azure-pipelines-tasks-terraform icon indicating copy to clipboard operation
azure-pipelines-tasks-terraform copied to clipboard

Published 20 hours ago verified publisher icon jason-johnson

False terraform change / plan detection

Open lerlacher-haylix opened this issue 2 years ago • 1 comments

Describe the bug

#268 has been closed, long live #268!

There is another edge case for terraform plan detection.

If the plan has no changes to apply, but would update terraform state / output, it prints this:

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

The terraform plan exit code is 2 (terraformPlanOkHasChanges), but the const planHasNoChangesRe = /^No changes./ regex will not match and so we get back to the same old failure state of "there should be a plan uploaded but there isn't one" which breaks the terraform plan view because of an unexpected unhandled 404.

To Reproduce Steps to reproduce the behavior:

  1. Set up a terraform pipeline with two terraform plan invocations with plan publishing
  2. change something in the state / on the infrastructure that causes the output to change but no infrastructure changes for the first plan invocation
  3. change something that causes a real change in the second plan invocation
  4. run the pipeline
  5. Observe that there is a 404 on the plan view and no plans are shown

Sample pipeline output:

2023-03-08T03:13:28.3721191Z state, without changing any real infrastructure.
2023-03-08T03:13:28.3721661Z [33m╷[0m[0m
2023-03-08T03:13:28.3722147Z [33m│[0m [0m[1m[33mWarning: [0m[0m[1mArgument is deprecated[0m
2023-03-08T03:13:28.3722680Z [33m│[0m [0m
2023-03-08T03:13:28.3723278Z [33m│[0m [0m[0m  with module.base.module.logbucket.aws_s3_bucket.public-lb-log-bucket,
2023-03-08T03:13:28.3724119Z [33m│[0m [0m  on .terraform/modules/base.logbucket/aws/elb_log_bucket/S3.tf line 2, in resource "aws_s3_bucket" "public-lb-log-bucket":
2023-03-08T03:13:28.3724890Z [33m│[0m [0m   2: resource "aws_s3_bucket" "public-lb-log-bucket" [4m{[0m[0m
2023-03-08T03:13:28.3725535Z [33m│[0m [0m
2023-03-08T03:13:28.3726099Z [33m│[0m [0mUse the aws_s3_bucket_lifecycle_configuration resource instead
2023-03-08T03:13:28.3726559Z [33m│[0m [0m
2023-03-08T03:13:28.3727062Z [33m│[0m [0m(and 3 more similar warnings elsewhere)
2023-03-08T03:13:28.3727527Z [33m╵[0m[0m
2023-03-08T03:13:28.3727856Z [90m
2023-03-08T03:13:28.3728404Z ─────────────────────────────────────────────────────────────────────────────[0m
2023-03-08T03:13:28.3728536Z 
2023-03-08T03:13:28.3728931Z Saved the plan to: /home/vsts/work/1/s/clients/kantarnebu/kantarnebu.tfplan
2023-03-08T03:13:28.3729144Z 
2023-03-08T03:13:28.3729611Z To perform exactly these actions, run the following command to apply:
2023-03-08T03:13:28.3730041Z     terraform apply "/home/vsts/work/1/s/clients/kantarnebu/kantarnebu.tfplan"
2023-03-08T03:13:28.3731553Z ##[debug]Exit code 2 received from tool '/usr/local/bin/terraform'
2023-03-08T03:13:28.3732440Z ##[debug]STDIO streams have closed for tool '/usr/local/bin/terraform'
2023-03-08T03:13:28.3733187Z ##[debug]set TERRAFORM_PLAN_HAS_CHANGES=true
2023-03-08T03:13:28.3742175Z ##[debug]Processed: ##vso[task.setvariable variable=TERRAFORM_PLAN_HAS_CHANGES;isOutput=false;issecret=false;]true
2023-03-08T03:13:28.3743394Z ##[debug]Publish plan results requested. Parsing plan output first...
2023-03-08T03:13:28.3744422Z ##[debug]publishPlanResults=kantarnebu-stage.planout
2023-03-08T03:13:28.3745153Z ##[debug]workingDirectory=/home/vsts/work/1/s/clients/kantarnebu
2023-03-08T03:13:28.3746049Z ##[debug]publishPlanResults=kantarnebu-stage.planout
2023-03-08T03:13:28.3747051Z ##[debug]Absolute path for pathSegments: /home/vsts/work/1/s/clients/kantarnebu,kantarnebu-stage.planout = /home/vsts/work/1/s/clients/kantarnebu/kantarnebu-stage.planout
2023-03-08T03:13:28.3765771Z ##[debug]Processed: ##vso[task.addattachment type=terraform-plan-results;name=kantarnebu-stage.planout;]/home/vsts/work/1/s/clients/kantarnebu/kantarnebu-stage.planout

Expected behavior

The case where there is no real infrastructure change in the plan should be handled

Screenshots

N/A

Pipeline Logs

See above

Agent Configuration

  • OS: ubuntu
  • Hosted
  • Terraform version used (Default for hosted agent is acceptable)
  • AzureCLI version used (Default for hosted agent is acceptable or N/A)

Additional context

This is very similar to #268

lerlacher-haylix avatar Mar 08 '23 03:03 lerlacher-haylix

This will be resolved by #376 and getting rid of the regex strategy

jason-johnson avatar Dec 07 '24 07:12 jason-johnson