BUG: Cannot run-all apply with plan file

[schlomo]

I want to apply based on a plan. So first I run terragrunt run-all plan -out tf.plan which works and puts a tf.plan file into every module directory.

When I then try to run terragrunt run-all apply tf.plan it fails like this:

$ terragrunt run-all --terragrunt-non-interactive --terragrunt-log-level info apply tf.plan
INFO[0000] Stack at /home/schlomo/src/chromebooks-in-deutschland/aws/certificate:
  => Module /home/schlomo/src/chromebooks-in-deutschland/aws/certificate (excluded: false, dependencies: []) 
Are you sure you want to run 'terragrunt apply' in each folder of the stack described above? (y/n) INFO[0000] The non-interactive flag is set to true, so assuming 'yes' for all prompts 
INFO[0000] Running command: terraform --version          prefix=[/home/schlomo/src/chromebooks-in-deutschland/aws/certificate] 
INFO[0000] Terraform version: 0.14.6                     prefix=[/home/schlomo/src/chromebooks-in-deutschland/aws/certificate] 
INFO[0000] Detected 1 Hooks                              prefix=[/home/schlomo/src/chromebooks-in-deutschland/aws/certificate] 
INFO[0000] Running command: terraform apply tf.plan -input=false -auto-approve  prefix=[/home/schlomo/src/chromebooks-in-deutschland/aws/certificate] 
Too many command line arguments. Configuration path expected.
INFO[0000] Detected 1 Hooks                              prefix=[/home/schlomo/src/chromebooks-in-deutschland/aws/certificate] 
INFO[0000] Module /home/schlomo/src/chromebooks-in-deutschland/aws/certificate has finished with an error: Hit multiple errors:
Hit multiple errors:
exit status 1  prefix=[/home/schlomo/src/chromebooks-in-deutschland/aws/certificate] 
ERRO[0000] Encountered the following errors:
Hit multiple errors:
Hit multiple errors:
exit status 1 

The root cause seems to be the way how terragrunt calls terraform:

terraform apply tf.plan -input=false -auto-approve

which fails with

Too many command line arguments. Configuration path expected.

because terraform expects the plan file to be the last command line argument, given after all the options.

Am I doing something wrong here? My versions are:

terragrunt version v0.28.3
Terraform v0.14.6

My sources are in https://github.com/schlomo/chromebooks-in-deutschland/tree/cloudfront/aws

[ZF-fredericvanlinthoudt]

We have the same issue at our side!

Looks like this part caused it to break: https://github.com/gruntwork-io/terragrunt/commit/7b2e87569e0df31579fd304b35d540d3209f3f7a#diff-fbaccdaf1ea9f78ae69c6b3910b2508d9bc578801035a65c6d110fa6e717dd73R52

-input=false / -auto-approve are being appended at the end of the Terraform command while Terraform expects the plan file as the last argument.

[jthenne]

I'm just astonished this passed testing.

[lorengordon]

As a workaround while waiting for a patch, I've reverted to 0.27.4 wherever I use this workflow.

[yorinasub17]

Have a PR with a fix in https://github.com/gruntwork-io/terragrunt/pull/1544

We missed this because we generally discourage using plan-all especially with plan files due to the issues surrounding dependencies. If you want to know why, you can read through the warning at https://terragrunt.gruntwork.io/docs/reference/cli-options/#plan-all-deprecated-use-run-all . With that said, this is something we do want to allow working so there is a new regression test in the PR to ensure it works going forward.

[jthenne]

This happens also on terragrunt run-all apply --terragrunt-parallelism 5 --terragrunt-non-interactive terragrunt version v0.28.2 Terraform v0.14.6

It's still asking for a confirmation: Are you sure you want to run 'terragrunt apply' in each folder of the stack described above? (y/n)

[yorinasub17]

@jthenne Ah I think that is actually a logging issue. If you run with --terragrunt-log-level info, you should a log entry immediately following that that saids something along the lines of Skipping interactive prompts due to running in non-interactive mode.

[jthenne]

It did break our CICD. I fixed it by adding --terragrunt-log-level as in: terragrunt run-all --terragrunt-non-interactive --terragrunt-source-update --terragrunt-parallelism 5 --terragrunt-log-level info apply

[yorinasub17]

Fix rolled out as https://github.com/gruntwork-io/terragrunt/releases/tag/v0.28.4 . Binaries should show up shortly.

