upstream/terraform
1
0
Fork 0
mirror of https://github.com/hashicorp/terraform.git synced 2026-03-22 18:33:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
terraform/internal/command/apply.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

408 lines
13 KiB
Go
Raw Permalink Normal View History

[COMPLIANCE] Add Copyright and License Headers
2023-05-02 11:33:06 -04:00
// Copyright IBM Corp. 2014, 2026
Update copyright file headers to BUSL-1.1
2023-08-10 18:43:27 -04:00
// SPDX-License-Identifier: BUSL-1.1
[COMPLIANCE] Add Copyright and License Headers
2023-05-02 11:33:06 -04:00
commands: start apply
2014-05-24 15:27:58 -04:00
package command
import (
command/apply: basic implementation
2014-06-18 19:42:13 -04:00
"fmt"
commands: start apply
2014-05-24 15:27:58 -04:00
"strings"
backendrun: Separate the types/etc for backends that support operations We previously had all of the types and helpers for all kinds of backends together in package backend. That kept things relatively simple, but it also meant that the majority of backends that only deal with remote state storage ended up still indirectly depending on the entire Terraform modules runtime, configuration loader, etc, etc, which brings into scope a bunch of external dependencies that the remote state backends don't really need. Since backends that support operations are a rare exception, we'll move the types and helpers for those into a separate package "backendrun", and then the main package backend can have a much more modest set of types and, more importantly, a modest set of dependencies on other packages in this codebase. This is part of an ongoing effort to reduce the exposure of Terraform Core and CLI code to the remote backends and vice-versa, so that in the long run we can more often treat them as separate for dependency maintenance purposes.
2024-03-11 19:27:44 -04:00
"github.com/hashicorp/terraform/internal/backend/backendrun"
Move command/ to internal/command/ This is part of a general effort to move all of Terraform's non-library package surface under internal in order to reinforce that these are for internal use within Terraform only. If you were previously importing packages under this prefix into an external codebase, you could pin to an earlier release tag as an interim solution until you've make a plan to achieve the same functionality some other way.
2021-05-17 15:07:38 -04:00
"github.com/hashicorp/terraform/internal/command/arguments"
"github.com/hashicorp/terraform/internal/command/views"
Move plans/ to internal/plans/ This is part of a general effort to move all of Terraform's non-library package surface under internal in order to reinforce that these are for internal use within Terraform only. If you were previously importing packages under this prefix into an external codebase, you could pin to an earlier release tag as an interim solution until you've make a plan to achieve the same functionality some other way.
2021-05-17 15:33:17 -04:00
"github.com/hashicorp/terraform/internal/plans/planfile"
Move tfdiags/ to internal/tfdiags/ This is part of a general effort to move all of Terraform's non-library package surface under internal in order to reinforce that these are for internal use within Terraform only. If you were previously importing packages under this prefix into an external codebase, you could pin to an earlier release tag as an interim solution until you've make a plan to achieve the same functionality some other way.
2021-05-17 13:11:06 -04:00
"github.com/hashicorp/terraform/internal/tfdiags"
commands: start apply
2014-05-24 15:27:58 -04:00
)
// ApplyCommand is a Command implementation that applies a Terraform
// configuration and actually builds or changes infrastructure.
type ApplyCommand struct {
command: introduce Meta and "-no-color" option
2014-07-12 23:21:46 -04:00
Meta
command/destroy: first steps
2014-10-01 00:49:24 -04:00
// If true, then this apply command will become the "destroy"
// command. It is just like apply but only processes a destroy.
Destroy bool
commands: start apply
2014-05-24 15:27:58 -04:00
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
func (c *ApplyCommand) Run(rawArgs []string) int {
command+backend: generalized "plan mode" So far we've only had "normal mode" and "destroy mode", where the latter is activated either by "terraform plan -destroy" or "terraform destroy". In preparation for introducing a third mode "refresh only" this generalizes how we handle modes so we can potentially deal with an arbitrary number of modes, although for now we only intend to have three. Mostly this is just a different implementation of the same old behavior, but there is one small user-visible difference here: the "terraform apply" command now accepts a -destroy option, mirroring the option of the same name on "terraform plan", which in turn makes "terraform destroy" effectively a shorthand for "terraform apply -destroy". This is intended to make us consistent that "terraform apply" without a plan file argument accepts all of the same plan-customization options that "terraform plan" does, which will in turn avoid us having to add a new alias of "terraform plan" for each new plan mode we might add. The -help output is changed in that vein here, although we'll wait for subsequent commit to make a similar change to the website documentation just so we can deal with the "refresh only mode" docs at the same time.
2021-04-05 19:28:59 -04:00
var diags tfdiags.Diagnostics
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
// Parse and apply global view arguments
common, rawArgs := arguments.ParseView(rawArgs)
c.View.Configure(common)
Clarify legacy Ui comments
2021-10-28 16:27:39 -04:00
// Propagate -no-color for legacy use of Ui. The remote backend and
// cloud package use this; it should be removed when/if they are
// migrated to views.
cli: Fix remote backend UI issues Fix two bugs which surface when using the remote backend: - When migrating to views, we removed the call to `(*Meta).process` which initialized the color boolean. This resulted in the legacy UI calls in the remote backend stripping color codes. To fix this, we populate this boolean from the common arguments. - Remote apply will output the resource summary and output changes, and these are rendered via the remote backend streaming. We need to special case this in the apply command and prevent displaying a zero-change summary line. Neither of these are coverable by automated tests, as we don't have any command-package level testing for the remote backend. Manually verified.
2021-04-16 08:28:33 -04:00
c.Meta.color = !common.NoColor
c.Meta.Color = c.Meta.color
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
// Parse and validate flags
command+backend: generalized "plan mode" So far we've only had "normal mode" and "destroy mode", where the latter is activated either by "terraform plan -destroy" or "terraform destroy". In preparation for introducing a third mode "refresh only" this generalizes how we handle modes so we can potentially deal with an arbitrary number of modes, although for now we only intend to have three. Mostly this is just a different implementation of the same old behavior, but there is one small user-visible difference here: the "terraform apply" command now accepts a -destroy option, mirroring the option of the same name on "terraform plan", which in turn makes "terraform destroy" effectively a shorthand for "terraform apply -destroy". This is intended to make us consistent that "terraform apply" without a plan file argument accepts all of the same plan-customization options that "terraform plan" does, which will in turn avoid us having to add a new alias of "terraform plan" for each new plan mode we might add. The -help output is changed in that vein here, although we'll wait for subsequent commit to make a similar change to the website documentation just so we can deal with the "refresh only mode" docs at the same time.
2021-04-05 19:28:59 -04:00
var args *arguments.Apply
switch {
case c.Destroy:
args, diags = arguments.ParseApplyDestroy(rawArgs)
default:
args, diags = arguments.ParseApply(rawArgs)
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
// Instantiate the view, even if there are flag errors, so that we render
// diagnostics according to the desired view
de-linting
2021-08-31 17:33:26 -04:00
view := views.NewApply(args.ViewType, c.Destroy, c.View)
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
if diags.HasErrors() {
view.Diagnostics(diags)
view.HelpPrompt()
return 1
command/destroy: first steps
2014-10-01 00:49:24 -04:00
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
// Check for user-supplied plugin path
var err error
if c.pluginPath, err = c.loadPluginPath(); err != nil {
diags = diags.Append(err)
view.Diagnostics(diags)
command/apply: basic implementation
2014-06-18 19:42:13 -04:00
return 1
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
// Attempt to load the plan file, if specified
show deprecation warning if -state is used with plan, apply, refresh (#35660) * show deprecation warning if -state is used with plan, apply, refresh * show deprecation warning if -state is used with plan, apply, refresh * updated -state flag check condition * added better diagnostic details view * resolved failed test * updated the content of the -state flag warning
2024-09-05 04:55:37 -04:00
planFile, loadPlanFileDiags := c.LoadPlanFile(args.PlanPath)
diags = diags.Append(loadPlanFileDiags)
cli: Improve error for invalid -target flags Errors encountered when parsing flags for apply, plan, and refresh were being suppressed. This resulted in a generic usage error when using an invalid `-target` flag. This commit makes several changes to address this. First, these commands now output the flag parse error before exiting, leaving at least some hint about the error. You can verify this manually with something like: terraform apply -invalid-flag We also change how target attributes are parsed, moving the responsibility from the flags instance to the command. This allows us to customize the diagnostic output to be more user friendly. The diagnostics now look like: ```shellsession $ terraform apply -no-color -target=foo Error: Invalid target "foo" Resource specification must include a resource type and name. ``` Finally, we add test coverage for both parsing of target flags, and at the command level for successful use of resource targeting. These tests focus on the UI output (via the change summary and refresh logs), as the functionality of targeting is covered by the context tests in the terraform package.
