New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Verbose option for plan #27547
Comments
@gitwitheprogram |
True. However, I wasn't really looking for a better kludge. My point was just that having the -verbose flag here seems like a pretty standard thing. No user is going to know that they can set that environment variable without reading the release notes, as it's not mentioned in the -help output or in the documentation here that I can see. It seems that the intention was to not provide functionality for users to get the full output, and I was just trying to make a case for it potentially being useful sometimes. |
I recently had a situation where the full output was essential to determining that terraform would do the correct thing before apply.
Looks like its going to purge the ingress from the object for no reason. while with the full output...
Makes it clear that terraform doesn't know what the current CIDR block is and that obviously when it applies the state it will perform the value lookup, get the current state (which is what it incorrectly wants to remove), realise its mistake and do nothing. Effectively I have a "phantom update" and the concise output hid this fact from me making it appear that terraform was going to do the wrong thing with no way to confirm it would do the correct thing had I not been able to access the full output without the new concise diff being applied. I don't care if it stays behind an environment variable, |
It would also be great to add an option to expand n lines of context around the line of interest, e.g. The use case I had was changing environmental variables for AWS ECS task, which was showing only env var values and not their names, while in the same time showing surrounding blocks for other env vars which were not changing and which were not relevant to this plan at all:
|
Just came across this today for the first time after upgrading to Terraform v0.15.4 and it seems to me that even the I just want to echo the concerns of others about not being able to see the full plan. Seeing the full plan is part of the development cycle in some cases. If I'm interacting with some new or convoluted cloud service, I'll sometimes end up creating the resources manually in the console, then crafting my best attempt at a Terraform codification, then import my manually created resources, and finally run a plan to see what I got wrong. This is especially useful as new services come out and when the examples and documentation aren't as fleshed out as they need to be. Concealing the plan just makes everything far more difficult in this case. |
Although the concise plan has worked wonders in preserving my sanity since it was introduced, I recently realised while working with Specifically changes made to this resource's
|
We need either a more verbose plan, or smarter one, where TF would do a better job at distinguishing repeatable blocks. I think verbose option is simpler? |
Looking at the env var, Frankly I am suprised this was taken away. I am now in a position where terraform says there is a change, but hiding the change, due to the succint diff changes. What changed on these two resources? They have a change "~" but no sub attributes listed.. Am I safe to apply? At this point I want to revert back to a version of terraform that actually tells me whats going on. ``
|
This really helps when PLAN redirects to an approver who doesn't have access to the real resource. |
Is there any way to see the full output now that For context this is with the |
It is almost 10 months completed, No milestone defined for this bug. |
This is terrible! I came here looking for answers and it seems the guys at TF are not listening to the requests!! |
Modifying my comment from the recently linked and closed issue. I agree we need a -verbose option. In our situation, a concise diff is problematic when updating an aws_ecs_task_definition json blob for the container_definitions variable, and that blob contains multiple containers (sidecars). It's not possible to tell which sidecar/container definition a change is in without the full diff of the full json blob or a smarter concise diff which can grok a json blob and include the relavent context. While the non-concise diff may be huge, it's still incredibly helpful to validate the correct changes are being applied in all cases (even if they're more obscure). |
The only thing I could do was rollback to v0.15.3...because v0.15.4 is here the "feature"/problem about extra unnecessary info began.. |
I came here because I couldn't see exactly what is going to happen and only turn to closed #28906. I don't see a reason for hiding things and not allowing people see exact plan. |
Came here for a solution, looking for this feature. |
This issue currently (17th November 2021) has the label: The issue being discussed is clearly that changes made by Hashicorp have broken required functionality making the current version of Terraform potentially unusable for resources containing repeatable blocks. There may of course be many other examples. Can this issue be given the labelling and therefore the priority it needs please? |
We have CI/CD pipelines for too sensitive network changes. Every network changes plan is going through many higher management approval processes as it is critical to the entire business. Somehow trim plan does not help out for understanding the changes example code before update
Code after update
Terraform PLAN
Approver does have a sense of existing DNS to Approve or Reject the CI/CD pipeline just verifying only the above terraform plan. |
