search

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
8.01k stars 971 forks source link

auto-init always runs due to unused fields in backend config #2187

Open jonwtech opened 2 years ago

jonwtech commented 2 years ago

Terragrunt: 0.38.4 (using Alicloud OSS remote backend)

Hello,

Thanks for all the great work on Terragrunt!

I've noticed an issue where auto-init always runs even when it shouldn't need to. It seems to be caused by unused fields in my backend config not being present in the backend config block.

My backend config looks like this:

remote_state {
  backend = "oss"
  config = {
    bucket                         = "REDACTED"
    prefix                         = "${local.project_path}/${local.project_environment}"
    key                            = "terraform.tfstate"
    region                         = "eu-west-1"
    tablestore_endpoint            = "https://REDACTED.eu-west-1.ots.aliyuncs.com"
    tablestore_table               = "statelock"
  }
  generate = {
    path      = "backend.tf"
    if_exists = "overwrite"
  }
}

If I run a terragrunt init followed by e.g. a terragrunt plan I can see this logged just before the unneeded auto-init runs:

DEBU[0001] Changed from map[access_key:<nil> acl:<nil> assume_role:[] assume_role_policy:<nil> assume_role_role_arn:<nil> assume_role_session_expiration:<nil> assume_role_session_name:<nil> bucket:REDACTED ecs_role_name:<nil> encrypt:<nil> endpoint:<nil> key:terraform.tfstate prefix:REDACTED profile:<nil> region:eu-west-1 secret_key:<nil> security_token:<nil> shared_credentials_file:<nil> sts_endpoint:<nil> tablestore_endpoint:https://REDACTED.eu-west-1.ots.aliyuncs.com tablestore_table:statelock] to map[bucket:REDACTED key:terraform.tfstate prefix:REDACTED region:eu-west-1 tablestore_endpoint:https://REDACTED.eu-west-1.ots.aliyuncs.com tablestore_table:statelock]

(nb the REDACTED fields are the same in the "from" and "to" sections.)

If I populate all the unused fields in my backend config then the problem temporarily goes away:

remote_state {
  backend = "oss"
  config = {
    bucket                         = "REDACTED"
    prefix                         = "${local.project_path}/${local.project_environment}"
    key                            = "terraform.tfstate"
    region                         = "eu-west-1"
    tablestore_endpoint            = "https://REDACTED.eu-west-1.ots.aliyuncs.com"
    tablestore_table               = "statelock"
    access_key                     = null
    acl                            = null
    assume_role                    = []
    assume_role_policy             = null
    assume_role_role_arn           = null
    assume_role_session_expiration = null
    assume_role_session_name       = null
    ecs_role_name                  = null
    encrypt                        = null
    endpoint                       = null
    profile                        = null
    secret_key                     = null
    security_token                 = null
    shared_credentials_file        = null
    sts_endpoint                   = null
  }
  generate = {
    path      = "backend.tf"
    if_exists = "overwrite"
  }
}

which then allows me run terragrunt commands without auto-init occurring. However, at the point when I do re-init the project I get the following error:

│ Error: Unsupported argument
│ 
│   on backend.tf line 6, in terraform:
│    6:     assume_role                    = []
│ 
│ An argument named "assume_role" is not expected here. Did you mean to
│ define a block of type "assume_role"?
jonwtech commented 2 years ago

In case it helps anyone, my current workaround is removing the remote_state block altogether and putting my entire backend config into a generate block.