Terraform: Targeted apply removes outputs from state file

Created on 14 Oct 2019  路  1Comment  路  Source: hashicorp/terraform

Terraform Version

Terraform v0.12.10
+ provider.null v2.1.2

Terraform Configuration Files


./config.tf:

provider "null" {
  version = "=2.1.2"
}

module "null_module" {
  source = "./null_module"
}

output "null_output_both" {
  value = module.null_module.output_both
}

output "null_output_local" {
  value = module.null_module.output_local
}

output "null_output_attribute" {
  value = module.null_module.output_attribute
}

./null_module/config.tf:

locals {
  my_local = "foo"
}

resource "null_resource" "test" {}

output "output_both" {
  value = "${null_resource.test.id} ${local.my_local}"
}

output "output_local" {
  value = "${local.my_local}"
}

output "output_attribute" {
  value = "${null_resource.test.id}"
}

Debug Output


https://gist.github.com/ResDiaryLewis/f4691729b213cdc2412d10ceb6cb9dcb

Crash Output

Expected Behavior


All output values should be listed:

> terraform output
null_output_attribute = 3039979499430690671
null_output_both = 3039979499430690671 foo
null_output_local = foo

Actual Behavior


Depending on previous applies, either one or two output values are listed:

> terraform output
null_output_attribute = 3039979499430690671
null_output_local = foo

Steps to Reproduce

Only null_output_attribute is output with this workflow:

  1. terraform init
  2. terraform apply -target="module.null_module" -auto-approve
  3. terraform output

null_output_attribute and null_output_local are output with this workflow:

  1. terraform init
  2. terraform apply -auto-approve
  3. terraform apply -target="module.null_module" -auto-approve
    4.. terraform output

Running terraform apply -auto-approve at any point will restore all three output values.

Additional Context


I've noticed that Terraform version 0.12.10 has a warning regarding targeted applies which wasn't present in version 0.12.8, however our Terraform workflow requires a manual step by a user after creating a specific resource and before creating another one. This manual step can't currently be executed by a provisioner.

I've also found https://github.com/hashicorp/terraform/issues/12140 which describes the same issue and was closed.

References

bug config v0.12
Source
picture ResDiaryLewis
👍8

Most helpful comment

We're encountering a very similar problem. In our case it's via nested modules:

Tested with Terraform 0.12.16

Config Files

main.tf:

provider "aws" {
  region = "us-west-2"
}

output "module" {
  value = module.module-1.module-2
}

module "module-1" {
  source = "./module-1"
}

./module-1/main.tf::

module "module-2" {
  source = "../module-2"
}

output "module-2" {
  value = module.module-2
}

./module-2/main.tf:

resource aws_iam_policy "test" {
  policy = <<-EOF
  {
    "Version": "2012-10-17",
    "Statement": [
      {
          "Effect": "Deny",
          "Action": [
            "ec2:*"
          ],
          "Resource": "*"
      }
    ]
  }
  EOF
}

data aws_ami "sample" {
  owners      = [ "amazon" ]
  most_recent = true

  filter {
    name = "name"
    values = [ "amzn2-ami-hvm*" ]
  }
}

resource aws_launch_configuration "test" {
  image_id      = data.aws_ami.sample.image_id
  instance_type = "m5.large"
}

output "policy-arn" {
  value = aws_iam_policy.test.arn
}

Repro Steps:

  • Run terraform apply. Note the output:
   module = {
        policy-arn = "arn:aws:iam::******:policy/terraform-*****"
    }
  • Now run terraform apply -target=module.module-1.module.module-2.aws_launch_configuration.test. Note the output:
   module = {
        policy-arn = null
    }

As ResDiaryLewis noted, there's clearly a warning displayed regarding targeted applies, but on larger configs this warning flies right past (Which is why we didn't notice it and didn't realize targeted applies are frowned upon). In our case, we have other Terraform projects that rely on the output of the parent project here, causing them to break until such time as the parent project undergoes a full state refresh

picture singe-graham on 26 Nov 2019
👍4

>All comments

We're encountering a very similar problem. In our case it's via nested modules:

Tested with Terraform 0.12.16

Config Files

main.tf:

provider "aws" {
  region = "us-west-2"
}

output "module" {
  value = module.module-1.module-2
}

module "module-1" {
  source = "./module-1"
}

./module-1/main.tf::

module "module-2" {
  source = "../module-2"
}

output "module-2" {
  value = module.module-2
}

./module-2/main.tf:

resource aws_iam_policy "test" {
  policy = <<-EOF
  {
    "Version": "2012-10-17",
    "Statement": [
      {
          "Effect": "Deny",
          "Action": [
            "ec2:*"
          ],
          "Resource": "*"
      }
    ]
  }
  EOF
}

data aws_ami "sample" {
  owners      = [ "amazon" ]
  most_recent = true

  filter {
    name = "name"
    values = [ "amzn2-ami-hvm*" ]
  }
}

resource aws_launch_configuration "test" {
  image_id      = data.aws_ami.sample.image_id
  instance_type = "m5.large"
}

output "policy-arn" {
  value = aws_iam_policy.test.arn
}

Repro Steps:

  • Run terraform apply. Note the output:
   module = {
        policy-arn = "arn:aws:iam::******:policy/terraform-*****"
    }
  • Now run terraform apply -target=module.module-1.module.module-2.aws_launch_configuration.test. Note the output:
   module = {
        policy-arn = null
    }

As ResDiaryLewis noted, there's clearly a warning displayed regarding targeted applies, but on larger configs this warning flies right past (Which is why we didn't notice it and didn't realize targeted applies are frowned upon). In our case, we have other Terraform projects that rely on the output of the parent project here, causing them to break until such time as the parent project undergoes a full state refresh

singe-graham picture singe-graham on 26 Nov 2019
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shanmugakarna picture shanmugakarna  路  3Comments
allomov picture allomov  路  3Comments
rkulagowski picture rkulagowski  路  3Comments
carl-youngblood picture carl-youngblood  路  3Comments
darron picture darron  路  3Comments