As another example of why this is critical, I just encountered the following plan today for a change to a GCP IAM policy:
It's very frustrating to not be able to see that particular "unchanged" element, since it's quite important to know which role the service account is being removed from! |
Another example that caused a small panic initially. An AWS account has been (correctly) suspended pending closure within the AWS console. Terraform reported this as follows:
So all we know here is that an account was suspended. We know at least 2 of the accounts that were NOT suspended, but even with the most optimistic interpretation of this pre-plan output, there's a distinct lack of useful information being presented. And because it is really quite useless, it devalues the output to a point that who knows if it is worth reviewing. And once you review it and realise something has changed, the amount of time you now need to spend on identifying exactly what has changed ... it all adds up to a bad situation that is easily solved by having some small options around the diff display. |
Is there any fix to this? We can't trust our terraform code anymore because of this bug basically. I'm running Terraform version |
Hi All, |
@alisdair I'm tagging you since you are the last confirmed contributor to have seen this. Could we get anyone from Hashicorp to give a statement on this issue? As shown in multiple examples, the current diff format is creating a lot of problems. We need to be able to trust the tools we use and Terraform is eroding that trust by not being verbose enough. |
Walking through the various comments with @alisdair, there are three categories of requests in this thread. First, the original enhancement request for a verbose plan output. Second, legitimate bugs in the current plan output code. Third, other enhancement requests. I want to start by enumerating the bugs identified in comments. Bugs:
@alisdair notes that many of those above issues are similar, in that Terraform ought to be rendering fields called Two comments look like a similar enhancement request: that the provider should be able to set a flag on a resource attribute that marks it as an "identifier," and that identifier should always be printed in the plan output. @alisdair is looking into whether or not there is an existing enhancement request for this, if not we will create one and update this issue.
As for the original enhancement request per the original issue, there is currently no commitment to implement a verbose plan option in the near future. It would be very difficult to implement in the current design, and so plan output will likely not significantly change without the current implementation being overhauled. If this changes, we will be sure to update this ticket. |
This is a pretty terrible outcome to be frank. The plan diffs are a critical component that this tool revolves around, to not allow devs to see the entire plan output when desired seems like a major failure in the core design. For debug purposes there will always be use cases where one would wish to see the entire specification for a resource. Very bummed to see this, count me in the ranks of those who would wish to see this overhaul, IMO this direction was not well thought out and greatly hinders the usefulness of the tool. |
This would be a very welcome change that I think should help with most of the issues we see with regards to the concise diff. However, it still relies on the providers to implement this properly. I still think there's value in being able to produce a full plan as an exception, as @mattsfrey mentions above I very often have to |
#30753 is tracking the inability for Terraform to display identifying information for resources or substructures in which #30685 has been merged as a fix for the bug described by five cases reported in this thread, and will be released in Terraform 1.1.8. |
We very much appreciate the feedback in this thread. For the time being I am going to lock it, primarily to encourage any new issues in the existing system to be reported discreetly. For those who would like to add their voice to this request, please continue to vote up the issue with the 👍 emoji on the issue description. Thanks for all the feedback on this issue, we do truly appreciate it. |
Current Terraform Version
Use-cases
Running terraform plan now uses the concise format, which is awesome. Thank you. However, while the output includes lines that inform the user that attributes are hidden, terraform provides no easy way to toggle that output back on.
I confess that it is unlikely that I would use the full plan output often, but it could be helpful for doing a sanity check before certain changes. (for instance, I'm currently working on new modules and importing resources into them, and being able to easily validate that the reason an attribute isn't listed in the plan is because it is already set correctly could be helpful) I'd imagine that this would generally be used a lot more by newer Terraform users than experienced ones.
Attempted Solutions
I could easily write a wrapper script that sets the TF_X_CONCISE_DIFF environment variable to 0, runs terraform plan, and then unsets the variable, but that seems kind of silly to me. Other alternatives to see the settings of the other attributes would include running a terraform state show or pull prior to the plan. Maybe this is what is intended by the Terraform developers?
Proposal
Add a -verbose option to plan to revert to a full plan output.
References
The text was updated successfully, but these errors were encountered: