKon. Since we're probably not going to add warnings to -target about what it is intended to do, and does nearly every time it's used, I think we can close this particular request. I think what would be more applicable here is to follow #26812 and/or #2253 (those will probably be closed together by whatever new feature is implemented), which would allow for something with more detailed control that -target can provide.

[jbardin]

Duplicate of #26812

[EugenKon]

@jbardin
Sorry, but I do not agree that this is intended to do. Here is the doc:

Terraform lets you target specific resources when you plan, apply, or destroy your infrastructure.
You can use Terraform's -target option to target specific resources, modules, or collections of resources.

At lease document that unexpected behaviour. From the following documentation https://developer.hashicorp.com/terraform/tutorials/state/resource-targeting I do not expect that terraform will change the resources other than targeted.

That is easy to miss that more resources are changed and destroy something important occasionally, eg. terraform plan -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -target ... -out many_targets. The n-th target was not changed, but another resource is dependant and automatically added to the list of planned changes. So overall count of changed resources is equal of number of -targets. But without proper attention this automatically planned change will break the access to the cluster.

This is good that terraform behaves as designed and as intended, but this should be properly documented or, at least, warning message is issued to not surprise your users.
Thank you.

[jbardin]

The reference documentation for -target is here: https://developer.hashicorp.com/terraform/cli/commands/plan#resource-targeting, which does state

Once Terraform has selected one or more resource instances that you've directly targeted, it will also then extend the selection to include all other objects that those selections depend on either directly or indirectly.

We can look into making a link back there more apparent from the tutorial you are looking at (the tutorials are developed separately from this repository). The ability to have a lower-level control from -target is a request the product team is aware of, and will be updated through the linked issues. Given the much greater visibility of the linked issues, any changes in cli behavior is most likely going to arise from those requests.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.