terraform validate is failed in v0.10.0
Terraform Version
v0.10.0
Terraform Configuration Files
$ git clone [email protected]:terraform-community-modules/tf_aws_ecs.git
$ cd tf_aws_ecs
$ terraform init
$ terraform validate
There are warnings and/or errors related to your configuration. Please
fix these before continuing.
Errors:
* 4 error(s) occurred:
* Required variable not set: key_name
* Required variable not set: name
* Required variable not set: subnet_id
* Required variable not set: vpc_id
I don't see this error in terraform version 0.9.x
Expected Behavior
same as version 0.9.x
$ brew switch terraform 0.9.11
Cleaning /usr/local/Cellar/terraform/0.10.0
Cleaning /usr/local/Cellar/terraform/0.9.11
2 links created for /usr/local/Cellar/terraform/0.9.11
$ terraform validate
All fine.
ozbillwang
All 8 comments
Hi @ozbillwang,
sorry for any confusion caused but this is intended behaviour.
There was a breaking change coming to 0.10 involving validate command.
This is also documented in a special section of a changelog called "BACKWARDS INCOMPATIBILITIES / NOTES"
https://github.com/hashicorp/terraform/blob/master/CHANGELOG.md#0100-august-2-2017
We now perform more in-depth validation which also involves required/optional variables, so you'll need to mock those variables for the purpose of CI tests or other similar use cases.
I hope it helps, thanks for understanding.
radeksimko
on 8 Aug 2017
@radeksimko
Thanks a lot.
I review your PR (#13872), seems I need to add a new option to bypass the variables check and get old-style validate back.
terraform validate -check-variables=false
All fine now.
Then I still don't understand how to make it work with -check-variables=true.
Could you provide some real samples for me?
Updates:
I got answer by myself:
terraform validate -var-file=dev.tfvars
@radeksimko
By the way, do you or hashicorp have any plans to make the command terraform validate work on sub-folders directly, same as terraform fmt?
Currently I have to run below commands to validate the terraform tf files in current and sub-folders.
find . -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m
do
terraform validate -check-variables=false "$m" && echo "√ $m"
done
By the way, do you or hashicorp have any plans to make the command terraform validate work on sub-folders directly, same as terraform fmt?
AFAIK we haven't explicitly discussed this option, but I'm tempted to say no. The reason fmt works differently is because unlike most other commands it is context-less. fmt doesn't care about dependencies between resources within a directory, it simply doesn't need to understand the real meaning of the syntax, just formatting of it.
validate on the other hand, as well as plan, apply, destroy, init etc. only work within a specific context - i.e. you cannot validate multiple directories at the same time, because you'd need to provide directory-specific variables and always validate each directory separately anyways.
This is not a definite _no_ though - just an explanation of why it works the way it works.
radeksimko
on 9 Aug 2017
Thanks for the explanation @radeksimko
Anyway, I run with above shell scripts for a while, works fine for current and all sub-folders without issue.
ozbillwang
on 9 Aug 2017
To add some extra context to what @radeksimko described earlier, Terraform's primarily concerned not with directories but rather with _modules_. If you use terraform validate on a configuration that contains child modules, Terraform _should_ recurse into those child modules and validate those too.
Terraform intentionally doesn't make any assumptions about the directory structure, since sometimes modules are maintained in child directories, sometimes in sibling directories, and sometimes in entirely different repositories. By using the _module_ tree to traverse, rather than the _directory_ tree, Terraform is able to find and validate all of the modules used by a particular configuration regardless of directory organization.
In general, as Radek described, Terraform commands operate only on a single "working directory" at a time. A working directory contains a root module, which may in turn instantiate other modules. For consistency of behavior between these commands, we've leaned towards using modules as the basis for the traversal in (almost) all cases.
The different behavior of fmt represents a different expected usage: fmt is often used across a whole codebase, e.g. during an automated testing process or via repository hooks. As Radek mentioned, it doesn't really care about the relationships between files at all and just works on a file-by-file basis. It's included as part of the main terraform binary for more convenient use, but it's largely just a thin wrapper around the generic hclfmt tool.
I'm glad you found a way to achieve your goals with shell scripting! Thanks for reporting this.
apparentlymart
on 10 Aug 2017
Would be good if terraform didn't exit with an error if no .tf files are found in the current directory, but there are .tf files in sub-dirs.
robinbowes
on 24 May 2018
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 3 Apr 2020
Related issues
carl-youngblood
·
3Comments
sprokopiak
·
3Comments
rjinski
·
3Comments
allomov
·
3Comments
Seraf
·
3Comments