search

ovotech / circleci-orbs

CircleCI Orbs
MIT License
52 stars 37 forks source link

Plan comparison fails for move actions #473

Open shaunkillingbeck opened 2 years ago

shaunkillingbeck commented 2 years ago

There is a more recent feature that allows resources to be moved via configuration rather than terraform state mv commands. A very handy feature!

Unfortunately, when there is only a "move" action to perform, the lines that compact_plan.py looks for to find a plan are not printed and so it is not treated as a plan. For example:

[...]
module.orion_migration_omp_engine.aiven_kafka_acl.omp_task_status_read_data_platform_secure["omp_task_status_v1"]: Refreshing state... [id=ap1-prod-1/kafka-prod/acl39b6abe2093]
module.orion_migration_omp_engine.aiven_kafka_acl.omp_task_status_read_data_platform_secure["omp_task_status_v2"]: Refreshing state... [id=ap1-prod-1/kafka-prod/acl3abf60c7aae]

Terraform will perform the following actions:

  # module.reads-and-consumption.aiven_kafka_acl.energy_charging_topic_merger_rac_daily_electricity_consumption_v1_read has moved to module.reads-and-consumption.aiven_kafka_acl.energy_charging_topic_merger_rac_daily_electricity_consumption_v1_read[0]
    resource "aiven_kafka_acl" "energy_charging_topic_merger_rac_daily_electricity_consumption_v1_read" {
        id           = "ap1-prod-1/kafka-prod/acl3ae0a2b4b23"
        # (6 unchanged attributes hidden)
    }

Plan: 0 to add, 0 to change, 0 to destroy.
Releasing state lock. This may take a few moments...

The full output including all the Refreshing state... lines is added to the GitHub comment, and when this is later compared with cmp.py it is unlikely to ever match because the Refreshing state... lines do not appear in a deterministic order. As such CD pipeline will continue to fail and changes will not be applied.

marksmithson commented 1 year ago

Had some issue when trying to just add an output

In this case the lines in compact_plan.py don't match. We do have a line Changes to Outputs: that could be used?

Output sample below:

module.network.module.public-ovo.module.zone_1.google_compute_instance_group_manager.nat: Refreshing state... [id=projects/billing-statements-aus-prod/zones/australia-southeast1-a/instanceGroupManagers/prod-aus-permanent-ovo-nat-australia-southeast1-a]
module.network.module.public-ovo.module.zone_3.google_compute_instance_group_manager.nat: Refreshing state... [id=projects/billing-statements-aus-prod/zones/australia-southeast1-c/instanceGroupManagers/prod-aus-permanent-ovo-nat-australia-southeast1-c]

Changes to Outputs:
  + container_registry = "australia-southeast1-docker.pkg.dev/billing-statements-aus-prod/default"

You can apply this plan to save these new output values to the Terraform
state, without changing any real infrastructure.

Warning: Deprecated Attribute

  with module.network.module.public-ovo.google_compute_firewall.public_ovo_ingress_allow_ovo,
  on ../../modules/aus/public-ovo/ovo.tf line 41, in resource "google_compute_firewall" "public_ovo_ingress_allow_ovo":
  41:   enable_logging = true

Deprecated in favor of log_config

(and one more similar warning elsewhere)
Releasing state lock. This may take a few moments...