Open Moeser opened 3 years ago
Thanks for filing the issue @Moeser
Yes, Terraform currently only has one method for reading the state which entails decoding it. In order to decode the state, it must go through any state upgrade paths which sets the state and terraform versions. The remote state API only provides access to the decoded state, so direct file access isn't really possible at this time.
Since this is working as intended, and the desired functionality is going to take some design work, I'm going to re-tag this as an enhancement for now.
@jbardin this feels like more of a bug then enhancement to me. At the very least I think this should be documented in cli and website.
The terraform state pull command is used to manually download and output the state from remote state. This command also works with local state.
No where in the description it says about changing the state file. This can be really hectic during the terraform upgrade process especially when encountered other issues such as https://github.com/hashicorp/terraform/issues/23290
This gave me a minor heart attack while preparing to upgrade from 0.12 to 0.13. I ran init
and plan
with 0.13 on 0.13-upgrade
d code to check for any problems, then ran terraform state pull
to sanity-check that I hadn't just tainted the state file for all of my colleagues and automated processes still running 0.12.21, and Terraform appeared to tell me that I had done exactly that. I ran to the S3 state bucket prepared to roll back to the last version of the state file only to find that it hadn't actually changed.
I had previously tested on a local state file and relied on git diff
, which showed me that the state file hadn't changed after a plan with 0.13, which is what I was expecting, so I was extra confused.
In order to decode the state, it must go through any state upgrade paths which sets the state and terraform versions
How do I find the "state upgrade paths" that are causing TF to think that the state was created with a newer version? This issue has me stuck in a loop.
Terraform Version
What I run
Expected Behavior
I expect Terraform to tell me the actual version in the remote state and not lie to me. Why is it processing the json? Shouldn't it just dump the json as-is from s3?
Actual Behavior
Terraform lied to me. It edited the state to show whatever version of binary I was running instead of the real version in the state living in s3. My feelings were hurt by Terraform's lies. I lost trust in my once trustworthy sidekick.
Steps to Reproduce
terraform state pull
, which is a totally different but related issue. This seems silly since Terraform could probably just output the json instead of processing it.terraform state pull | grep terraform_version
Additional Context
I haven't tried this for any other backends, so it may be specific to the s3 backend.
In case it's helpful: here's the output if we try to view a state with a NEWER version of Terraform than the currently running binary:
You can try to reason with it, but the conversation ends up pretty one sided.
I feel like these are two symptoms of the same problem. Terraform is processing the state during
terraform state pull
and should probably just output it directly instead of reading or manipulating the content, or lying to me like a dirty lying liar.Should it be reading or manipulating the content? Well, lets ask Terraform:
Weirdly, it doesn't say "sneakily edits the json to change the version" or "peeks at the version string and forgets how to simply output json when seeing a newer one". How strange! :)
References