Fix a bug when trying to destroy resources using the `remote` backend

pwillis-els / terraformsh

A wrapper for Terraform in Bash

MIT License

66 stars 12 forks source link

Fix a bug when trying to destroy resources using the `remote` backend #3

Closed AMKamel closed 2 years ago

AMKamel commented 2 years ago

In order to avoid executing and apply command to remote terraform cloud workspace when trying to destroy resources, changing the destroy function to use destroy sub command instead of apply will avoid this issue when trying to destroy with -P flag which is the only way to deal with the remote backend since it currently does not support saving plan files which is the default behavior for terraformsh right now.

AMKamel commented 2 years ago

I think the same can be applied with terraformsh -E "CMDS=(destroy) DESTROY_ARGS=(-auto-approve)"

AMKamel commented 2 years ago

Actually that didn't work

pwillis-els commented 2 years ago

Hi @AMKamel , can you tell me a little more about the issue you're having? Which version of Terraform are you using? Can you tell me what the use case is? I haven't used workspaces much.

Particularly I'm curious what the implication of switching from apply to destroy is, in terms of preserving the behavior where using destroy requires the use of a plan file. By that I mean, terraformsh destroy should by default try to use a plan file. In the past I found that I could only do that by using 'terraform apply' on a plan file that had been prepared with terraform plan -destroy -out=destroy.plan and then running terraform apply destroy.plan.

Is what you're trying to do different than this? Or is the above method causing a problem in some way?

AMKamel commented 2 years ago

If you are using terraform cloud as a remote backend, it doesn't allow you to save the plan into a file, which is the default behavior of terraformsh command.

In order to be able to overcome this you need to do a command like terraform destroy -auto-approve directly and since the destroy function at terraformsh is hard coding apply command with a destroy plan, it makes terraformsh never able to run a destroy command when using terraform backend.

an optimum solution in my opinion could be when passing the option -P the destroy function should use terraform destroy directly and not terraform apply since passing -P option to terraformsh destroy now is just like doing terraform apply

I added a screenshot of this behavior in a pull request.

AMKamel commented 2 years ago

Something like this maybe

_cmd_destroy () {
    [ "${NO_DEP_CMDS:-0}" = "0" ] && _cmd_init
    ([ "${USE_PLANFILE:-0}" = "0" ] && _runcmd "$TERRAFORM" destroy "${DESTROY_ARGS[@]}") || _runcmd "$TERRAFORM" plan "${DESTROY_ARGS[@]}" && rm -f "$TF_DESTROY_PLANFILE"
}

pwillis-els commented 2 years ago

Thanks for the info!

So, to recap:

You're using Terraform Cloud, which cannot use plan files (now I'm curious and want to look into this behavior...)
When you pass the -P option to disable use of plan files, terraformsh is erroneously running 'terraform apply' rather than 'terraform destroy'
- The proposal is that, only for the 'terraformsh destroy' command, the -P option avoids 'terraformsh destroy' from running terraform apply, since with the -P option it would never work as intended.

I like your suggestion, but I'll add a requested change to the PR

pwillis-els commented 2 years ago

Sorry I haven't replied / merged this change yet - I wanted to do a little testing just to make sure I didn't miss anything before merging. Hopefully tonight or tomorrow I'll have time to throw together some tests

AMKamel commented 2 years ago

Of course, thanks.

Take your time

pwillis-els commented 2 years ago

Thanks so much for your contribution @AMKamel ! I have added some tests and merged the code :partying_face: