Terraform plan should produce output variable that indicates whether changes are pending

Question

Terraform plan should produce output variable that indicates whether changes are pending

mjiderhamn opened this issue 4 years ago · 6 comments

When using the command: plan command with the TerraformTask*, it should add a task output variable that indicates whether plan found any changes that need to be applied. This variable could then be used as a condition for later tasks, such as command: apply with the same TerraformTask*.

Answer 1 · 2021-06-01T15:41:26.000Z

This seems to supply a workaround for now. Partially inspired from here.

    jobs:
    - job: 'plan'
      ...
      - task: TerraformTaskV2@2
        name: terraformPlan
        inputs:
          command: 'plan'
          ...
      # See https://www.terraform.io/docs/internals/json-format.html
      - bash: |
          plan=$(cat $(terraformPlan.jsonPlanFilePath))

          # Get the count of the number of resources being created
          create=$(echo "$plan" | jq -r ".resource_changes[].change.actions[]" | grep "create" | wc -l | sed 's/^[[:space:]]*//g')

          # Get the count of the number of resources being updated
          update=$(echo "$plan" | jq -r ".resource_changes[].change.actions[]" | grep "update" | wc -l | sed 's/^[[:space:]]*//g')

          # Get the count of the number of resources being deleted
          delete=$(echo "$plan" | jq -r ".resource_changes[].change.actions[]" | grep "delete" | wc -l | sed 's/^[[:space:]]*//g')

          if [ "$create" -gt "0" ] || [ "$update" -gt "0" ] || [ "$delete" -gt "0" ]; then
            echo "Found $create create, $update update and $delete delete actions"
            echo "##vso[task.setvariable variable=terraformChanges;isOutput=true]true"
          else
            echo "No changes found"
            echo "##vso[task.setvariable variable=terraformChanges;isOutput=true]false"
          fi
        name: terraformPlanResult
    - job: 'nextJob'
      dependsOn: 'plan'
      ...
      # See https://docs.microsoft.com/en-us/azure/devops/pipelines/process/conditions?view=azure-devops&tabs=yaml#use-the-output-variable-from-a-job-in-a-condition-in-a-subsequent-job
      condition: and(succeeded(), eq(dependencies.plan.outputs['terraformPlanResult.terraformChanges'], 'true'))

Answer 2 · 2021-06-16T03:54:59.000Z

There is a -detailed-exitcode option to terraform plan that does this, but if you try it via a pipeline it caused the plan step to fail with the different exit code. Would be good if it could handle that.

##[error]Error: The process '/opt/hostedtoolcache/terraform/0.14.10/x64/terraform' failed with exit code 2
Finishing: Terraform Plan

Answer 3 · 2021-12-03T13:07:16.000Z

Good post about this issue https://sathyasays.com/2020/12/31/terraform-apply-only-on-change/

Answer 4 · 2022-01-13T15:57:06.000Z

Hi @mericstam

when would you say it might be ready?

Answer 5 · 2022-01-18T09:58:57.000Z

Hi, sorry for late reply. We are in the midst of moving terraform extension to another repo, moving issues and fixing links ETC. we also have a plan for a V3 of the extension where we have reworked some things. Thinking of adding the discussed feature after the move. Can't give you an exact date but hopefully pretty soon.

Answer 6 · 2022-02-24T22:20:45.000Z

repo has moved. this issue is solved by PR in new repo microsoft/azure-pipelines-terraform#11
Release will be in the next few days. closing this issue. if you need you can open a new issue at: https://github.com/microsoft/azure-pipelines-terraform/issues