terraform icon indicating copy to clipboard operation
terraform copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

`terraform fmt` should check `required_version`

Open seanorama opened this issue 3 years ago • 2 comments

The command terraform fmt does not check the 'required_version'.

This can lead to formatting that is incompatible with the 'required_version'.

All terraform commands which read/touch the files should use the version_required.go:CheckCoreVersionRequirements function.

Terraform Version

$ terraform version
Terraform v0.15.1
on darwin_amd64

Terraform Configuration Files

terraform {
  required_version = "= 0.14.11"
}

Expected Behavior

terraform fmt should perform the 'version_required' check.

Actual Behavior

terraform fmt does not perform the 'version_required' check. It proceeds even if the current terraform version is now allowed.

Steps to Reproduce

## specify the required version
mkdir bug-terraform-fmt-version-required
cd $_
echo 'terraform { required_version = "= 0.14.11" }' > versions.tf

## ensure you are on the latest release (0.15.1)
terraform version

## execute `init`: observe that it does a version check
terraform init

## execute `fmt`: observe that it does not do a version check
terraform fmt

References

  • https://github.com/hashicorp/terraform/blob/d71f0c6149e64b14554f4a36a8273bd6b6234074/command/fmt.go
  • https://github.com/hashicorp/terraform/blob/c98f352dc81ed11547364e5665a47993eb09a138/terraform/version_required.go

seanorama avatar Apr 29 '21 08:04 seanorama

Hi @seanorama, thanks for reporting this. I believe that terraform fmt doesn't check the required version by design, as it's not considered relevant for its purpose. That said, that design decision could be reconsidered, and it would probably be more intuitive for all commands which read configuration to respect the required version if specified

This can lead to formatting that is incompatible with the 'required_version'.

Can you give examples of this? The fmt changes should not cause compatibility problems, and if they do, that might be a separate bug.

In case it's helpful to future readers of this issue, here's the pull request which implemented the required_version check for terraform taint.

alisdair avatar Apr 29 '21 14:04 alisdair

Taking a broad view of versions, it is true that terraform fmt in v0.15 would make a v0.11-compatible configuration no longer parseable with Terraform v0.11, so this does seem to be a valid observation even though v0.11 and v0.15 are quite far apart from one another.

I think what we'll need to think through here is the likelihood that someone is already using required_version for some other reason but has an out-of-band mechanism using terraform fmt, such as a global PR check that tries to enforce a particular style across various repositories even though some of them might be using different Terraform versions at runtime. I'm not sure right now if that is a hypothetical concern or a real one; I expect it'll take some research to reach a conclusion on it.

apparentlymart avatar Apr 30 '21 15:04 apparentlymart