Open gidonk-pr opened 2 years ago
Hi @gidonk-pr! Thanks for sharing this use-case.
Could you say a little more about what exactly you'd expect to find in a "saved apply file"? The saved plan file is a serialization of a real data structure Terraform uses to describe a set of actions internally, but there isn't any comparable internal data structure for the apply phase except the new state snapshots it creates, which you can retrieve using terraform show -json
. Is there something specific missing from the combination of that output and the terraform apply -json
progress reports that you need for your application?
what I mean - is that in the plan output includes a key named change
which looks like so:
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"policy_arn": "XXXXXXXXX",
"role": "XXXXXX"
},
"after_unknown": {
"id": true
},
"before_sensitive": false,
"after_sensitive": {}
}
This format allows for detailed easy to view reports that will show the exact changes that took place. here is a snippet of the report that we generated (using terraform-pretty-plan):
The output from the apply
command does not contain the information in a structure that allows for this report to run, and the show
command displays the current applied state and no previous state.
Thanks for the extra context, @gidonk-pr.
What I understand, then, is that you're running terraform apply
without passing a saved plan file and so that command includes both a plan phase and an apply phase, and what you want is to retroactively access the plan Terraform generated during the plan phase, even though it was already applied and would therefore not be valid to pass to terraform apply
because the actions described in it were already taken.
Is that correct way to understand what you're hoping for here?
@apparentlymart yes :)
Great, thanks for your patience while I made sure I understood you correctly!
I expect if we were going to do this we'd probably want to name the option something different like -plan-out=...
in this case, just because it doesn't feel super clear to me that the output of an apply operation should be the plan.
I do want to be up front that I don't expect we would prioritize designing and implementing this right now because there is already a documented and working mechanism to achieve this result in Terraform, and it seems like you are only unable to use it because you've chosen to run Terraform with some wrapping software that makes it harder to access some of Terraform's existing features so perhaps there is a path to that wrapping software supporting your use-case with the Terraform functionality that already exists.
For example, it could itself potentially wrap the terraform plan -out=tfplan
and then terraform apply tfplan
workflow, presumably using a different generated filename for each plan file if there's a need to generate many of them all at once, which would be functionally equivalent to saving the same plan file from the apply step as you've proposed here; other automation wrapped around Terraform is typically designed in this way, for the same reason, based on the documented Automated Terraform CLI Workflow.
Current Terraform Version
v1.2.1
Use-cases
Mainly Report Generation.
Currently in "plan" command you can use the -out option to output the plan to a file that can be used for the apply stage. this file can also be parsed to an HTML format report. (for example: https://github.com/cloudandthings/terraform-pretty-plan that we use)
We would like to have the same option when executing the apply command directly. The current '-json' command is not informative enough as it does not show the 'before' and 'after' of each resource like the plan does.
Having to first use the plan command (with the
-out
option) and then the apply command (with the-plan
option) is not always a possible scenario (specifically when usingterragrunt run-all apply
commands: https://github.com/gruntwork-io/terragrunt/issues/720#issuecomment-497888756)