2021-02-08 13:29:42 -05:00
if diags.HasErrors() {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
view.Diagnostics(diags)
return 1
}
// FIXME: the -input flag value is needed to initialize the backend and the
// operation, but there is no clear path to pass this value down, so we
// continue to mutate the Meta object state for now.
c.Meta.input = args.InputEnabled
// FIXME: the -parallelism flag is used to control the concurrency of
// Terraform operations. At the moment, this value is used both to
// initialize the backend via the ContextOpts field inside CLIOpts, and to
// set a largely unused field on the Operation request. Again, there is no
// clear path to pass this value down, so we continue to mutate the Meta
// object state for now.
c.Meta.parallelism = args.Operation.Parallelism
// Prepare the backend, passing the plan file if present, and the
// backend-specific arguments
Fix for no json output of state locking actions for --json flag (#32451) * Add viewType to Meta object and use it at the call sites * Assign viewType passed from flags to state-locking cli commands * Remove temp files * Set correct mode for statelocker depending on json flag passed to commands * Add StateLocker interface conformation check for StateLockerJSON * Remove empty line at end of comment * Pass correct ViewType to StateLocker from Backend call chain * Pass viewType to backend migration and initialization functions * Remove json processing info in process comment * Restore documentation style of backendMigrateOpts
2023-02-07 03:06:12 -05:00
be, beDiags := c.PrepareBackend(planFile, args.State, args.ViewType)
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
diags = diags.Append(beDiags)
if diags.HasErrors() {
view.Diagnostics(diags)
return 1
cli: Remove legacy positional path arguments Several commands continued to support the legacy positional path argument to specify a working directory. This functionality has been replaced with the global -chdir flag, which is specified before any other arguments, including the sub-command name. This commit removes support for the trailing path parameter from most commands. The only command which still supports a path argument is fmt, which also supports "-" to indicate receiving configuration from standard input. Any invocation of a command with an invalid trailing path parameter will result in a short error message, pointing at the -chdir alternative. There are many test updates in this commit, almost all of which are migrations from using positional arguments to specify a working directory. Because of the layer at which these tests run, we are unable to use the -chdir argument, so the churn in test files is larger than ideal. Sorry!
2021-02-02 10:35:45 -05:00
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
// Build the operation request
Fix for no json output of state locking actions for --json flag (#32451) * Add viewType to Meta object and use it at the call sites * Assign viewType passed from flags to state-locking cli commands * Remove temp files * Set correct mode for statelocker depending on json flag passed to commands * Add StateLocker interface conformation check for StateLockerJSON * Remove empty line at end of comment * Pass correct ViewType to StateLocker from Backend call chain * Pass viewType to backend migration and initialization functions * Remove json processing info in process comment * Restore documentation style of backendMigrateOpts
2023-02-07 03:06:12 -05:00
opReq, opDiags := c.OperationRequest(be, view, args.ViewType, planFile, args.Operation, args.AutoApprove)
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
diags = diags.Append(opDiags)
Catch a missing err check in apply command Plan and refresh already had this, but apply would deref a nil opReq and panic.
2024-04-03 17:39:40 -04:00
if diags.HasErrors() {
view.Diagnostics(diags)
return 1
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
// Collect variable value and add them to the operation request
use centralized arguments collection in apply
2026-02-17 09:45:17 -05:00
var varDiags tfdiags.Diagnostics
opReq.Variables, varDiags = args.Vars.CollectValues(func(filename string, src []byte) {
use pre-existing loaders where possible
2026-02-18 04:15:03 -05:00
opReq.ConfigLoader.Parser().ForceFileSource(filename, src)
use centralized arguments collection in apply
2026-02-17 09:45:17 -05:00
})
diags = diags.Append(varDiags)
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
// Before we delegate to the backend, we'll print any warning diagnostics
// we've accumulated here, since the backend will start fresh with its own
// diagnostics.
view.Diagnostics(diags)
if diags.HasErrors() {
return 1
}
diags = nil
// Run the operation
op, err := c.RunOperation(be, opReq)
command: convert to use backends
2017-01-18 23:50:45 -05:00
if err != nil {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
diags = diags.Append(err)
view.Diagnostics(diags)
command/apply: basic implementation
2014-06-18 19:42:13 -04:00
return 1
}
backendrun: Separate the types/etc for backends that support operations We previously had all of the types and helpers for all kinds of backends together in package backend. That kept things relatively simple, but it also meant that the majority of backends that only deal with remote state storage ended up still indirectly depending on the entire Terraform modules runtime, configuration loader, etc, etc, which brings into scope a bunch of external dependencies that the remote state backends don't really need. Since backends that support operations are a rare exception, we'll move the types and helpers for those into a separate package "backendrun", and then the main package backend can have a much more modest set of types and, more importantly, a modest set of dependencies on other packages in this codebase. This is part of an ongoing effort to reduce the exposure of Terraform Core and CLI code to the remote backends and vice-versa, so that in the long run we can more often treat them as separate for dependency maintenance purposes.
2024-03-11 19:27:44 -04:00
if op.Result != backendrun.OperationSuccess {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return op.Result.ExitStatus()
}
command: Adjust skipping of resource counts for any remote implementation When using the Terraform Cloud integration - like the 'remote' backend - resource count output should be suppressed if those counts are being rendered remotely. This generalizes this to the shared BackendWithRemoteTerraformVersion interface.
2021-10-29 22:23:28 -04:00
// Render the resource count and outputs, unless those counts are being
// rendered already in a remote Terraform process.
if rb, isRemoteBackend := be.(BackendWithRemoteTerraformVersion); !isRemoteBackend || rb.IsLocalOperations() {
cli: Fix remote backend UI issues Fix two bugs which surface when using the remote backend: - When migrating to views, we removed the call to `(*Meta).process` which initialized the color boolean. This resulted in the legacy UI calls in the remote backend stripping color codes. To fix this, we populate this boolean from the common arguments. - Remote apply will output the resource summary and output changes, and these are rendered via the remote backend streaming. We need to special case this in the apply command and prevent displaying a zero-change summary line. Neither of these are coverable by automated tests, as we don't have any command-package level testing for the remote backend. Manually verified.
2021-04-16 08:28:33 -04:00
view.ResourceCount(args.State.StateOutPath)
if !c.Destroy && op.State != nil {
states: Only track root module output values For a very long time we've had an annoying discrepancy between the in-memory state model and our state snapshot format where the in-memory format stores output values for all modules whereas the snapshot format only tracks the root module output values because those are all we actually need to preserve between runs. That design wart was a result of us using the state both as an internal and an external artifact, due to having nowhere else to store the transient values of non-root module output values while Terraform Core does its work. We now have namedvals.State to internally track all of the throwaway results from named values that don't need to persist between runs, so now we'll use that for our internal work instead and reserve the states.State model only for the data that we will preserve between runs in state snapshots. The namedvals internal model isn't really designed to support enumerating all of the output values for a particular module call, but our expression evaluator currently depends on being able to do that and so we have a temporary inefficient implementation of that which just scans the entire table of values as a stopgap just to avoid this commit growing even larger than it already is. In a future commit we'll rework the evaluator to support the PartialEval mode and at the same time move the responsiblity for enumerating all of the output values into the evaluator itself, since it should be able to determine what it's expecting by analyzing the configuration rather than just by trusting that earlier evaluation has completed correctly. Because our legacy state string serialization previously included output values for all modules, some of our context tests were accidentally depending on the implementation detail of how those got stored internally. Those tests are updated here to test only the data that is a real part of Terraform Core's result, by ensuring that the relevant data appears somewhere either in a root output value or in a resource attribute.
2023-03-09 22:26:49 -05:00
view.Outputs(op.State.RootOutputValues)
cli: Fix remote backend UI issues Fix two bugs which surface when using the remote backend: - When migrating to views, we removed the call to `(*Meta).process` which initialized the color boolean. This resulted in the legacy UI calls in the remote backend stripping color codes. To fix this, we populate this boolean from the common arguments. - Remote apply will output the resource summary and output changes, and these are rendered via the remote backend streaming. We need to special case this in the apply command and prevent displaying a zero-change summary line. Neither of these are coverable by automated tests, as we don't have any command-package level testing for the remote backend. Manually verified.
2021-04-16 08:28:33 -04:00
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
}
view.Diagnostics(diags)
if diags.HasErrors() {
Add plugin dir scaffolding add pluginDir to command.Meta, the flag to initialize it, and the methods to save and restore it.
2017-06-15 14:26:12 -04:00
return 1
}
command/apply: allow `terraform apply SOURCE` as shortcut for init
2014-09-29 18:55:28 -04:00
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return 0
}
Apply a confirmable run when given a saved cloud plan (#33270) It displays a run header with link to web UI, like starting a new plan does, then confirms the run and streams the apply logs. If you can't apply the run (it's from a different workspace, is in an unconfirmable state, etc. etc.), it displays an error instead. Notable points along the way: * Implement `WrappedPlanFile` sum type, and update planfile consumers to use it instead of a plain `planfile.Reader`. * Enable applying a saved cloud plan * Update TFC mocks — add org name to workspace, and minimal support for includes on MockRuns.ReadWithOptions.
2023-06-20 22:06:18 -04:00
func (c *ApplyCommand) LoadPlanFile(path string) (*planfile.WrappedPlanFile, tfdiags.Diagnostics) {
var planFile *planfile.WrappedPlanFile
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
var diags tfdiags.Diagnostics
// Try to load plan if path is specified
if path != "" {
var err error
planFile, err = c.PlanFile(path)
cli: Remove legacy positional path arguments Several commands continued to support the legacy positional path argument to specify a working directory. This functionality has been replaced with the global -chdir flag, which is specified before any other arguments, including the sub-command name. This commit removes support for the trailing path parameter from most commands. The only command which still supports a path argument is fmt, which also supports "-" to indicate receiving configuration from standard input. Any invocation of a command with an invalid trailing path parameter will result in a short error message, pointing at the -chdir alternative. There are many test updates in this commit, almost all of which are migrations from using positional arguments to specify a working directory. Because of the layer at which these tests run, we are unable to use the -chdir argument, so the churn in test files is larger than ideal. Sorry!
2021-02-02 10:35:45 -05:00
if err != nil {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
diags = diags.Append(tfdiags.Sourceless(
tfdiags.Error,
fmt.Sprintf("Failed to load %q as a plan file", path),
fmt.Sprintf("Error: %s", err),
))
return nil, diags
cli: Remove legacy positional path arguments Several commands continued to support the legacy positional path argument to specify a working directory. This functionality has been replaced with the global -chdir flag, which is specified before any other arguments, including the sub-command name. This commit removes support for the trailing path parameter from most commands. The only command which still supports a path argument is fmt, which also supports "-" to indicate receiving configuration from standard input. Any invocation of a command with an invalid trailing path parameter will result in a short error message, pointing at the -chdir alternative. There are many test updates in this commit, almost all of which are migrations from using positional arguments to specify a working directory. Because of the layer at which these tests run, we are unable to use the -chdir argument, so the churn in test files is larger than ideal. Sorry!
2021-02-02 10:35:45 -05:00
}
cli: Better diagnostics for apply positional args The previous changes removing support for using the trailing positional argument as a working directory missed a spot in the apply/destroy command implementation. We still support this argument for applying a saved plan: terraform apply foo.tfplan However, if you pass a positional path which doesn't "look like" a plan (for example, the path to a configuration directory), Terraform would silently ignore it and continue. This commit fixes that by adding an error message if the user specifies a path which the plan loader rejects as not "looking like" a plan. This message includes a reference to the `-chdir` flag as a pointer about what to do next. We also rearrange the error message when calling `terraform destroy` with a plan file argument, and add test coverage for the above. While we're here, update the destroy tests to copy the fixture directory, chdir, and defer cleanup.
2021-02-03 14:10:14 -05:00
// If the path doesn't look like a plan, both planFile and err will be
// nil. In that case, the user is probably trying to use the positional
// argument to specify a configuration path. Point them at -chdir.
if planFile == nil {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
diags = diags.Append(tfdiags.Sourceless(
tfdiags.Error,
fmt.Sprintf("Failed to load %q as a plan file", path),
"The specified path is a directory, not a plan file. You can use the global -chdir flag to use this directory as the configuration root.",
))
return nil, diags
cli: Better diagnostics for apply positional args The previous changes removing support for using the trailing positional argument as a working directory missed a spot in the apply/destroy command implementation. We still support this argument for applying a saved plan: terraform apply foo.tfplan However, if you pass a positional path which doesn't "look like" a plan (for example, the path to a configuration directory), Terraform would silently ignore it and continue. This commit fixes that by adding an error message if the user specifies a path which the plan loader rejects as not "looking like" a plan. This message includes a reference to the `-chdir` flag as a pointer about what to do next. We also rearrange the error message when calling `terraform destroy` with a plan file argument, and add test coverage for the above. While we're here, update the destroy tests to copy the fixture directory, chdir, and defer cleanup.
2021-02-03 14:10:14 -05:00
}
// If we successfully loaded a plan but this is a destroy operation,
// explain that this is not supported.
if c.Destroy {
command: Don't allow -var and -var-file when applying saved plan This reinstates an old behavior that was lost in the reorganization of how we deal with the -var and -var-file options. This fix is verified by TestApply_planVars now passing.
2018-10-16 10:47:32 -04:00
diags = diags.Append(tfdiags.Sourceless(
tfdiags.Error,
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
"Destroy can't be called with a plan file",
fmt.Sprintf("If this plan was created using plan -destroy, apply it using:\n terraform apply %q", path),
command: Don't allow -var and -var-file when applying saved plan This reinstates an old behavior that was lost in the reorganization of how we deal with the -var and -var-file options. This fix is verified by TestApply_planVars now passing.
2018-10-16 10:47:32 -04:00
))
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return nil, diags
command: Don't allow -var and -var-file when applying saved plan This reinstates an old behavior that was lost in the reorganization of how we deal with the -var and -var-file options. This fix is verified by TestApply_planVars now passing.
2018-10-16 10:47:32 -04:00
}
}
command: validate config as part of loading it Previously we required callers to separately call .Validate on the root module to determine if there were any value errors, but we did that inconsistently and would thus see crashes in some cases where later code would try to use invalid configuration as if it were valid. Now we run .Validate automatically after config loading, returning the resulting diagnostics. Since we return a diagnostics here, it's possible to return both warnings and errors. We return the loaded module even if it's invalid, so callers are free to ignore returned errors and try to work with the config anyway, though they will need to be defensive against invalid configuration themselves in that case. As a result of this, all of the commands that load configuration now need to use diagnostic printing to signal errors. For the moment this just allows us to return potentially-multiple config errors/warnings in full fidelity, but also sets us up for later when more subsystems are able to produce rich diagnostics so we can show them all together. Finally, this commit also removes some stale, commented-out code for the "legacy" (pre-0.8) graph implementation, which has not been available for some time.
2017-12-06 19:41:48 -05:00
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return planFile, diags
}
backendrun: Separate the types/etc for backends that support operations We previously had all of the types and helpers for all kinds of backends together in package backend. That kept things relatively simple, but it also meant that the majority of backends that only deal with remote state storage ended up still indirectly depending on the entire Terraform modules runtime, configuration loader, etc, etc, which brings into scope a bunch of external dependencies that the remote state backends don't really need. Since backends that support operations are a rare exception, we'll move the types and helpers for those into a separate package "backendrun", and then the main package backend can have a much more modest set of types and, more importantly, a modest set of dependencies on other packages in this codebase. This is part of an ongoing effort to reduce the exposure of Terraform Core and CLI code to the remote backends and vice-versa, so that in the long run we can more often treat them as separate for dependency maintenance purposes.
2024-03-11 19:27:44 -04:00
func (c *ApplyCommand) PrepareBackend(planFile *planfile.WrappedPlanFile, args *arguments.State, viewType arguments.ViewType) (backendrun.OperationsBackend, tfdiags.Diagnostics) {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
var diags tfdiags.Diagnostics
// FIXME: we need to apply the state arguments to the meta object here
// because they are later used when initializing the backend. Carving a
// path to pass these arguments to the functions that need them is
// difficult but would make their use easier to understand.
c.Meta.applyStateArguments(args)
cli: Move resource count code to command package CountHook is an implementation of terraform.Hook which is used to calculate how many resources were added, changed, or destroyed during an apply. This hook was previously injected in the local backend code, which means that the apply command code has no access to these counts. This commit moves the CountHook code into the command package, and removes an unused instance of the hook in the plan code path. The goal here is moving UI code into the command package.
2021-01-29 14:39:06 -05:00
terraform: Ugly huge change to weave in new State and Plan types Due to how often the state and plan types are referenced throughout Terraform, there isn't a great way to switch them out gradually. As a consequence, this huge commit gets us from the old world to a _compilable_ new world, but still has a large number of known test failures due to key functionality being stubbed out. The stubs here are for anything that interacts with providers, since we now need to do the follow-up work to similarly replace the old terraform.ResourceProvider interface with its replacement in the new "providers" package. That work, along with work to fix the remaining failing tests, will follow in subsequent commits. The aim here was to replace all references to terraform.State and its downstream types with states.State, terraform.Plan with plans.Plan, state.State with statemgr.State, and switch to the new implementations of the state and plan file formats. However, due to the number of times those types are used, this also ended up affecting numerous other parts of core such as terraform.Hook, the backend.Backend interface, and most of the CLI commands. Just as with 5861dbf3fc49b19587a31816eb06f511ab861bb4 before, I apologize in advance to the person who inevitably just found this huge commit while spelunking through the commit history.
2018-08-14 17:24:45 -04:00
// Load the backend
backendrun: Separate the types/etc for backends that support operations We previously had all of the types and helpers for all kinds of backends together in package backend. That kept things relatively simple, but it also meant that the majority of backends that only deal with remote state storage ended up still indirectly depending on the entire Terraform modules runtime, configuration loader, etc, etc, which brings into scope a bunch of external dependencies that the remote state backends don't really need. Since backends that support operations are a rare exception, we'll move the types and helpers for those into a separate package "backendrun", and then the main package backend can have a much more modest set of types and, more importantly, a modest set of dependencies on other packages in this codebase. This is part of an ongoing effort to reduce the exposure of Terraform Core and CLI code to the remote backends and vice-versa, so that in the long run we can more often treat them as separate for dependency maintenance purposes.
2024-03-11 19:27:44 -04:00
var be backendrun.OperationsBackend
terraform: Ugly huge change to weave in new State and Plan types Due to how often the state and plan types are referenced throughout Terraform, there isn't a great way to switch them out gradually. As a consequence, this huge commit gets us from the old world to a _compilable_ new world, but still has a large number of known test failures due to key functionality being stubbed out. The stubs here are for anything that interacts with providers, since we now need to do the follow-up work to similarly replace the old terraform.ResourceProvider interface with its replacement in the new "providers" package. That work, along with work to fix the remaining failing tests, will follow in subsequent commits. The aim here was to replace all references to terraform.State and its downstream types with states.State, terraform.Plan with plans.Plan, state.State with statemgr.State, and switch to the new implementations of the state and plan file formats. However, due to the number of times those types are used, this also ended up affecting numerous other parts of core such as terraform.Hook, the backend.Backend interface, and most of the CLI commands. Just as with 5861dbf3fc49b19587a31816eb06f511ab861bb4 before, I apologize in advance to the person who inevitably just found this huge commit while spelunking through the commit history.
2018-08-14 17:24:45 -04:00
var beDiags tfdiags.Diagnostics
Apply a confirmable run when given a saved cloud plan (#33270) It displays a run header with link to web UI, like starting a new plan does, then confirms the run and streams the apply logs. If you can't apply the run (it's from a different workspace, is in an unconfirmable state, etc. etc.), it displays an error instead. Notable points along the way: * Implement `WrappedPlanFile` sum type, and update planfile consumers to use it instead of a plain `planfile.Reader`. * Enable applying a saved cloud plan * Update TFC mocks — add org name to workspace, and minimal support for includes on MockRuns.ReadWithOptions.
2023-06-20 22:06:18 -04:00
if lp, ok := planFile.Local(); ok {
plan, err := lp.ReadPlan()
terraform: Ugly huge change to weave in new State and Plan types Due to how often the state and plan types are referenced throughout Terraform, there isn't a great way to switch them out gradually. As a consequence, this huge commit gets us from the old world to a _compilable_ new world, but still has a large number of known test failures due to key functionality being stubbed out. The stubs here are for anything that interacts with providers, since we now need to do the follow-up work to similarly replace the old terraform.ResourceProvider interface with its replacement in the new "providers" package. That work, along with work to fix the remaining failing tests, will follow in subsequent commits. The aim here was to replace all references to terraform.State and its downstream types with states.State, terraform.Plan with plans.Plan, state.State with statemgr.State, and switch to the new implementations of the state and plan file formats. However, due to the number of times those types are used, this also ended up affecting numerous other parts of core such as terraform.Hook, the backend.Backend interface, and most of the CLI commands. Just as with 5861dbf3fc49b19587a31816eb06f511ab861bb4 before, I apologize in advance to the person who inevitably just found this huge commit while spelunking through the commit history.
2018-08-14 17:24:45 -04:00
if err != nil {
diags = diags.Append(tfdiags.Sourceless(
tfdiags.Error,
"Failed to read plan from plan file",
fmt.Sprintf("Cannot read the plan from the given plan file: %s.", err),
))
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return nil, diags
command: Allow tests to run to completion without panics or hangs There are still 160 test failures as of this commit, but at least the test program can run to completion and list out all the failures.
2018-09-30 12:29:51 -04:00
}
PSS: Allow pluggable state store configuration to be read from a plan file (#37957) * feat: Allow reading state store configuration from a planfile and using it to prepare a Local backend that uses the state store * test: Assert that we can get and use state store configuration from a plan file * test: Add integration test showing that an apply command can use a plan file to configure and use a state store * test: Add E2E test showing pluggable state storage being used with the full init-plan-apply workflow * feat: A plan file will report the state storage provider among its required providers, if PSS is in use. See the code comment added in this commit. This addition does not impact an apply command as the missing provider will be detected before this code is executed. However I'm making this change so that the method is still accurate is being able to return a complete list of providers needed by the plan. * fix: Include error messages when there is a problem parsing provider or state store config when getting a backend from a planfile * feat: Add trace logs to BackendForLocalPlan indicating when the provider is launched and the state store is configured * chore: Small grammar change in error diagnostic * refactor: Remove suggestions when the plan's state store doesn't match the implementations in the provider * test: Add test coverage of what happens when the contents of a plan file using PSS doesn't match the resources available in the project
2025-12-18 06:49:31 -05:00
if plan.Backend == nil && plan.StateStore == nil {
command: Allow tests to run to completion without panics or hangs There are still 160 test failures as of this commit, but at least the test program can run to completion and list out all the failures.
2018-09-30 12:29:51 -04:00
// Should never happen; always indicates a bug in the creation of the plan file
diags = diags.Append(tfdiags.Sourceless(
tfdiags.Error,
"Failed to read plan from plan file",
PSS: Allow pluggable state store configuration to be read from a plan file (#37957) * feat: Allow reading state store configuration from a planfile and using it to prepare a Local backend that uses the state store * test: Assert that we can get and use state store configuration from a plan file * test: Add integration test showing that an apply command can use a plan file to configure and use a state store * test: Add E2E test showing pluggable state storage being used with the full init-plan-apply workflow * feat: A plan file will report the state storage provider among its required providers, if PSS is in use. See the code comment added in this commit. This addition does not impact an apply command as the missing provider will be detected before this code is executed. However I'm making this change so that the method is still accurate is being able to return a complete list of providers needed by the plan. * fix: Include error messages when there is a problem parsing provider or state store config when getting a backend from a planfile * feat: Add trace logs to BackendForLocalPlan indicating when the provider is launched and the state store is configured * chore: Small grammar change in error diagnostic * refactor: Remove suggestions when the plan's state store doesn't match the implementations in the provider * test: Add test coverage of what happens when the contents of a plan file using PSS doesn't match the resources available in the project
2025-12-18 06:49:31 -05:00
"The given plan file has neither a valid backend nor state store configuration. This is a bug in the Terraform command that generated this plan file.",
command: Allow tests to run to completion without panics or hangs There are still 160 test failures as of this commit, but at least the test program can run to completion and list out all the failures.
2018-09-30 12:29:51 -04:00
))
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return nil, diags
terraform: Ugly huge change to weave in new State and Plan types Due to how often the state and plan types are referenced throughout Terraform, there isn't a great way to switch them out gradually. As a consequence, this huge commit gets us from the old world to a _compilable_ new world, but still has a large number of known test failures due to key functionality being stubbed out. The stubs here are for anything that interacts with providers, since we now need to do the follow-up work to similarly replace the old terraform.ResourceProvider interface with its replacement in the new "providers" package. That work, along with work to fix the remaining failing tests, will follow in subsequent commits. The aim here was to replace all references to terraform.State and its downstream types with states.State, terraform.Plan with plans.Plan, state.State with statemgr.State, and switch to the new implementations of the state and plan file formats. However, due to the number of times those types are used, this also ended up affecting numerous other parts of core such as terraform.Hook, the backend.Backend interface, and most of the CLI commands. Just as with 5861dbf3fc49b19587a31816eb06f511ab861bb4 before, I apologize in advance to the person who inevitably just found this huge commit while spelunking through the commit history.
