search

Azure / azure-dev

A developer CLI that reduces the time it takes for you to get started on Azure. The Azure Developer CLI (azd) provides a set of developer-friendly commands that map to key stages in your workflow - code, build, deploy, monitor, repeat.
https://aka.ms/azd
MIT License
413 stars 202 forks source link

[Issue] Azd down --no-prompt hangs in pipeline and does not initialise terraform #4317

Open markwragg opened 2 months ago

markwragg commented 2 months ago

Output from azd version

azd version 1.10.1 (commit 31409a33266fb4a5fdbb644bc83988e725d6c7c9)

Describe the bug

I am trying to setup a pipeline to tear down environments. I use Terraform as the backend. I want to be able to run azd down --preview but that option isn't available, however it looks like azd down prompts for confirmation by default, so it looks like I should be able to get a preview of the Terraform destroy by running azd down --no-prompt which i'd expect it to show the Terraform destroy plan and then stop execution because the default confirmation would be not to continue, however the pipeline task just hangs. The only way to get destroy to run in the pipeline is to use azd down --no-prompt --force. There's no way to preview the changes first.

Additionally azd down does not perform a terraform init, so running it on its own in a pipeline just throws an error "backend initialization required". I can workaround this by running azd provision --preview first but it would be nice not to have to.

To Reproduce

Setup an Azure DevOps pipeline task to run azd down --no-prompt. The task will hang.

Expected behavior

azd down --no-prompt = Should output the Terraform destroy plan and then the task should exit with no error, as if the confirmation prompt was answered with "no".

Alternatively implement an azd down --preview that when Terraform is the backend performs terraform destroy -plan.

Either should also perform a terraform init so that you don't have to unnecessarily (and confusingly) run azd provision --preview (unless there's some better alternative I'm missing here).

Environment

Azure DevOps pipeline self hosted agent running unbuntu. Azd tasks run as Bash.

Additional context

None

weikanglim commented 2 months ago

tagging @kristenwomack for terraform related awareness.

@markwragg thanks for raising this! I believe your asks are along the lines of:

  1. azd down for terraform should first do a preview of resources being deleted. It should prompt the user.
  2. azd down --no-prompt should either accept or deny the confirmation by default. The suggestion made here is to deny. I could see a different world where accept is the default -- perhaps we need to learn more about the scenario here.

Please let me know if there were things not captured above.

Regarding terraform down requiring terraform init -- I suspect that since you're running on different stages, you may want to share the backend state. See backend on how to configure this to work for your scenario.

markwragg commented 2 months ago

Yes that pretty much covers it, except to say there's already a way to force a "yes" answer to the destroy plan (which is already output by default) as azd down has --force for that.

Regarding state, I'm already using a backend config with remote state but azd down doesn't run terraform init so it doesn't get set up like it does when you run azd provision. And I can't run terraform init directly as my backend config file has environment variables which I'm relying on azd to populate. Let me know if I'm just doing something wrong here, but I think it's setup per your documentation.

weikanglim commented 2 months ago

except to say there's already a way to force a "yes" answer to the destroy plan (which is already output by default) as azd down has --force for that.

I see. Your suggestion is that azd down --no-prompt fails, but azd --no-prompt --force would accept all prompts and have it complete. I'm wondering what --no-prompt would mean in this scenario for you (and if it's redundant in your mind).

I can't run terraform init directly as my backend config file has environment variables which I'm relying on azd to populate.

You may be right here (sorry for not fully understanding the terraform details here). If time permitting, would you be able to paste a quick error message of what the error looks like, or a quick description of what you would normally run against terraform CLI directly?

My very limited understanding here is that azurerm does support environment variable configuration, so perhaps something like:

export ARM_ACCESS_KEY=your-storage-account-access-key
export ARM_RESOURCE_GROUP_NAME=your-resource-group-name
export ARM_STORAGE_ACCOUNT_NAME=your-storage-account-name
export ARM_CONTAINER_NAME=your-container-name
export ARM_KEY=path/to/your/terraform.tfstate

terraform destroy

would work. But I don't fully understand the details yet, and there may be something specific to your setup.