[aadi308]

Hey, I'm looking to create multiple AWS resources using Terragrunt's plan output file. These resources have dependencies on each other; EC2 instances and a transit gateway are reliant on a VPC. However, when applying Terragrunt using the plan, I encounter an issue where it's using a mock output value. This issue is only happening while using terragrunt apply-all plan. $ terragrunt plan-all -out plan $ terragrunt apply-all plan

. ├── accounts.json ├── common.hcl ├── modules │   ├── shared-ec2 │   │   ├── cloudwatch-alarm.tf │   │   ├── context.tf │   │   ├── docs │   │   │   ├── targets.md │   │   │   └── terraform.md │   │   ├── eni.tf │   │   ├── LICENSE │   │   ├── main.tf │   │   ├── Makefile │   │   ├── outputs.tf │   │   ├── README.md │   │   ├── README.yaml │   │   ├── security_group.tf │   │   ├── ssm_patch.tf │   │   ├── variables.tf │   │   └── versions.tf │   └── vpc-module │   ├── CHANGELOG.md │   ├── LICENSE │   ├── locals.tf │   ├── main.tf │   ├── Makefile │   ├── outputs.tf │   ├── README.md │   ├── UPGRADE-3.0.md │   ├── variables.tf │   ├── versions.tf │   └── vpc-flow-logs.tf ├── README.md ├── sandbox-account │   ├── account.hcl │   ├── ap-south-1 │   │   ├── ec2-instance │   │   │   ├── instance1 │   │   │   │   ├── key-pair.pub │   │   │   │   └── terragrunt.hcl │   │   │   └── instance2 │   │   │   ├── key-pair.pub │   │   │   └── terragrunt.hcl │   │   ├── network │   │   │   ├── tgw-route │   │   │   │   ├── tgw-route-vpc1 │   │   │   │   │   ├── main.tf │   │   │   │   │   └── terragrunt.hcl │   │   │   │   └── tgw-route-vpc2 │   │   │   │   ├── main.tf │   │   │   │   └── terragrunt.hcl │   │   │   ├── transit-gateway │   │   │   │   └── transit-peer │   │   │   │   └── terragrunt.hcl │   │   │   └── vpc │   │   │   ├── vpc1 │   │   │   │   └── terragrunt.hcl │   │   │   └── vpc2 │   │   │   └── terragrunt.hcl │   │   └── region.hcl └── terragrunt.hcl

Error: creating Security Group BASTION-VM2): InvalidVpcId.Malformed: The vpc ID 'mock-vpc-id' is malformed │ status code: 400, request id: ffa7fa8d-e489-4582-a7d5-9986cd617fe9 │ │ with module.security_group.aws_security_group.default[0], │ on .terraform/modules/security_group/main.tf line 27, in resource "aws_security_group" "default": │ 27: resource "aws_security_group" "default" { │ ╵ ╷ │ Error: creating Security Group (BASTION-VM): InvalidVpcId.Malformed: The vpc ID 'mock-vpc-id' is malformed │ status code: 400, request id: 134f4211-4f2f-4680-87cb-d1f2cdd42e45 │ │ with module.security_group.aws_security_group.default[0], │ on .terraform/modules/security_group/main.tf line 27, in resource "aws_security_group" "default": │ 27: resource "aws_security_group" "default" { │ ╵ Releasing state lock. This may take a few moments... ERRO[0100] terraform invocation failed in /home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance1/.terragrunt-cache/vvlkMM3RQpZp4fFRFn2aLwx0B8Y/kDR0sdsVyL47k-CUEDXVQyrNB0k prefix=[/home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance1] ERRO[0100] Module /home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance1 has finished with an error: 1 error occurred:

• [/home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance1/.terragrunt-cache/vvlkMM3RQpZp4fFRFn2aLwx0B8Y/kDR0sdsVyL47k-CUEDXVQyrNB0k] exit status 1 prefix=[/home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance1] ERRO[0100] terraform invocation failed in /home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance2/.terragrunt-cache/VcyDj6teGNwPyCJ9E86gu6FLW5Q/kDR0sdsVyL47k-CUEDXVQyrNB0k prefix=[/home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance2] ERRO[0100] Module /home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance2 has finished with an error: 1 error occurred:
• [/home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance2/.terragrunt-cache/VcyDj6teGNwPyCJ9E86gu6FLW5Q/kDR0sdsVyL47k-CUEDXVQyrNB0k] exit status 1 prefix=[/home/aadi/cscaf-terraform-infra/sandbox-account/ap-south-1/ec2-instance/instance2]

[jubr]

FYI according to docs this can now be done with:

terragrunt run-all plan --terragrunt-out-dir /tmp/tfplan
terragrunt run-all apply --terragrunt-out-dir /tmp/tfplan