2018-08-14 17:24:45 -04:00
}
PSS: Allow pluggable state store configuration to be read from a plan file (#37957) * feat: Allow reading state store configuration from a planfile and using it to prepare a Local backend that uses the state store * test: Assert that we can get and use state store configuration from a plan file * test: Add integration test showing that an apply command can use a plan file to configure and use a state store * test: Add E2E test showing pluggable state storage being used with the full init-plan-apply workflow * feat: A plan file will report the state storage provider among its required providers, if PSS is in use. See the code comment added in this commit. This addition does not impact an apply command as the missing provider will be detected before this code is executed. However I'm making this change so that the method is still accurate is being able to return a complete list of providers needed by the plan. * fix: Include error messages when there is a problem parsing provider or state store config when getting a backend from a planfile * feat: Add trace logs to BackendForLocalPlan indicating when the provider is launched and the state store is configured * chore: Small grammar change in error diagnostic * refactor: Remove suggestions when the plan's state store doesn't match the implementations in the provider * test: Add test coverage of what happens when the contents of a plan file using PSS doesn't match the resources available in the project
2025-12-18 06:49:31 -05:00
be, beDiags = c.BackendForLocalPlan(plan)
Apply a confirmable run when given a saved cloud plan (#33270) It displays a run header with link to web UI, like starting a new plan does, then confirms the run and streams the apply logs. If you can't apply the run (it's from a different workspace, is in an unconfirmable state, etc. etc.), it displays an error instead. Notable points along the way: * Implement `WrappedPlanFile` sum type, and update planfile consumers to use it instead of a plain `planfile.Reader`. * Enable applying a saved cloud plan * Update TFC mocks — add org name to workspace, and minimal support for includes on MockRuns.ReadWithOptions.
2023-06-20 22:06:18 -04:00
} else {
PSS: Update how commands access backends, so both `backend` and `state_store` configuration can be used (#37569) * Add a generic method for loading an operations backend in non-init commands * Refactor commands to use new prepareBackend method: group 1 * Refactor commands to use new prepareBackend method: group 2, where config parsing needs to be explicitly added * Refactor commands to use new prepareBackend method: group 3, where we can use already parsed config * Additional, more nested, places where logic for accessing backends needs to be refactored * Remove duplicated comment * Add test coverage of `(m *Meta) prepareBackend()` * Add TODO related to using plans for backend/state_store config in apply commands * Add `testStateStoreMockWithChunkNegotiation` test helper * Add assertions to tests about the backend (remote-state, local, etc) in use within operations backend * Stop prepareBackend taking locks as argument * Code comment in prepareBackend * Replace c.Meta.prepareBackend with c.prepareBackend * Change `c.Meta.loadSingleModule` to `c.loadSingleModule` * Rename (Meta).prepareBackend to (Meta).backend, update godoc comment to make relationship to (Meta).Backend more obvious. * Revert change from config.Module to config.Root.Module * Update `(m *Meta) backend` method to parse config itself, and also to adhere to calling code's viewtype instructions * Update all tests and calling code following previous commit * Change how an operations backend is obtained by autocomplete code * Update autocomplete to return nil if no workspace names are returned from the backend * Add test coverage for autocompleting workspace names when using a pluggable state store * Fix output command: pass view type data to new `backend` method * Fix in plan command: pass correct view type to `backend` method * Fix `providers schema` command to use correct viewtype when preparing a backend
2025-11-03 12:57:20 -05:00
// Load the backend
//
// Note: Both new plans and saved cloud plans load their backend from config,
// hence the config parsing in the method below.
be, beDiags = c.backend(".", viewType)
terraform: Ugly huge change to weave in new State and Plan types Due to how often the state and plan types are referenced throughout Terraform, there isn't a great way to switch them out gradually. As a consequence, this huge commit gets us from the old world to a _compilable_ new world, but still has a large number of known test failures due to key functionality being stubbed out. The stubs here are for anything that interacts with providers, since we now need to do the follow-up work to similarly replace the old terraform.ResourceProvider interface with its replacement in the new "providers" package. That work, along with work to fix the remaining failing tests, will follow in subsequent commits. The aim here was to replace all references to terraform.State and its downstream types with states.State, terraform.Plan with plans.Plan, state.State with statemgr.State, and switch to the new implementations of the state and plan file formats. However, due to the number of times those types are used, this also ended up affecting numerous other parts of core such as terraform.Hook, the backend.Backend interface, and most of the CLI commands. Just as with 5861dbf3fc49b19587a31816eb06f511ab861bb4 before, I apologize in advance to the person who inevitably just found this huge commit while spelunking through the commit history.
2018-08-14 17:24:45 -04:00
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
command: Various updates for the new backend package API This is a rather-messy, complex change to get the "command" package building again against the new backend API that was updated for the new configuration loader. A lot of this is mechanical rewriting to the new API, but meta_config.go and meta_backend.go in particular saw some major changes to interface with the new loader APIs and to deal with the change in order of steps in the backend API.
2018-03-27 18:31:05 -04:00
diags = diags.Append(beDiags)
if beDiags.HasErrors() {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return nil, diags
command: convert to use backends
2017-01-18 23:50:45 -05:00
}
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return be, diags
}
cli: Fix overly broad auto-approve argument The auto-approve argument was part of the arguments.Operation type, which resulted in adding a silent -auto-approve flag to plan and refresh. This was unintended, and is fixed in this commit by moving the flag to the arguments.Apply type and updating the downstream callers.
2021-02-23 10:03:15 -05:00
func (c *ApplyCommand) OperationRequest(
backendrun: Separate the types/etc for backends that support operations We previously had all of the types and helpers for all kinds of backends together in package backend. That kept things relatively simple, but it also meant that the majority of backends that only deal with remote state storage ended up still indirectly depending on the entire Terraform modules runtime, configuration loader, etc, etc, which brings into scope a bunch of external dependencies that the remote state backends don't really need. Since backends that support operations are a rare exception, we'll move the types and helpers for those into a separate package "backendrun", and then the main package backend can have a much more modest set of types and, more importantly, a modest set of dependencies on other packages in this codebase. This is part of an ongoing effort to reduce the exposure of Terraform Core and CLI code to the remote backends and vice-versa, so that in the long run we can more often treat them as separate for dependency maintenance purposes.
2024-03-11 19:27:44 -04:00
be backendrun.OperationsBackend,
cli: Fix overly broad auto-approve argument The auto-approve argument was part of the arguments.Operation type, which resulted in adding a silent -auto-approve flag to plan and refresh. This was unintended, and is fixed in this commit by moving the flag to the arguments.Apply type and updating the downstream callers.
2021-02-23 10:03:15 -05:00
view views.Apply,
Fix for no json output of state locking actions for --json flag (#32451) * Add viewType to Meta object and use it at the call sites * Assign viewType passed from flags to state-locking cli commands * Remove temp files * Set correct mode for statelocker depending on json flag passed to commands * Add StateLocker interface conformation check for StateLockerJSON * Remove empty line at end of comment * Pass correct ViewType to StateLocker from Backend call chain * Pass viewType to backend migration and initialization functions * Remove json processing info in process comment * Restore documentation style of backendMigrateOpts
2023-02-07 03:06:12 -05:00
viewType arguments.ViewType,
Apply a confirmable run when given a saved cloud plan (#33270) It displays a run header with link to web UI, like starting a new plan does, then confirms the run and streams the apply logs. If you can't apply the run (it's from a different workspace, is in an unconfirmable state, etc. etc.), it displays an error instead. Notable points along the way: * Implement `WrappedPlanFile` sum type, and update planfile consumers to use it instead of a plain `planfile.Reader`. * Enable applying a saved cloud plan * Update TFC mocks — add org name to workspace, and minimal support for includes on MockRuns.ReadWithOptions.
2023-06-20 22:06:18 -04:00
planFile *planfile.WrappedPlanFile,
cli: Fix overly broad auto-approve argument The auto-approve argument was part of the arguments.Operation type, which resulted in adding a silent -auto-approve flag to plan and refresh. This was unintended, and is fixed in this commit by moving the flag to the arguments.Apply type and updating the downstream callers.
2021-02-23 10:03:15 -05:00
args *arguments.Operation,
autoApprove bool,
backendrun: Separate the types/etc for backends that support operations We previously had all of the types and helpers for all kinds of backends together in package backend. That kept things relatively simple, but it also meant that the majority of backends that only deal with remote state storage ended up still indirectly depending on the entire Terraform modules runtime, configuration loader, etc, etc, which brings into scope a bunch of external dependencies that the remote state backends don't really need. Since backends that support operations are a rare exception, we'll move the types and helpers for those into a separate package "backendrun", and then the main package backend can have a much more modest set of types and, more importantly, a modest set of dependencies on other packages in this codebase. This is part of an ongoing effort to reduce the exposure of Terraform Core and CLI code to the remote backends and vice-versa, so that in the long run we can more often treat them as separate for dependency maintenance purposes.
