search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io
Other
42.76k stars 9.56k forks source link

Make data source removal from state more visible #24022

Open radeksimko opened 4 years ago

radeksimko commented 4 years ago

Removal of resources from config schedules them for removal during the next apply and user has to acknowledge that. It is therefore possible to confirm intentions and prevent accidents. Even when the user chooses to ignore plan, the apply output will notify them of the removal via

packet_project.test: Creating...
packet_project.test: Creation complete after 3s [id=e54f07ec-3c5e-4d26-9519-daaa3dda273b]

Removal of data sources is practically invisible and always happens behind the scenes.

This can lead to a confusing UX where user is prompted to confirm application of an empty plan:

Example

Before

resource "packet_project" "test" {
  name = "tfacc-precreated_ip_block-lqyns2uvun"
}

data "packet_ip_block_ranges" "test2" {
  project_id = packet_project.test.id
}

After

resource "packet_project" "test" {
  name = "tfacc-precreated_ip_block-lqyns2uvun"
}

Apply

$ terraform apply -refresh=false

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

Terraform will perform the following actions:

Plan: 0 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:

Also resources seem to have some sort of fallback mechanism where they still get refreshed based on the existing state (without config), unlike data sources.

While we discourage use of -refresh=false (for good reasons), this can also happen accidentally when user points Terraform to wrong (empty) directory, which can be more unconscious human mistake. In such case the resources get refreshed, but all data sources are gone from the state.

^ that is what happened in my case

apparentlymart commented 4 years ago

I think this problem is a different specific symptom of the same general problem described in #15419, though it's interesting to see that Terraform is considering this as a change needing to be applied: that suggests that the situation around #15419 has changed in the meantime, and I wonder therefore if a change to a data resource might now also appear as an empty diff to confirm. :thinking:

I didn't include the removal of data resources in there, but I suppose potentially it could be handled a bit like the data source change in the UI mock I shared over there:

  # data.packet_ip_block_ranges.test2 has been removed since last apply
  - data "packet_ip_block_ranges" "test2" {
    - project_id = "(whatever a packet project id looks like)"
  }

I'm not going to merge these two issues for now since the situations do seem a little different, but I'm leaving this comment mainly to create the connection between the two issues.