Where are "Warning: Argument is deprecated" present in the plan?

Terraform Providers AWS
1

Hi.

Got this warning when running a plan:

╷
│ Warning: Argument is deprecated
│ 
│   with aws_elasticache_replication_group.redis_sharded,
│   on elasticache.tf line 42, in resource "aws_elasticache_replication_group" "redis_sharded":
│   42: resource "aws_elasticache_replication_group" "redis_sharded" {
│ 
│ Use num_node_groups and replicas_per_node_group instead
│ 
│ (and 4 more similar warnings elsewhere)
╵

A while ago, I introduced a Plan Summary and Validation Summary that presents elements of terraform show -json terraform.tfplan and terraform validate -json using jq to produce a nice easy to digest report. This has proven excellent for dealing with the AWS Provider upgrade regarding the refactoring of the S3 bucket resource.

Output like …

Validate Terraform
==================
Detail                                                                                            Address                                                 Filename                       Line
------                                                                                            -------                                                 --------                       ----
The attribute "website_endpoint" is deprecated. Refer to the provider documentation for details.                                                          modules/cf_s3_website/main.tf  195
Use the aws_s3_bucket_server_side_encryption_configuration resource instead                       module.queue_assets_website.aws_s3_bucket.cf_s3_bucket  modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_cors_configuration resource instead                                         module.queue_assets_website.aws_s3_bucket.cf_s3_bucket  modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_website_configuration resource instead                                      module.queue_assets_website.aws_s3_bucket.cf_s3_bucket  modules/cf_s3_website/main.tf  45
The attribute "website_endpoint" is deprecated. Refer to the provider documentation for details.                                                          modules/cf_s3_website/main.tf  195
The attribute "website_endpoint" is deprecated. Refer to the provider documentation for details.                                                          modules/cf_s3_website/main.tf  195
Use the aws_s3_bucket_website_configuration resource instead                                      module.beta_epos_website.aws_s3_bucket.cf_s3_bucket     modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_cors_configuration resource instead                                         module.beta_epos_website.aws_s3_bucket.cf_s3_bucket     modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_server_side_encryption_configuration resource instead                       module.beta_epos_website.aws_s3_bucket.cf_s3_bucket     modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_server_side_encryption_configuration resource instead                       aws_s3_bucket.userfiles_bucket                          s3.tf                          1
Use the aws_s3_bucket_acl resource instead                                                        aws_s3_bucket.userfiles_bucket                          s3.tf                          3
The attribute "website_endpoint" is deprecated. Refer to the provider documentation for details.                                                          modules/cf_s3_website/main.tf  195
Use the aws_s3_bucket_server_side_encryption_configuration resource instead                       module.api_doc_website.aws_s3_bucket.cf_s3_bucket       modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_website_configuration resource instead                                      module.api_doc_website.aws_s3_bucket.cf_s3_bucket       modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_cors_configuration resource instead                                         module.api_doc_website.aws_s3_bucket.cf_s3_bucket       modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_server_side_encryption_configuration resource instead                       module.epos_website.aws_s3_bucket.cf_s3_bucket          modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_cors_configuration resource instead                                         module.epos_website.aws_s3_bucket.cf_s3_bucket          modules/cf_s3_website/main.tf  45
Use the aws_s3_bucket_website_configuration resource instead                                      module.epos_website.aws_s3_bucket.cf_s3_bucket          modules/cf_s3_website/main.tf  45

and

Plan Summary
============
Resource address                                    Read  Deleted  Created  Updated
----------------                                    ----  -------  -------  -------
aws_db_proxy_endpoint.rds_proxy_read_only_endpoint                             *
aws_iam_policy.eck_cloudwatch_logs_access_policy                               *

Certainly helps with quick scan of expected changes to resources and a good explanation of where to go when dealing with deprecations.

BUT …

For some reason there are still some terraform plan warnings that are seemingly not present in either the -json outputs.

The terraform validate -json output is

{
  "format_version": "1.0",
  "valid": true,
  "error_count": 0,
  "warning_count": 0,
  "diagnostics": []
}

Which is clearly not true compared to the console output of terraform plan.

I’m initially thinking that the provider is not recording the warnings in a consistent manner (something I’m about to check, but my Go skills are slow so that may take a while).

Any suggestions?

2

Hi @rquadling,

From what you’ve described it seems like this particular warning is implemented as part of the planning step for that resource type, instead of the validation step.

Providers can return warnings at any stage so this is not technically incorrect but it does mean that terraform validate won’t be sensitive to the warning, because that command doesn’t do any planning.

The warning diagnostics from the plan command don’t appear in the terraform show -json output because they are not part of the saved plan file. I think the only machine-readable form of those comes from running the plan command itself in JSON mode, where the typical UI output is replaced by a stream of JSON objects with the data the UI would normally use to render the information.

That unfortunately makes it an all or nothing deal: all of the output from planning will be in JSON form and not just the diagnostics you are interested in.

The -json option for the plan command activates the streaming JSON mode.

3

It is odd that the deprecation warnings for the aws_s3_bucket worked as expected for validation, but not aws_elasticache_replication_group.

Is there any chance you could highlight how that’s different within the provider code? I did a quick look and both objects seem to have a similar description process of what is deprecated (i.e. a Deprecated property as part of the resource’s parameter description).

4

We do use terraform plan -json to help us build a plan summary. There’s no mention (that we can see) of the deprecation warnings in the -json output.

In the json file I’ve got, there’s no mention of warning, and the only mention of deprecat is in relation to the

  "condition_results": [
    {
      "//": "This previously-experimental representation of conditions is deprecated and will be removed in Terraform v1.4. Use the 'checks' property instead.",
      "address": "aws_route.accepter[\"ticketing.compute.private.eu-west-1a\"]",
      "condition_type": "ResourcePostcondition",
      "result": true,
      "unknown": false
    },
    ...
  }
]