search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.44k stars 9.51k forks source link

Feature Request: Lifecycle prevent decrease in value #16328

Open canadiannomad opened 6 years ago

canadiannomad commented 6 years ago

We are running aws_autoscaling_group, and a decrease in the desired_capacity is equivalent to destroying machines. I see lifecycle being the perfect place to perform sanity checks that protect us all from making any big "oopses." (like I did today)

Another option for this would be if there is a way for us to add a plugin that would do these types of sanity checks? If this is the best approach, can someone point me in the right direction of some skeleton code?

Thanks!

apparentlymart commented 6 years ago

Hi @canadiannomad,

Terraform currently has no built-in support for this, and indeed it's hard to implement in an external tool today because the plan file format is opaque and not documented as a public interface. We have plans to support a plan output format that can be parsed by outside programs in future, but we have decided not to support this in the short term because we are still frequently changing the internal plan format as we add new features and so we would not be able to guarantee compatibility between versions at this time. We will probably revisit this idea once we complete the current sequence of work to improve Terraform's configuration language and associated internal infrastructure, since that will cause some quite significant changes to the internal plan structures.

HashiCorp is currently rolling out Sentinel as part of Terraform Enterprise, and Sentinel does permit the sort of checking you are talking about. I understand that Terraform Enterprise is not the right answer for everyone; as noted above, future changes will hopefully allow similar tools to be built by users in-house, once the plan format is stable enough for such tools to be sustainable.

It is in principle possible to use the code within Terraform to parse Terraform's plan files from another program written in Go. We aren't able to assist with this at present and we can't guarantee that the interfaces will remain stable between Terraform releases, but it is technically possible if you are willing to absorb some maintenance effort each time you upgrade Terraform.

Hopefully we'll have more on this as we get further through the current refactoring efforts. Thanks for this suggestion!