Dump terraform plan, pretending the state is empty

parabolala · February 2, 2023, 5:57am

As a step in the CI process, I’d like to highlight the changes to the Terraform output that the current .tf file changes introduce. Specifically, I don’t care about the currently deployed state of the cluster, nor the state stored in the terraform state backend.

I’d like to just perform a static analysis of “What would terraform produce from scratch at commit T0” then “What would terraform produce from scratch at commit T1” and compare the two, e.g. show the unified diff of “static code analysis”.

Is there any easy way to produce some form of “What would terraform produce from scratch at commit Tx”? I don’t care about the specific format, as long as it can be diff’d and reasonably readable (so json would be ok).

The closest I’ve got to is:

terraform plan -refresh=false -input=false -no-color -out=tfplan \
          && terraform show -no-color -json tfplan

Which is similar to what I want, but does consider the current state in the backend and in the cluster, so incase the deployed state diverges produces spurious diffs unrelated to the code changes between commits T0 and T1

apparentlymart · February 3, 2023, 10:20pm

Hi @parabolala,

Terraform has no built in way to ignore the current state.

If you want to achieve this then you’ll need to do run your operation in a context where the current state is empty.

One option would be to temporarily override the state storage to be local while not having any local state snapshots. If you create a file force_local_override.tf then that will be an “Override File” which can therefore override certain settings already defined in the main configuration files. To override the backend in particular:

terraform {
  backend "local" {}
}

If you do this in a directory that was already initialized with a remote backend then terraform init will cautiously refuse to causally reset the backend like this, but if you work in a clean working directory that wasn’t previously initialized and run terraform init with the override already in place then it should initialize the workout directory with local state only.

Since you won’t yet have a local state snapshot, you can now run terraform plan against effectively an empty state.