cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon terraform-compliance

Invalid plan file when running in docker

Open ghost opened this issue 4 years ago • 9 comments

Description : When running terraform-compliance in docker, terraform executable parameter seems to be ignored therefore I can't run plan that was generated with a terraform version which is not 0.12.25.

To Reproduce

  1. Have 0.12.24 terraform executable
  2. Install terraform-compliance using following command:
$ function terraform-compliance { docker run --rm -v $(pwd):/target -i -t eerkunt/terraform-compliance "$@"; }
  1. Run compliance:
terraform-compliance --teraform ./usr/bin/terraform -f ./tests/terraform-compliance/ -p my-plan

Error is thrown:

Error: Invalid plan file

Failed to read plan from plan file: plan file was created by Terraform
0.12.24, but this is 0.12.25; plan files cannot be transferred between
different Terraform versions.

Expected behavior : Compliance should run.

Tested versions :

  • compliance version 1.2.1
  • terraform version 0.12.24

Additional comments :

  • I have also tested by moving terraform executable to the local directory from which I am running the command, same result.

ghost avatar May 21 '20 20:05 ghost

I will also try to find time tomorrow to check if this is the case when installing terraform-compliance via pip.

ghost avatar May 21 '20 22:05 ghost

Seems to work fine when using pip--I'm seeing the same error but only when running it through Docker on my end.

rudolphjacksonm avatar Jun 02 '20 18:06 rudolphjacksonm

Hello :wave:

The problem is the terraform version that is used within docker container is different than the one that has been used while creating plan.

You should use -t/--terraform to point out the terraform executable that is being used while creating the plan if the versions are different. documentation

The problem here is, if the terraform executable is in your local, docker needs to know it exactly where thus you may need to mount an additional directory to your docker container while doing it.

Also, the Docker container runs a Linux image, if you use a Windows terraform executable, it will fail :(

eerkunt avatar Jun 03 '20 15:06 eerkunt

I have also the same issue, would be good to find a way to find this version discrepancies.

tenderitaf avatar Jun 08 '20 12:06 tenderitaf

It is something that terraform dictates in order to keep everything consistent. There are several ways to achieve what you want ;

  1. You can always download and use the same terraform version the plan has been created and then use -t/--terraform parameter to use that terraform executable with terraform-compliance.
  2. You converted plan.out to plan.out.json via terraform show -json plan.out > plan.out.json with the same terraform version that the plan is created. Then you can use -p plan.out.json instead of plan.out. This will eliminate the need of accessing terraform executable and will just run even you don't have terraform installed.
  3. There is also a docker image provided with terraform-compliance releases. You might want to try that if the terraform version within the image is same with the one with the plan. (I think this is the worst option :) )

eerkunt avatar Jun 24 '20 12:06 eerkunt

You can always download and use the same terraform version the plan has been created and then use -t/--terraform parameter to use that terraform executable with terraform-compliance.

Sorry for late response, when I created an issue I specified the command which I used, I have indeed used --terraform argument to specify the path to terraform executable binary (I'm on macOS). I have also tried copying executable to the local directory from which I was executing command because IIRC that's where docker container mounts the data from, and I still got same error.

I will try to find some time to try this again to verify.

ghost avatar Jun 24 '20 13:06 ghost

Oh ? Then there is a bug about this. Sorry for the misunderstanding, we will have a deeper look on this.

eerkunt avatar Jun 24 '20 14:06 eerkunt

Read the whole issue again, where was my mind ! It was clearly stated that you tried 0.12.24 and it is still failing. 🤦

Looking into this.

eerkunt avatar Jun 24 '20 14:06 eerkunt

Hello @IrmantasM,

Sorry for the late reply on this issue. Along with 1.3.6 terraform-compliance supports auto-detection and downloading of the terraform executable while converting plan files. Is it possible if you can have a try with any version that is higher than 1.3.6 (preferably the latest version)

Apart from that, instead of pushing plan.out file that has been generated via terraform plan, it is better to pass JSON converted format of this plan file via terraform show -json plan.out > plan.out.json and provide plan.out.json to terraform-compliance. That will skip any conversion happening in terraform-compliance and will remove the need of terraform executable.

eerkunt avatar Sep 02 '21 12:09 eerkunt