-
-
Notifications
You must be signed in to change notification settings - Fork 546
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add --retry-once-with-cleanup
to terraform_validate
#441
feat: Add --retry-once-with-cleanup
to terraform_validate
#441
Conversation
850bb96
to
a7e3d90
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@baolsen Thanks for the contribution.
Overall PR looks good to me, apart from the below points:
- Do I get it right that having this change in place
terraform_validate
hook will unconditionally remove.terraform
dir from current working dir and run again even if there are no issues with the content of.terraform
dir? E.g. when validation fails because of an error with TF code rather than because of a broken content of.terraform
dir. This doesn't seem to be right. I'm not able to verifyterraform validate
exit codes and output at the moment, hence could you please look up whether TF does output different error code on broken.terraform
dir content and if not then it may worth to capture its output (this is already in place) and lookup a common to this use case set of error messages to make a decision on whether to re-init TF by removing.terraform
dir or not. - This doesn't look good to unconditionally/inadvertently remove user content, hence could you please update this PR to prompt for user approval to remove
.terraform
dir before proceeding? - Since
.terraform
dir may contain files which belong to GIT repo (e.g. cloned TF modules) and since these files may be sort of protected (w/o writable bit attached), it should better force removal via-f
option torm
.
Thanks.
hooks/terraform_validate.sh
Outdated
# Will only be displayed if validation fails again. | ||
common::colorify "yellow" "Validation failed. Re-initialising: $dir_path" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer to display that message in all cases. Please add to README example "verbose: true
with the related code-comment about displaying that msg
Not sure that Also, I think that specified in 2. functional is too protective and not needed at all |
Mmm, I didn't think of it indeed... Wouldn't
Yep, right! User should be able to explicitly put their consent via hook parameter. Thank for the pointer.
It's when we know for sure it was |
Thanks for the great comments :)
Yes, good catch. Whether there is a validation error or a problem with .terraform directory it will re-validate at the moment.
Unfortunately it seems to only return exit code 1 for validation errors or an error caused by invalid .terraform config. Thanks for the tip for parsing the error message, I'll definitely look into that now.
I was not aware that some users would be heavily customising However it seems a bit strange to need an extra hook parameter for giving consent for the first hook parameter's intended behaviour. If the user has specified the current parameter Happy to take guidance here. I'll do some fixups for the other minor comments. |
PR updated with ability to parse The list can be built up over time from other use cases. |
ca50529
to
c103542
Compare
Yep, that's more of a rare use case for regular users, though those who develop TF providers might not be happy with implicit removal of
Yeah, I have to agree with this given Max's opinion. Though hook's behavior should be described in detail in README then, including a warning/notice about implicit/unconditional removal of
Thanks. I'll give it a look in a min. |
Other than comments above I think the PR looks good to me. |
Hey @yermulnik thanks for the further comments. |
Can be tested with:
Not sure if we should raise an error when If it is difficult to reproduce the specific errors we are looking for, then it can still be partially tested: Validation can be forced to fail and retry by making some invalid TF code, then adding the relevant error message to the |
I also see a lot of unrelated changes in the README, not sure if those are intended. |
Yeah, that's |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with tiny remarks left for your guys consuderation
Co-authored-by: George L. Yermulnik <[email protected]>
This reverts commit 4464e13.
terraform_validate
--retry-once-with-cleanup
to terraform_validate
# [1.77.0](v1.76.1...v1.77.0) (2022-11-26) ### Features * Add `--retry-once-with-cleanup` to `terraform_validate` ([#441](#441)) ([96fe3ef](96fe3ef))
This PR is included in version 1.77.0 🎉 |
Here to say thanks, this PR is a big help! edit - In our case this happens as a result of dependabot bumping a provider version, I suspect there are many other reasons why this could happen but would an option to just run |
Hi @brettcurtis. |
Thanks for reply @MaxymVlasov - Yeah that could mess up folks I suppose. For us we always pull current release shift testing left and fix any problems before we hit production. So basically, terraform init -upgrade is part of our flow already on any PR. |
Ah, so I just tested this:
The reason I'm in this state is because dependabot manages our terraform provider versions and merged a couple PRs with provider updates since the last time I worked on the given repo. So, I guess this PR doesn't solve that problem? Another thing I noticed is that it runs init on directories that only include .tfvars. |
@brettcurtis better create an issue and describe which problems you face, how you get JSON output (because hook should always return non-JSON outputs to the end-user), and other things that exist in bug issue template |
Will do, I'm trying to come up with a simple test case but in my tests, I can't reproduce what I was expecting to be the problem. The assumption was that my local .terraform has an older version of a provider cached and I pulled down a new .terraform.lock.hcl that was updated with a new provider version it would fail. I'll report back once I can figure out how to reproduce. |
Put an
x
into the box if that apply:Description of your changes
Adds an argument to
terraform_validate
hook to cleanup.terraform
directory if validate fails.This is a workaround to a known issue with
terraform_validate
.Number 3: https://github.com/antonbabenko/pre-commit-terraform#terraform_validate
Related links below:
Related #224
Related #301
I try to address the performance concern raised in #301 by only clearing
.terraform
if validate fails once per directory.How can we test changes
Tested with:
Steps:
1 Run hook on a known-good repo
2 Enter .terraform folder and corrupt it by deleting some providers
3 Run hook without the flag above. Validation fails.
4 Run hook with the flag above. Validation runs for a while (doing init behind the scenes) and then passes
5 Run hook with the flag above. Validation runs quickly and then passes