2024-03-11 19:27:44 -04:00
) (*backendrun.Operation, tfdiags.Diagnostics) {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
var diags tfdiags.Diagnostics
command: convert to use backends
2017-01-18 23:50:45 -05:00
command/cliconfig: Allow development overrides for providers For normal provider installation we want to associate each provider with a selected version number and find a suitable package for that version that conforms to the official hashes for that release. Those requirements are very onerous for a provider developer currently testing a not-yet-released build, though. To allow for that case this new CLI configuration feature allows overriding specific providers to refer to give local filesystem directories. Any provider overridden in this way is not subject to the usual restrictions about selected versions or checksum conformance, and activating an override won't cause any changes to the selections recorded in the lock file because it's intended to be a temporary setting for one developer only. This is, in a sense, a spiritual successor of an old capability we had to override specific plugins in the CLI configuration file. There were some vestiges of that left in the main package and CLI config package but nothing has actually been honoring them for several versions now and so this commit removes them to avoid confusion with the new mechanism.
2020-10-14 21:00:23 -04:00
// Applying changes with dev overrides in effect could make it impossible
// to switch back to a release version if the schema isn't compatible,
// so we'll warn about it.
fix: check for local operations, separate warning for remote execution
2024-03-04 10:34:13 -05:00
b, isRemoteBackend := be.(BackendWithRemoteTerraformVersion)
if isRemoteBackend && !b.IsLocalOperations() {
diags = diags.Append(c.providerDevOverrideRuntimeWarningsRemoteExecution())
} else {
diags = diags.Append(c.providerDevOverrideRuntimeWarnings())
}
command/cliconfig: Allow development overrides for providers For normal provider installation we want to associate each provider with a selected version number and find a suitable package for that version that conforms to the official hashes for that release. Those requirements are very onerous for a provider developer currently testing a not-yet-released build, though. To allow for that case this new CLI configuration feature allows overriding specific providers to refer to give local filesystem directories. Any provider overridden in this way is not subject to the usual restrictions about selected versions or checksum conformance, and activating an override won't cause any changes to the selections recorded in the lock file because it's intended to be a temporary setting for one developer only. This is, in a sense, a spiritual successor of an old capability we had to override specific plugins in the CLI configuration file. There were some vestiges of that left in the main package and CLI config package but nothing has actually been honoring them for several versions now and so this commit removes them to avoid confusion with the new mechanism.
2020-10-14 21:00:23 -04:00
command: convert to use backends
2017-01-18 23:50:45 -05:00
// Build the operation
Fix for no json output of state locking actions for --json flag (#32451) * Add viewType to Meta object and use it at the call sites * Assign viewType passed from flags to state-locking cli commands * Remove temp files * Set correct mode for statelocker depending on json flag passed to commands * Add StateLocker interface conformation check for StateLockerJSON * Remove empty line at end of comment * Pass correct ViewType to StateLocker from Backend call chain * Pass viewType to backend migration and initialization functions * Remove json processing info in process comment * Restore documentation style of backendMigrateOpts
2023-02-07 03:06:12 -05:00
opReq := c.Operation(be, viewType)
cli: Fix overly broad auto-approve argument The auto-approve argument was part of the arguments.Operation type, which resulted in adding a silent -auto-approve flag to plan and refresh. This was unintended, and is fixed in this commit by moving the flag to the arguments.Apply type and updating the downstream callers.
2021-02-23 10:03:15 -05:00
opReq.AutoApprove = autoApprove
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
opReq.ConfigDir = "."
command+backend: generalized "plan mode" So far we've only had "normal mode" and "destroy mode", where the latter is activated either by "terraform plan -destroy" or "terraform destroy". In preparation for introducing a third mode "refresh only" this generalizes how we handle modes so we can potentially deal with an arbitrary number of modes, although for now we only intend to have three. Mostly this is just a different implementation of the same old behavior, but there is one small user-visible difference here: the "terraform apply" command now accepts a -destroy option, mirroring the option of the same name on "terraform plan", which in turn makes "terraform destroy" effectively a shorthand for "terraform apply -destroy". This is intended to make us consistent that "terraform apply" without a plan file argument accepts all of the same plan-customization options that "terraform plan" does, which will in turn avoid us having to add a new alias of "terraform plan" for each new plan mode we might add. The -help output is changed in that vein here, although we'll wait for subsequent commit to make a similar change to the website documentation just so we can deal with the "refresh only mode" docs at the same time.
2021-04-05 19:28:59 -04:00
opReq.PlanMode = args.PlanMode
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
opReq.Hooks = view.Hooks()
terraform: Ugly huge change to weave in new State and Plan types Due to how often the state and plan types are referenced throughout Terraform, there isn't a great way to switch them out gradually. As a consequence, this huge commit gets us from the old world to a _compilable_ new world, but still has a large number of known test failures due to key functionality being stubbed out. The stubs here are for anything that interacts with providers, since we now need to do the follow-up work to similarly replace the old terraform.ResourceProvider interface with its replacement in the new "providers" package. That work, along with work to fix the remaining failing tests, will follow in subsequent commits. The aim here was to replace all references to terraform.State and its downstream types with states.State, terraform.Plan with plans.Plan, state.State with statemgr.State, and switch to the new implementations of the state and plan file formats. However, due to the number of times those types are used, this also ended up affecting numerous other parts of core such as terraform.Hook, the backend.Backend interface, and most of the CLI commands. Just as with 5861dbf3fc49b19587a31816eb06f511ab861bb4 before, I apologize in advance to the person who inevitably just found this huge commit while spelunking through the commit history.
2018-08-14 17:24:45 -04:00
opReq.PlanFile = planFile
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
opReq.PlanRefresh = args.Refresh
opReq.Targets = args.Targets
command: New -replace=... planning option This allows a similar effect to pre-tainting an object but does the action within the context of a normal plan and apply, avoiding the need for an intermediate state where the old object still exists but is marked as tainted. The core functionality for this was already present, so this commit is just the UI-level changes to make that option available for use and to explain how it contributed to the resulting plan in Terraform's output.
2021-04-30 17:46:22 -04:00
opReq.ForceReplace = args.ForceReplace
backendrun: Separate the types/etc for backends that support operations We previously had all of the types and helpers for all kinds of backends together in package backend. That kept things relatively simple, but it also meant that the majority of backends that only deal with remote state storage ended up still indirectly depending on the entire Terraform modules runtime, configuration loader, etc, etc, which brings into scope a bunch of external dependencies that the remote state backends don't really need. Since backends that support operations are a rare exception, we'll move the types and helpers for those into a separate package "backendrun", and then the main package backend can have a much more modest set of types and, more importantly, a modest set of dependencies on other packages in this codebase. This is part of an ongoing effort to reduce the exposure of Terraform Core and CLI code to the remote backends and vice-versa, so that in the long run we can more often treat them as separate for dependency maintenance purposes.
2024-03-11 19:27:44 -04:00
opReq.Type = backendrun.OperationTypeApply
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
opReq.View = view.Operation()
Define StatePersistInterval as command meta field
2024-05-16 18:53:30 -04:00
opReq.StatePersistInterval = c.Meta.StatePersistInterval()
remove feature flag from invoke flag
2025-09-16 09:58:03 -04:00
opReq.ActionTargets = args.ActionTargets
deferred actions: should still be experimental (#37167)
2025-05-26 03:16:13 -04:00
// EXPERIMENTAL: maybe enable deferred actions
if c.AllowExperimentalFeatures {
opReq.DeferralAllowed = args.DeferralAllowed
} else if args.DeferralAllowed {
// Belated flag parse error, since we don't know about experiments
// support at actual parse time.
diags = diags.Append(tfdiags.Sourceless(
tfdiags.Error,
"Failed to parse command-line flags",
"The -allow-deferral flag is only valid in experimental builds of Terraform.",
))
return nil, diags
}
Experimental `-allow-deferral` flag for enabling deferred actions on CLI Now that deferred actions is a top-level per-plan option, here's a lil command-line option for turning it on! - It's called `-allow-deferral`. - It is ONLY legal to use if this is an experimental build, i.e. compiled with `go build -ldflags "-w -s -X 'main.experimentsAllowed=yes'"` or the like. Implementation notes: The design constraint here was, "please avoid having to change the build infrastructure or alter the function of every args parsing function". So, since `extendedFlagSet()` doesn't have access to the var that says we're in an experimental build, I had to move the validation for that particular flag to later in the process, when we're building the operation request.
2024-04-03 16:52:21 -04:00
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
var err error
opReq.ConfigLoader, err = c.initConfigLoader()
command: Various updates for the new backend package API This is a rather-messy, complex change to get the "command" package building again against the new backend API that was updated for the new configuration loader. A lot of this is mechanical rewriting to the new API, but meta_config.go and meta_backend.go in particular saw some major changes to interface with the new loader APIs and to deal with the change in order of steps in the backend API.
