Terraform: Partial updates remove outputs (regression)

Created on 21 Sep 2020  ยท  6Comments  ยท  Source: hashicorp/terraform

Terraform Version

0.13.2

Expected Behavior

Targeted updates (-target) update the outputs for the root module that changed.

Actual Behavior

Targeted updates remove all outputs.

Additional Context

This worked as expected in 0.12.

Effectively, this make targeted updates completely unusable, as workspaces that depend on the remote TF state will fail.

bug new
Source
picture pauldraper

Most helpful comment

Example:

provider "local" {
}

resource "local_file" "example1" {
  content = "example1"
  filename = "${path.module}/example1.text"
}

resource "local_file" "example2" {
  content = "example2"
  filename = "${path.module}/example2.text"
}

output "example1" {
  value = local_file.example1.content
}

output "example2" {
  value = local_file.example2.content
}

After init and full apply, run a partial apply:

# terraform apply -target=local_file.example1
local_file.example1: Refreshing state... [id=2989ab24b9e79f729d27649f39b4109a30226b1a]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

Terraform will perform the following actions:

Plan: 0 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  - example2 = "example2" -> null
picture pauldraper on 19 Oct 2020
👍2

All 6 comments

Hi @pauldraper

I'm not able to reproduce the behavior you're describing; can you provide an example of the issue?

jbardin picture jbardin on 21 Sep 2020

I'm seeing the same behavior as well on version 0.13.4. If I run a targeted apply, I see a message in the console showing the outputs that have changed--none of which have anything to do with the resource I'm targeting. I'm targeting a diagnostic setting on a storage account:

TF Version

Terraform v0.13.4

outputs.tf

output "rg_id" {
  value = azurerm_resource_group.rg.id
}

output "cosmosdb_account_id" {
  value = azurerm_cosmosdb_account.cosmosdb.id
}

output "cosmosdb_db_name" {
  value = azurerm_cosmosdb_mongo_database.mongo_db.name
}

output "collection_name" {
  value = local.collection_name
}

output "transmission_collection_name" {
  value = local.transmission_collection_name
}

output "slot_names" {
  value = var.slot_names
}

output "kv_secret_mongo_connection_string_id" {
  value = azurerm_key_vault_secret.cosmosdbconnectionstring.id
}

output "queue_storage_account_name" {
  value = azurerm_storage_account.sa.name
}

output "queue_storage_account_primary_connection_string" {
  value     = azurerm_storage_account.sa.primary_connection_string
  sensitive = true
}

output "func_sa_name" {
  value = azurerm_storage_account.func.name
}

output "func_sa_primary_access_key" {
  value     = azurerm_storage_account.func.primary_access_key
  sensitive = true
}

output "subnet_id" {
  value = azurerm_subnet.api.id
}

output "subnet_apim_id" {
  value = join("", azurerm_subnet.api_management.*.id)
}

output "key_vault_id" {
  value = azurerm_key_vault.kv.id
}

output "app_insights_instrumentation_key" {
  value     = azurerm_application_insights.app_insights.instrumentation_key
  sensitive = true
}

diagnostics.tf

resource "azurerm_monitor_diagnostic_setting" "sa_func_diagnostics" {
  name               = "sa-diagnostics-to-storageaccount"
  target_resource_id = azurerm_storage_account.func.id
  eventhub_authorization_rule_id = data.azurerm_eventhub_namespace_authorization_rule.eventhub_ns_auth_rule.id

  log {
    category = "AuditEvent"

    retention_policy {
      enabled = var.diagnostic_log_retention_enabled
      days    = var.diagnostic_log_retention_days
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = var.diagnostic_log_retention_enabled
      days    = var.diagnostic_log_retention_days
    }
  }
}

console output

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_monitor_diagnostic_setting.sa_func_diagnostics will be created
  + resource "azurerm_monitor_diagnostic_setting" "sa_func_diagnostics" {
      + eventhub_authorization_rule_id = "/subscriptions/<subscription_id>/resourceGroups/<rg_id>/providers/Microsoft.EventHub/namespaces/nhsapp-activity-logs-nonlive-geodr-primary/authorizationRules/RootManageSharedAccessKey"
      + id                             = (known after apply)
      + name                           = "sa-diagnostics-to-storageaccount"
      + target_resource_id             = "/subscriptions/<subscription_id>/resourceGroups/<rg_id>/providers/Microsoft.Storage/storageAccounts/devfunc"

      + log {
          + category = "AuditEvent"
          + enabled  = true

          + retention_policy {
              + days    = 30
              + enabled = false
            }
        }

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 30
              + enabled = false
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  - app_insights_instrumentation_key                = (sensitive value)
  - collection_name                   = "<collection_name>" -> null
  - cosmosdb_account_id                             = "/subscriptions/<subscription_id>/resourceGroups/<rg_id>/providers/Microsoft.DocumentDB/databaseAccounts/devcosmos" -> null
  - cosmosdb_db_name                                = "dev" -> null
  - key_vault_id                                    = "/subscriptions/<subscription_id>/resourceGroups/<rg_id>/providers/Microsoft.KeyVault/vaults/dev" -> null
  - kv_secret_mongo_connection_string_id            = "https://<kv_name>.vault.azure.net/secrets/CosmosDbConnectionString/<id> -> null
  - queue_storage_account_name                      = "dev" -> null
  - queue_storage_account_primary_connection_string = (sensitive value)
  - slot_names                                      = [
      - "ci",
      - "dev",
    ] -> null
  - transmission_collection_name                    = "transmission" -> null
rudolphjacksonm picture rudolphjacksonm on 19 Oct 2020
👍1

Example:

provider "local" {
}

resource "local_file" "example1" {
  content = "example1"
  filename = "${path.module}/example1.text"
}

resource "local_file" "example2" {
  content = "example2"
  filename = "${path.module}/example2.text"
}

output "example1" {
  value = local_file.example1.content
}

output "example2" {
  value = local_file.example2.content
}

After init and full apply, run a partial apply:

# terraform apply -target=local_file.example1
local_file.example1: Refreshing state... [id=2989ab24b9e79f729d27649f39b4109a30226b1a]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

Terraform will perform the following actions:

Plan: 0 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  - example2 = "example2" -> null
pauldraper picture pauldraper on 19 Oct 2020
👍2

We're seeing exactly the same issue

it looks like it might be from this change? https://github.com/hashicorp/terraform/commit/c99157c35b55183407d6620fe3a949ac45022f66

0x91 picture 0x91 on 20 Oct 2020

Thank @pauldraper

This appears to be a duplicate of #26274, and is fixed in the 0.14 release.

Thanks!

jbardin picture jbardin on 20 Oct 2020

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 20 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rkulagowski picture rkulagowski  ยท  3Comments
c4milo picture c4milo  ยท  3Comments
carl-youngblood picture carl-youngblood  ยท  3Comments
rnowosielski picture rnowosielski  ยท  3Comments
cpoole picture cpoole  ยท  3Comments