core: Do not persist state after plans #6811
Conversation
|
Pushing this for tests to run - discussing this amongst some HC folk. Stay tuned! 📻 👍 |
phinze
force-pushed
the
f-no-plan-state-persist
branch
2 times, most recently
from
2f5889c
to
d49c34c
Compare
|
If I am understanding this correctly then it seems to be in conflict with #6540, which is assuming that every plan is associated with a specific state. |
|
Good point @apparentlymart - let me re-read that PR and think about the implications and I'll get back to you. |
|
Perhaps it's reasonable to skip updating the state on just a bare Then the no-arguments version can be used as "just try this and see if it even works" (which I often do, and can empathize with the fear of it affecting the state) but when we're making a plan to actually apply, with |
|
That's one approach that might work. I wonder instead if we can embed all that information inside the plan file, and have the apply - after it does its refresh - error if anything is different at that point. I haven't thought through fully whether there is some reason we can't or shouldn't do it this way. If we can, then plan stays side effect free, which is a property that I like! 😁 |
|
The code in that other PR also checks the states for equality as well as serial, but the plan state will not be equal to the persisted state if the refresh changed anything. I think the only way to truly resolve this conflict would be to refresh on apply too, and then fail at that point if the plan state doesn't match. Then the persisted state doesn't actually matter that much. |
This makes the behavior of plans much more predictable, as they no longer potentially have side effects on shared remote state.
phinze
force-pushed
the
f-no-plan-state-persist
branch
from
d49c34c
to
ae73aa2
Compare
phinze
changed the title
|
Just pulled off the WIP here. @apparentlymart I am confident that we can work through the open questions around #6540 and I'm happy to help shepherd that PR in after this lands. |
|
Ping @jen20 for a review before I actually land this. 😄 |
|
I think we might want to make the wording clearer that the "refresh" does not mean the state on disk or the remote state was modified, for the benefit of users of earlier versions of Terraform who may have their expectations challenged, but apart from that this looks great to me. |
Helps make clear to users that refresh only occurs in-memory during plan per @jen20's recommendation
|
This LGTM now! |
|
Can you help me understand the effect of this PR? If you run |
|
@glasser as implemented here, only the effects of applying the plan end up in the state. If something changes during the pre-plan refresh it will not be reflected in the persisted state. It's now necessary to run |
|
Hmm. I get why you'd do that and all the pieces are internally consistent, but it seems like a bit of a shame that "apply" is no longer equivalent to "plan -out p && apply p". |
|
Kinda makes me want a version of apply that just asks me to confirm after printing the plan... |
|
I've been thinking about how the idea of blocking the application of stale plans from #6540 could be supported in conjunction with the change made in this PR. I have a proposal that I think addresses my own concern and addresses the supposed problem of the persisted state getting out of date unless the user explicitly runs My idea is simple: run the
This is then consistent with the idea that The downside is that it will make @phinze what do you think here? I'm happy to take a stab at implementing this but I'd like to hear your take on it first. |
|
I guess my question is, why do people use plan (or specifically, why use plan -out followed by applying the plan)? For me, it's not because I really want to have an on disk record of the applied plan, or because I want to ship it elsewhere for somebody else to use, or because I want to wait hours and do other things with my shell in the middle. It's simply because I want a last chance to double check the reasonableness of the plan before it gets applied. In fact, the requirement to come up with a temporary file name and repeat it in the second command is kind of annoying and I suspect I will one day screw up and pass an old plan to apply. But also, we have lots of resources and running refresh twice would be annoying and slow. Is it feasible to add (with a flag perhaps) a yes/no prompt to apply between printing the plan and executing it? This would solve the overall problem of allowing an "apply" with a chance to check your work without needing to do two refreshes or an explicit refresh command, extend the plan format, or make me run two separate commands with a unique temp file name. Happy to work on a PR if people think it's a good idea. |
|
Here's a PR to address my concern from above: #7251 |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
This makes the behavior of plans much more predictable, as they no
longer potentially have side effects on shared remote state.