2018-03-27 18:31:05 -04:00
if err != nil {
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
diags = diags.Append(fmt.Errorf("Failed to initialize config loader: %s", err))
return nil, diags
command: validate config as part of loading it Previously we required callers to separately call .Validate on the root module to determine if there were any value errors, but we did that inconsistently and would thus see crashes in some cases where later code would try to use invalid configuration as if it were valid. Now we run .Validate automatically after config loading, returning the resulting diagnostics. Since we return a diagnostics here, it's possible to return both warnings and errors. We return the loaded module even if it's invalid, so callers are free to ignore returned errors and try to work with the config anyway, though they will need to be defensive against invalid configuration themselves in that case. As a result of this, all of the commands that load configuration now need to use diagnostic printing to signal errors. For the moment this just allows us to return potentially-multiple config errors/warnings in full fidelity, but also sets us up for later when more subsystems are able to produce rich diagnostics so we can show them all together. Finally, this commit also removes some stale, commented-out code for the "legacy" (pre-0.8) graph implementation, which has not been available for some time.
2017-12-06 19:41:48 -05:00
}
cli: Move resource count code to command package CountHook is an implementation of terraform.Hook which is used to calculate how many resources were added, changed, or destroyed during an apply. This hook was previously injected in the local backend code, which means that the apply command code has no access to these counts. This commit moves the CountHook code into the command package, and removes an unused instance of the hook in the plan code path. The goal here is moving UI code into the command package.
2021-01-29 14:39:06 -05:00
cli: Migrate apply to command views
2021-02-18 17:23:34 -05:00
return opReq, diags
}
cli: Move resource count code to command package CountHook is an implementation of terraform.Hook which is used to calculate how many resources were added, changed, or destroyed during an apply. This hook was previously injected in the local backend code, which means that the apply command code has no access to these counts. This commit moves the CountHook code into the command package, and removes an unused instance of the hook in the plan code path. The goal here is moving UI code into the command package.
2021-01-29 14:39:06 -05:00
commands: start apply
2014-05-24 15:27:58 -04:00
func (c *ApplyCommand) Help() string {
command: enable destroy
2014-10-01 01:01:11 -04:00
if c.Destroy {
return c.helpDestroy()
}
return c.helpApply()
}
func (c *ApplyCommand) Synopsis() string {
if c.Destroy {
command: Improve consistency of the command short descriptions The short description of our commands (as shown in the main help output from "terraform") was previously very inconsistent, using different tense/mood for different commands. Some of the commands were also using some terminology choices inconsistent with how we currently talk about the related ideas in our documentation. Here I've tried to add some consistency by first rewriting them all in the imperative mood (except the ones that just are just subcommand groupings), and tweaking some of the terminology to hopefully gel better with how we present similar ideas in our recently-updated docs. While working on this I inevitably spotted some similar inconsistencies in the longer-form help output of some of the commands. I've not reviewed all of these for consistency, but I did update some where the wording was either left inconsstent with the short form changes I'd made or where the prose stood out to me as particularly inconsistent with our current usual documentation language style. All of this is subjective, so I expect we'll continue to tweak these over time as we continue to develop our documentation writing style based on user questions and feedback.
2020-10-23 19:55:32 -04:00
return "Destroy previously-created infrastructure"
command: enable destroy
2014-10-01 01:01:11 -04:00
}
command: Improve consistency of the command short descriptions The short description of our commands (as shown in the main help output from "terraform") was previously very inconsistent, using different tense/mood for different commands. Some of the commands were also using some terminology choices inconsistent with how we currently talk about the related ideas in our documentation. Here I've tried to add some consistency by first rewriting them all in the imperative mood (except the ones that just are just subcommand groupings), and tweaking some of the terminology to hopefully gel better with how we present similar ideas in our recently-updated docs. While working on this I inevitably spotted some similar inconsistencies in the longer-form help output of some of the commands. I've not reviewed all of these for consistency, but I did update some where the wording was either left inconsstent with the short form changes I'd made or where the prose stood out to me as particularly inconsistent with our current usual documentation language style. All of this is subjective, so I expect we'll continue to tweak these over time as we continue to develop our documentation writing style based on user questions and feedback.
2020-10-23 19:55:32 -04:00
return "Create or update infrastructure"
command: enable destroy
2014-10-01 01:01:11 -04:00
}
func (c *ApplyCommand) helpApply() string {
commands: start apply
2014-05-24 15:27:58 -04:00
helpText := `
cli: Add reference to global options to help text
2021-02-22 09:25:56 -05:00
Usage: terraform [global options] apply [options] [PLAN]
commands: start apply
2014-05-24 15:27:58 -04:00
command: Improve consistency of the command short descriptions The short description of our commands (as shown in the main help output from "terraform") was previously very inconsistent, using different tense/mood for different commands. Some of the commands were also using some terminology choices inconsistent with how we currently talk about the related ideas in our documentation. Here I've tried to add some consistency by first rewriting them all in the imperative mood (except the ones that just are just subcommand groupings), and tweaking some of the terminology to hopefully gel better with how we present similar ideas in our recently-updated docs. While working on this I inevitably spotted some similar inconsistencies in the longer-form help output of some of the commands. I've not reviewed all of these for consistency, but I did update some where the wording was either left inconsstent with the short form changes I'd made or where the prose stood out to me as particularly inconsistent with our current usual documentation language style. All of this is subjective, so I expect we'll continue to tweak these over time as we continue to develop our documentation writing style based on user questions and feedback.
2020-10-23 19:55:32 -04:00
Creates or updates infrastructure according to Terraform configuration
files in the current directory.
command/apply: update usage
2014-09-29 18:57:35 -04:00
command: Improve consistency of the command short descriptions The short description of our commands (as shown in the main help output from "terraform") was previously very inconsistent, using different tense/mood for different commands. Some of the commands were also using some terminology choices inconsistent with how we currently talk about the related ideas in our documentation. Here I've tried to add some consistency by first rewriting them all in the imperative mood (except the ones that just are just subcommand groupings), and tweaking some of the terminology to hopefully gel better with how we present similar ideas in our recently-updated docs. While working on this I inevitably spotted some similar inconsistencies in the longer-form help output of some of the commands. I've not reviewed all of these for consistency, but I did update some where the wording was either left inconsstent with the short form changes I'd made or where the prose stood out to me as particularly inconsistent with our current usual documentation language style. All of this is subjective, so I expect we'll continue to tweak these over time as we continue to develop our documentation writing style based on user questions and feedback.
2020-10-23 19:55:32 -04:00
By default, Terraform will generate a new plan and present it for your
approval before taking any action. You can optionally provide a plan
file created by a previous call to "terraform plan", in which case
Terraform will take the actions described in that plan without any
confirmation prompt.
Document saved plan use in `terraform apply -help` (#6126) Wording borrowed from the website docs.
2016-04-11 13:24:08 -04:00
commands: start apply
2014-05-24 15:27:58 -04:00
Options:
command: New -compact-warnings option When warnings appear in isolation (not accompanied by an error) it's reasonable to want to defer resolving them for a while because they are not actually blocking immediate work. However, our warning messages tend to be long by default in order to include all of the necessary context to understand the implications of the warning, and that can make them overwhelming when combined with other output. As a compromise, this adds a new CLI option -compact-warnings which is supported for all the main operation commands and which uses a more compact format to print out warnings as long as they aren't also accompanied by errors. The default remains unchanged except that the threshold for consolidating warning messages is reduced to one so that we'll now only show one of each distinct warning summary. Full warning messages are always shown if there's at least one error included in the diagnostic set too, because in that case the warning message could contain additional context to help understand the error.
2019-12-10 14:06:06 -05:00
-auto-approve Skip interactive approval of plan before applying.
command: Adding backup of state file
2014-07-27 18:09:04 -04:00
-backup=path Path to backup the existing state file before
modifying. Defaults to the "-state-out" path with
Fixed a ton of typos in docs and comments
2014-08-07 03:19:56 -04:00
".backup" extension. Set to "-" to disable backup.
command: Adding backup of state file
2014-07-27 18:09:04 -04:00
command: New -compact-warnings option When warnings appear in isolation (not accompanied by an error) it's reasonable to want to defer resolving them for a while because they are not actually blocking immediate work. However, our warning messages tend to be long by default in order to include all of the necessary context to understand the implications of the warning, and that can make them overwhelming when combined with other output. As a compromise, this adds a new CLI option -compact-warnings which is supported for all the main operation commands and which uses a more compact format to print out warnings as long as they aren't also accompanied by errors. The default remains unchanged except that the threshold for consolidating warning messages is reduced to one so that we'll now only show one of each distinct warning summary. Full warning messages are always shown if there's at least one error included in the diagnostic set too, because in that case the warning message could contain additional context to help understand the error.
2019-12-10 14:06:06 -05:00
-compact-warnings If Terraform produces any warnings that are not
accompanied by errors, show them in a more compact
form that includes only the summary messages.
command: Restore `auto-approve` flag in the output of `apply -help`
2018-03-26 13:21:47 -04:00
add destroy option to terraform apply help text (#31714)
2022-08-31 10:13:26 -04:00
-destroy Destroy Terraform-managed infrastructure.
