Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Imports persisted to state on plan_only runs #149

Open
fenech opened this issue Apr 9, 2021 · 4 comments
Open

Imports persisted to state on plan_only runs #149

fenech opened this issue Apr 9, 2021 · 4 comments

Comments

@fenech
Copy link

fenech commented Apr 9, 2021

When plan_only is used, the state is updated with any resources that were imported. This can lead of inconsistencies if the resource definitions change before the plan is applied.

In our use case, we run using plan_only during a Pull Request and may make changes before merging/applying. It would be useful to prevent the imports from being persisted until after the apply.
@fenech
Copy link
Author

fenech commented Apr 9, 2021

I guess that this behaviour was inadvertently added as a consequence of #146

@ljfranklin
Copy link
Owner

It would be useful to prevent the imports from being persisted until after the apply.

That's not how Terraform works unfortunately. Running terraform import immediately updates the statefile to include IDs for those resources, although it does not modify the actual resources. When generating a Plan, you have to run the import prior to generating the plan so that the plan includes "update" operations for those existing imported resources rather than "create" operations. I don't think Terraform supports the workflow you're describing where you generate a plan with a list of imports but don't want to actually add the imports to the statefile until later.

@fenech
Copy link
Author

fenech commented Apr 9, 2021

My problem isn't that the state file is updated; as you say, that makes sense. The problem is that the updated state file ends up being pushed to S3.

@ljfranklin
Copy link
Owner

Again, that's something Terraform does automatically. When you have a backend configured and run terraform import, Terraform will immediately update your statefile in that storage backend like S3. The import command is mostly intended for one-off surgeries on your statefile like initially migrating your stack to Terraform. Relying on import as part of your normal workflow is likely to cause friction like you're seeing, Terraform really wants to create its resources directly.

The only workaround I can think of is to add a task to download the existing statefile from S3 then configure the plan step to use a local backend pointing to that file rather than using the S3 backend directly, although I'm not positive if that will work either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ljfranklin @fenech