Include additional proposed change information for certain kinds of planning errors #34312
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some time ago we ruled that Terraform Core would make a best effort to return a partial plan describing the subset of actions that were successfully proposed before encountering an error, which Terraform CLI and Terraform Cloud then rely on to present some additional context to support the associated error messages.
This change aims to improve that effort by making a distinction between the failure of the planning operation itself vs. something else in the configuration ruling that the successfully-created plan is unacceptable for some separate reason.
In that case, it's helpful to still include that proposed change in the plan, because the planning step itself succeeded and these problems are in a sense "between" the planning operations, blocking any downstream work from starting.
In particular, this change arranges for a failed
prevent_destroy
check or a failedpostcondition
check to still include the planning result that it was checked against, which then allows the UI the option of displaying that planned action alongside the error describing why it was unacceptable.The CLI layer already supports this from our earlier work in this area, and so no changes are required there. The following is an example result from a
prevent_destroy
violation with these changes in place:Combining the error message with the proposed change first explains why this resource instance was proposed to be replaced, and then explains that it's invalid to do so. This presentation could potentially be improved in future to connect these two parts of the output more strongly, but that'll be for a future PR (focused at the CLI layer, rather than the Core layer) if so.
Closes #34305 and closes #30271.