terraform plan – Hey guys, I’m back with a new post about this command related to Terraform.
As a DevOps engineer, I usually to using Terraform on my work, day by day. And I wanna talk some small experiences about it with you guys.
terraform plan is not a real plan
Table of Contents
Everytime I write some Terraform code to create some stuff on my infrastructure, yes, I have to run the command terraform plan
to make sure nothing will be destroyed without any noticed.
I may know that when I talk this thing, some guys can yelling me like “everybody know this shit, stupid”.
But this is not the main point, I wanna talk about the point “plan is not a real plan”.
You already know that terraform plan
will checking the current state for all resources on the infrastructure. And then compare with your new code and list all the changes to you.
That’s a plan right? You think you can know everything with the list of changes. But no, not easy like that.
I wrote a previous post with my experience about error Postgres pq tupple concurrently updated. You may don’t know this shit were happened to me even when I ran the command terraform plan
first and it’s showed everything looking good. Nothing be brokend and all looks like supporting. Like this one:
# module.user-rds-postgres-trade.postgresql_grant.rds_postgres_grant_table["user.01"] will be updated in-place
~ resource "postgresql_grant" "rds_postgres_grant_table" {
id = "user.01_db_public_table"
~ privileges = [
+ "DELETE",
+ "INSERT",
+ "SELECT",
+ "UPDATE",
]
# (5 unchanged attributes hidden)
}
# module.user-rds-postgres-trade.postgresql_grant.rds_postgres_grant_table["user.02"] will be updated in-place
~ resource "postgresql_grant" "rds_postgres_grant_table" {
id = "user.02_db_public_table"
~ privileges = [
+ "DELETE",
+ "INSERT",
+ "SELECT",
+ "UPDATE",
]
# (5 unchanged attributes hidden)
}
Plan: 5 to add, 5 to change, 0 to destroy.
But when I run the next command terraform apply
then this shit error were came.
│ Error: could not execute revoke query: pq: tuple concurrently updated
│
│ with module.user-rds-postgres-trade.postgresql_grant.rds_postgres_grant_table["user.01"],
│ on ../../modules/user-rds-postgres/main.tf line 90, in resource "postgresql_grant" "rds_postgres_grant_table":
│ 90: resource "postgresql_grant" "rds_postgres_grant_table" {
I told about this error in my previous post above.
You see, even the terraform plan
showing everything fine but not sure it will real fine when you run terraform apply
. It’s may break something you don’t know.
That the reason why I want to mention it’s not a real plan here and you shouldn’t believe it for all the thing. Should double-check carefully.
My suggestion
I suggest you guys 3 things:
- Keeping in mind that never trust
terraform plan
100%. Always double-check all the things, all the changes. - If you have the budget as well, let run
terraform apply
in the Development environment first. I know most of you guys always has the Development environment to do stuff. But still some cases, they’re only running a single environment for product only, there is no more budget (I faced it once). - If you can’t have the Development environment available. Let try to split your Terraform code to smaller thing and then try it with your personal environment like your AWS account. Sometime, you have to sacrifice a bit to make sure you will not break something.
Conclusion
This post I’m not telling you guys about the technical issues or tricks or guides. I’m just want to sharing with you about my experience when working with Terraform. You may face the case like me or not. But if you’re facing it, just keep in mind about my suggestion.