I’ve noticed that terraform plan will precede lines with a tilde (~) if applying it will change something in a resource, instead of destroying the resource and recreating it (e.g. What are the different `terraform plan` symbol meanings? · Issue #14379 · hashicorp/terraform · GitHub). That makes sense, as I think there are certain cases where it makes a lot more sense to just change a value instead of recreating the resource.
Terraform is just a tool, so isn’t mutable or immutable itself. You get to choose how you do things, so you can create immutable infrastructure using it, or use it to create long lived “pets”.
@stuart-c Thanks for your insight. That makes sense to me, although I’m still trying to reconcile this behavior in terraform plan with what Hashicorp has published on their site, i.e. in the first link in my last post, Hashicorp says:
One of the key aspects of The Tao of HashiCorp is the notion of immutability, the idea that once we create a thing, we don’t change it after creation.
And if you go to the linked page, it mentions this about immutability, one of the core concepts (otherwise it shouldn’t be listed in the Tao of Hashicorp):
Immutability is the inability to be changed. This is a concept that can apply at many levels. The most familiar implementation of immutability is version control systems; once code is committed, that commit is forever fixed.
In other words, yes, you can use terraform in different ways, but it’s intended to be immutable, I think.
The way I’m interpreting this now is that, even though immutability is a core concept for Terraform, it’s not to say there can never be exceptions. For example, even though HCL is declarative, you can still have a provisioner to run a series of commands (i.e. that’s not declarative). Of course, that provisioner output won’t be in the terraform state, but it is possible, just that Hashicorp only provides it as a last resort.
I think you are giving too much weight to a single point (Immutability) in a document (The Tao of HashiCorp) that isn’t specifically about Terraform.
Terraform is all about mutating infrastructure driven by declarative definitions. The design of Terraform doesn’t prioritise immutability - but it does largely prioritise declarative expression - and that’s why provisioners are exceptional.
I would say that while that might be the underlying thinking from HashiCorp in reality the various tools are a lot more flexible and pragmatic. Things also depend on the individual providers & the APIs that they are talking to. Some APIs are very much immutable, while others are completely the opposite. There is nothing within Terraform itself which tried to enforce one idea or another (from a technical perspective, rather than philosophically).
Indeed, my sense of it is that Terraform should enable using immutable infrastructure structure patterns where they make sense for the target system, but that doesn’t mean Terraform will force you to treat everything as immutable. Many target platforms are just not designed that way, and Terraform can’t force them to be.
The “Tao of HashiCorp” is a set of things that the HashiCorp founders treated as guiding principles for deciding broadly what to work on, but it is not a set of hard technical requirements. Other items in that document are perhaps more true of Terraform in practice, but I think the key one to note is Pragmatism: it doesn’t make sense to pretend that the world exactly fits these principles, and instead we must try to find a suitable compromise that is as true to as many of these as possible while still producing useful technology.