The command "terraform destroy" is a convenience alias
for this option.
command: use -lock=false consistently in -help output Previously the docs for this were rather confusing because they showed an option to turn _on_ state locking, even though it's on by default. Instead, we'll now show -lock=false in all cases and document it as _disabling_ the default locking. While working on this I also noticed that the equivalent docs on the website were differently inconsistent. I've not made them fully consistent here but at least moreso than they were before.
2021-05-12 12:05:03 -04:00
-lock=false Don't hold a state lock during the operation. This is
dangerous if others might concurrently run commands
against the same workspace.
add -lock-state usage to plan/refresh/apply/destr
2017-02-03 14:15:08 -05:00
add cli flags for -lock-timeout Add the -lock-timeout flag to the appropriate commands. Add the -lock flag to `init` and `import` which were missing it. Set both stateLock and stateLockTimeout in Meta.flagsSet, and remove the extra references for clarity.
2017-04-01 16:19:59 -04:00
-lock-timeout=0s Duration to retry a state lock.
command: apply and refresh ask for input
2014-09-29 15:46:58 -04:00
-input=true Ask for input for variables if not directly set.
command: introduce Meta and "-no-color" option
2014-07-12 23:21:46 -04:00
-no-color If specified, output won't contain any color.
command/apply: update help text to be "parallel" instead of concurrent
2017-02-08 14:49:08 -05:00
-parallelism=n Limit the number of parallel resource operations.
command: pull parallelism default up to CLI layer /cc @knuckolls @josephholsten
2015-10-05 16:06:08 -04:00
Defaults to 10.
works for apply, no tests yet
2015-05-06 11:58:42 -04:00
include help entry for -replace (#36780) * include help entry for -replace * add to website docs as well * Update internal/command/apply.go Co-authored-by: Daniel Banck <dbanck@users.noreply.github.com> * Update website/docs/cli/commands/apply.mdx Co-authored-by: Daniel Banck <dbanck@users.noreply.github.com> --------- Co-authored-by: Daniel Banck <dbanck@users.noreply.github.com>
2025-05-14 12:03:47 -04:00
-replace=resource Terraform will plan to replace this resource instance
Rework most of the configuration loading We previously used a loader -> BuildConfig flow to load configuration. This commit changes most (but not all yet) flows to use the new graph-based approach. Instead of simply recursively loading the modules, we now need to take a stepped approach: 1. Load the root module 2. Collect the variables and their values 3. Build the configuration with the graph-based approach Because this approach relies on different parts from different packages, it can't easliy be done within the `configload` package. So, now we do most of in the backend or command.
2026-02-26 11:33:01 -05:00
instead of doing an update or no-op action.
include help entry for -replace (#36780) * include help entry for -replace * add to website docs as well * Update internal/command/apply.go Co-authored-by: Daniel Banck <dbanck@users.noreply.github.com> * Update website/docs/cli/commands/apply.mdx Co-authored-by: Daniel Banck <dbanck@users.noreply.github.com> --------- Co-authored-by: Daniel Banck <dbanck@users.noreply.github.com>
2025-05-14 12:03:47 -04:00
command/apply: default state path, only one optional arg
2014-07-12 00:30:40 -04:00
-state=path Path to read and save state (unless state-out
is specified). Defaults to "terraform.tfstate".
Update help output to consistently call out -state and -state-out flags as legacy and related to the local backend. (#37446)
2025-08-14 04:57:43 -04:00
Legacy option for the local backend only. See the local
backend's documentation for more information.
command: tests for apply
2014-06-19 00:36:44 -04:00
command/apply: default state path, only one optional arg
2014-07-12 00:30:40 -04:00
-state-out=path Path to write state to that is different than
"-state". This can be used to preserve the old
state.
Update help output to consistently call out -state and -state-out flags as legacy and related to the local backend. (#37446)
2025-08-14 04:57:43 -04:00
Legacy option for the local backend only. See the local
backend's documentation for more information.
Rework most of the configuration loading We previously used a loader -> BuildConfig flow to load configuration. This commit changes most (but not all yet) flows to use the new graph-based approach. Instead of simply recursively loading the modules, we now need to take a stepped approach: 1. Load the root module 2. Collect the variables and their values 3. Build the configuration with the graph-based approach Because this approach relies on different parts from different packages, it can't easliy be done within the `configload` package. So, now we do most of in the backend or command.
2026-02-26 11:33:01 -05:00
ephermal: allow setting var and var files for apply
2024-11-04 09:41:44 -05:00
-var 'foo=bar' Set a value for one of the input variables in the root
module of the configuration. Use this option more than
once to set more than one variable.
-var-file=filename Load variable values from the given file, in addition
to the default files terraform.tfvars and *.auto.tfvars.
Use this option more than once to include more than one
variables file.
commands: start apply
2014-05-24 15:27:58 -04:00
command+backend: generalized "plan mode" So far we've only had "normal mode" and "destroy mode", where the latter is activated either by "terraform plan -destroy" or "terraform destroy". In preparation for introducing a third mode "refresh only" this generalizes how we handle modes so we can potentially deal with an arbitrary number of modes, although for now we only intend to have three. Mostly this is just a different implementation of the same old behavior, but there is one small user-visible difference here: the "terraform apply" command now accepts a -destroy option, mirroring the option of the same name on "terraform plan", which in turn makes "terraform destroy" effectively a shorthand for "terraform apply -destroy". This is intended to make us consistent that "terraform apply" without a plan file argument accepts all of the same plan-customization options that "terraform plan" does, which will in turn avoid us having to add a new alias of "terraform plan" for each new plan mode we might add. The -help output is changed in that vein here, although we'll wait for subsequent commit to make a similar change to the website documentation just so we can deal with the "refresh only mode" docs at the same time.
2021-04-05 19:28:59 -04:00
If you don't provide a saved plan file then this command will also accept
all of the plan-customization options accepted by the terraform plan command.
For more information on those options, run:
terraform plan -help
commands: start apply
2014-05-24 15:27:58 -04:00
`
return strings.TrimSpace(helpText)
}
command: enable destroy
2014-10-01 01:01:11 -04:00
func (c *ApplyCommand) helpDestroy() string {
helpText := `
cli: Add reference to global options to help text
2021-02-22 09:25:56 -05:00
Usage: terraform [global options] destroy [options]
command: enable destroy
2014-10-01 01:01:11 -04:00
Destroy Terraform-managed infrastructure.
command+backend: generalized "plan mode" So far we've only had "normal mode" and "destroy mode", where the latter is activated either by "terraform plan -destroy" or "terraform destroy". In preparation for introducing a third mode "refresh only" this generalizes how we handle modes so we can potentially deal with an arbitrary number of modes, although for now we only intend to have three. Mostly this is just a different implementation of the same old behavior, but there is one small user-visible difference here: the "terraform apply" command now accepts a -destroy option, mirroring the option of the same name on "terraform plan", which in turn makes "terraform destroy" effectively a shorthand for "terraform apply -destroy". This is intended to make us consistent that "terraform apply" without a plan file argument accepts all of the same plan-customization options that "terraform plan" does, which will in turn avoid us having to add a new alias of "terraform plan" for each new plan mode we might add. The -help output is changed in that vein here, although we'll wait for subsequent commit to make a similar change to the website documentation just so we can deal with the "refresh only mode" docs at the same time.
2021-04-05 19:28:59 -04:00
This command is a convenience alias for:
terraform apply -destroy
command: enable destroy
2014-10-01 01:01:11 -04:00
command+backend: generalized "plan mode" So far we've only had "normal mode" and "destroy mode", where the latter is activated either by "terraform plan -destroy" or "terraform destroy". In preparation for introducing a third mode "refresh only" this generalizes how we handle modes so we can potentially deal with an arbitrary number of modes, although for now we only intend to have three. Mostly this is just a different implementation of the same old behavior, but there is one small user-visible difference here: the "terraform apply" command now accepts a -destroy option, mirroring the option of the same name on "terraform plan", which in turn makes "terraform destroy" effectively a shorthand for "terraform apply -destroy". This is intended to make us consistent that "terraform apply" without a plan file argument accepts all of the same plan-customization options that "terraform plan" does, which will in turn avoid us having to add a new alias of "terraform plan" for each new plan mode we might add. The -help output is changed in that vein here, although we'll wait for subsequent commit to make a similar change to the website documentation just so we can deal with the "refresh only mode" docs at the same time.
2021-04-05 19:28:59 -04:00
This command also accepts many of the plan-customization options accepted by
the terraform plan command. For more information on those options, run:
terraform plan -help
command: enable destroy
2014-10-01 01:01:11 -04:00
`
return strings.TrimSpace(helpText)
command/apply: can take a plan as an argument
2014-06-27 17:43:23 -04:00
}
Reference in a new issue Copy permalink