Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backend/local: treat output changes as side-effects to be applied #25047

Merged
merged 2 commits into from
May 29, 2020

Conversation

apparentlymart
Copy link
Contributor

@apparentlymart apparentlymart commented May 27, 2020

This is a baby-step towards an intended future where all Terraform actions which have side-effects in either remote objects or the Terraform state can go through the plan+apply workflow.

This initial change is focused only on allowing plan+apply for changes to root module output values, so that these can be written into a new state snapshot (for consumption by terraform_remote_state elsewhere) without having to go outside of the primary workflow by running terraform refresh. This applies both to direct changes to output blocks and to indirect changes via other objects used in an output's value expression.

This is also better than terraform refresh because it gives an opportunity to review the proposed changes before applying them, as we're accustomed to with resource changes.

The downside here is that Terraform Core was not designed to produce accurate changesets for root module outputs. Although we added a place for it in the plan model in Terraform 0.12, Terraform Core currently (intentionally, to reduce 0.12 release scope) produces inaccurate changesets there which don't properly track the prior values.

We're hoping to rework Terraform Core's evaluation approach in a forthcoming release so it would itself be able to distinguish between the prior state and the planned new state to produce an accurate changeset, but this commit introduces a temporary stop-gap solution of implementing
the logic up in the local backend code, where we can freeze a snapshot of the prior state before we take any other actions and then use that to produce an accurate output changeset to decide whether the plan has externally-visible side-effects and render any changes to output values.

This temporary approach should be replaced by a more appropriately-placed solution in Terraform Core in a later release, which should then allow further behaviors in similar vein, such as user-visible drift detection for resource instances.

This is a partial implementation of #15419, so it will not close that issue but it will achieve one aspect of it and deal with a specific pain-point when making changes to outputs.


This also includes two minor corrections to the documentation pages for terraform plan and terraform apply which I spotted while I was looking there to see how to note what Terraform considers to be a change.

@codecov
Copy link

codecov bot commented May 28, 2020

Codecov Report

Merging #25047 into master will decrease coverage by 0.00%.
The diff coverage is 57.37%.

Impacted Files Coverage Δ
command/format/diff.go 85.71% <0.00%> (-2.74%) ⬇️
plans/objchange/action.go 0.00% <0.00%> (ø)
backend/local/backend_apply.go 39.33% <66.66%> (+0.40%) ⬆️
backend/local/backend_plan.go 73.02% <85.89%> (+5.19%) ⬆️
command/show.go 55.94% <100.00%> (ø)
terraform/node_resource_plan.go 91.80% <0.00%> (-1.64%) ⬇️
terraform/evaluate.go 53.60% <0.00%> (+0.45%) ⬆️

This is a baby-step towards an intended future where all Terraform actions
which have side-effects in either remote objects or the Terraform state
can go through the plan+apply workflow.

This initial change is focused only on allowing plan+apply for changes to
root module output values, so that these can be written into a new state
snapshot (for consumption by terraform_remote_state elsewhere) without
having to go outside of the primary workflow by running
"terraform refresh".

This is also better than "terraform refresh" because it gives an
opportunity to review the proposed changes before applying them, as we're
accustomed to with resource changes.

The downside here is that Terraform Core was not designed to produce
accurate changesets for root module outputs. Although we added a place for
it in the plan model in Terraform 0.12, Terraform Core currently produces
inaccurate changesets there which don't properly track the prior values.

We're planning to rework Terraform Core's evaluation approach in a
forthcoming release so it would itself be able to distinguish between the
prior state and the planned new state to produce an accurate changeset,
but this commit introduces a temporary stop-gap solution of implementing
the logic up in the local backend code, where we can freeze a snapshot of
the prior state before we take any other actions and then use that to
produce an accurate output changeset to decide whether the plan has
externally-visible side-effects and render any changes to output values.

This temporary approach should be replaced by a more appropriately-placed
solution in Terraform Core in a release, which should then allow further
behaviors in similar vein, such as user-visible drift detection for
resource instances.
The "apply" documentation contained a simple typo, while the "plan"
documentation contained outdated information about using
"terraform plan PLANFILE" to view a plan. The latter is now a separate
command entirely, since Terraform 0.12: "terraform show PLANFILE".
@apparentlymart apparentlymart force-pushed the f-outputs-plan-shortterm branch from 9592df7 to f010d2d Compare May 28, 2020 22:59
@apparentlymart apparentlymart marked this pull request as ready for review May 28, 2020 23:03
@apparentlymart apparentlymart requested a review from a team May 28, 2020 23:03
@apparentlymart apparentlymart self-assigned this May 28, 2020
@ghost
Copy link

ghost commented Jun 29, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Jun 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants