search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.31k stars 9.49k forks source link

Guardrails on `state mv` #11176

Open Gary-Armstrong opened 7 years ago

Gary-Armstrong commented 7 years ago

I wanted to rename a AWS SG rule resource but I accidentally did this:

terraform state mv aws_security_group_rule.wxmix_pfp_elb_egress aws_security_group.pfp_elb_egress

I'd like to ask that TF not allow such terrible things without a force flag. I say force flag because I seem to all-too-frequently need to jump guardrails. I want to be alerted when I do dumb things but not outright prevented from doing dumb things.

Terraform Version

0.8.1

Affected Resource(s)

Core , presumably

Expected Behavior

I expected to "rename" a resource but I typoed the resource type. I'd expect TF to complain that I am changing one resource into another.

Actual Behavior

TF happily did what I said instead of what I wanted. Welcome to Computer!

Steps to Reproduce

Just use state mv to change a aws_security_group_rule into a aws_security_group. I haven't made time to test permutations of this with varying HCL and resource types, but it seems trivial.

geoffreywiseman commented 7 years ago

You can also rename a resource into something that is not a recognized resource, which is then hard to fix without a manual edit. Definitely would like more guardrails.

nbering commented 7 years ago

I did the exact same thing once and had to pull my state file from remote and edit locally to fix it. Fortunately, the "type" property was still maintained so terraform plan/apply knew something was very wrong and aborted, but state mv couldn't fix it.