flux-iac
Set runner.InitRequest.Upgrade to false by default
Prevents terraform runner to upgrade all providers, and will respect the definition of the terraform lock file if any. If required, this could be parametrized, so that the user can decide whether to enable upgrade option or not.
@hmonsalv thank you for this PR.
Would you like to try adding a new field to the CR? Maybe like this:
kind: Terraform
spec:
upgrade: false # default to true
The new upgrade flag would still be true by default to retrain compatibility. We would come back later for example in v1alpha3 or v1beta1 to set this value to false by default.
Here's another field, RefreshBeforeApply, which provides a flag but for the apply phase: https://github.com/weaveworks/tf-controller/blob/main/api/v1alpha2/terraform_types.go#L214
Thanks @hmonsalv for this!
Actually @chanwit, do you think it's important to maintain backwards compatibility for this? To me it seems like the current behaviour is more like a bug, where tf-controller incorrectly upgrades providers while this should never be done automatically?
Make sense!
If many agreed, we could introduce this as a breaking change + docs by having the upgrade field default to false.
Then if users wanted the old behavior, they would go setting it to true.
@defreng would you be able to help with the docs part for this PR?
Hi @chanwit
mmh - not so sure... I guess the relevant documentation in upstream terraform is this one: https://developer.hashicorp.com/terraform/language/files/dependency-lock
Can you please add the user configurable field in the spec?
As far as I see the correct behaviour would be to NOT upgrade by default. The whole purpose of the controller is to maintain consistency with the git repository (gitops) and prevent most events that would result deviation from the source.
(also docs 😆)
This feature is now present (https://github.com/flux-iac/tofu-controller/pull/1471) and this PR can be closed.
