search

CircleCI-Public / terraform-orb

Deploy your infrastructure via a CircleCI pipeline using the Terraform orb. Integrate Infrastructure-as-Code (IaC) to help provision and manage any cloud, infrastructure, or service of your choice.
https://circleci.com/orbs/registry/orb/circleci/terraform
MIT License
10 stars 44 forks source link

terraform/plan does not work with Terraform Cloud remote backend #54

Open brent-moffit opened 2 years ago

brent-moffit commented 2 years ago

Orb Version circleci/terraform@3.0.0

Describe the bug When using the terraform orb with a Terraform Cloud based remote backend, terraform/plan fails with this error:

Error: Saving a generated plan is currently not supported

The "remote" backend does not support saving the generated execution plan locally at this time.

This happens because the orb calls terraform plan with -out=plan.out which is not supported for Terraform Cloud

To Reproduce Use a the terraform/plan command in a CircleCI job with a Terraform Cloud based backend.

Example config.yml:

version: 2.1

orbs:
  terraform: circleci/terraform@3.0.0

commands:
  terraform_setup:
    description: Configures terraform cloud credentials
    steps:
      - run:
          name: Create Terraform credentials file
          command: >-
            echo "credentials \"app.terraform.io\" {token =
            \"$TERRAFORM_TOKEN\"}" > $HOME/.terraformrc

jobs:
  terraform_plan:
    executor:
      name: terraform/default
      tag: 1.0.5
    steps:
      - checkout
      - terraform_setup
      - terraform/init:
          path: terraform
      - terraform/plan:
          path: terraform

workflows:
  Terraform_Plan:
    jobs:
      - terraform_plan

Expected behavior Terraform plan should run

Additional context The terraform orb should detect that your remote backend doesn't support saving local plans and only attempt to do so when supported. Instead the output can link to the plan in Terraform Cloud. At the very least, provide a parameter option to disable file output.

djschnei21 commented 2 years ago

passing a PLAN_ARGS of "-out=" will override the hardcoded argument and should allow this to work. workaround till the PR is merged

cameron-wellthy commented 2 years ago

Are there any updates on this? As of right now the terraform circleci orb does not work with terraform cloud. I am being forced to use the docker image rather than a circleci orb due to this issue. The above solution does not work due to how PLAN_ARGS is being set.

brent-moffit commented 2 years ago

I worked around this by constructing the terraform plan command myself instead of using the orb, as a small bonus you can get colored output this way (circle ci has no problem parsing the color markers in the plan).

cameron-wellthy commented 2 years ago

Yeah I just ended up using the terraform docker image instead of the orb since it's not very well supported with terraform cloud.

javier-fiore commented 1 year ago

Setting out="" works for me.

version: 2.1
orbs:
  terraform: circleci/terraform@3.2

executors:
  default:
    working_directory: ~/src
    docker:
      - image: hashicorp/terraform:1.3.3

commands:
  terraform-setup:
    description: Configures terraform cloud credentials
    steps:
      - run:
          command: >-
            echo "credentials \"app.terraform.io\" {token =
            \"$TERRAFORM_TOKEN\"}" > $HOME/.terraformrc
          name: Create .terraformrc file locally

jobs:
  terraform-lint:
    executor: default
    steps:
      - checkout
      - terraform-setup
      - terraform/fmt:
          path: .
          recursive: true
    working_directory: ~/src

  terraform-plan:
    parameters:
      dir:
        type: string
    executor: default
    steps:
      - checkout
      - terraform-setup
      - terraform/validate:
          path: <<parameters.dir>>
      - terraform/init:
          path: <<parameters.dir>>
      - terraform/plan:
          path: <<parameters.dir>>
          out: ""
    working_directory: ~/src

  terraform-apply:
    parameters:
      dir:
        type: string
    executor: default
    steps:
      - checkout
      - terraform-setup
      - terraform/apply:
          path: <<parameters.dir>>
    working_directory: ~/src

workflows:
  plan:
    jobs:
      - terraform-lint

      - terraform-plan:
          name: terraform-plan-basics
          dir: "basics"
          requires: [ "terraform-lint" ]
          filters:
            branches:
              ignore: master

      - terraform-apply:
          name: terraform-apply-basics
          dir: "basics"
          requires: [ "terraform-plan-basics" ]
          filters:
            branches:
              only: master

      - terraform-plan:
          name: terraform-plan-staging
          dir: "environments/staging"
          requires: [ "terraform-lint" ]
          filters:
            branches:
              ignore: master

      - terraform-apply:
          name: terraform-apply-staging
          dir: "staging"
          requires: [ "terraform-plan-staging" ]
          filters:
            branches:
              only: master

      - terraform-plan:
          name: terraform-plan-production
          dir: "environments/production"
          requires: [ "terraform-lint" ]
          filters:
            branches:
              ignore: master

      - terraform-apply:
          name: terraform-apply-production
          dir: "production"
          requires: [ "terraform-plan-production" ]
          filters:
            branches:
              only: master