Why does the `validate` command return exitCode 1 when errors are found in the template, is this unreasonable?

Terraform
1

Hello guys,

I hope this message finds you well. I’m a beginner developer who has recently started working with Terraform.

I’m writing to discuss the behavior of the validate command in Terraform. Upon reviewing the source code for the validate command, I’ve noticed that it returns an exit code of 1 if there are any “error” in the diagnostics, while it returns an exit code of 0 if there are only “warning” or no issues at all.

Here is the code

type Validate interface {
// Results renders the diagnostics returned from a validation walk, and
// returns a CLI exit code: 0 if there are no errors, 1 otherwise
Results(diags tfdiags.Diagnostics) int
Diagnostics(diags tfdiags.Diagnostics)
}

Here’s my concern:

From a conventional standpoint, shouldn’t the validation process be considered successfully executed regardless of the type of issues it detects? The presence of different levels of severity (like warning vs. error) should not, in my opinion, affect whether the validation itself was successfully carried out. It seems counterintuitive to have the exit code reflect the severity of the issues found rather than the success of the validation operation.

Could you provide insight into why this conditional check on the exit code was implemented? Is there a particular reason for this design choice that I might be overlooking?

Thanks

2

As with many thing in software development, it’s often an arbitrary decision. Some users may want to programmatically check validation via the exit code, so a non-zero exit code is useful there.

Warnings produce no error because they would produce no error via other commands as well. The normal plan and apply commands always run validate as a first step, so the behavior needs to match.

3

Your explanation is concise and clear! Thx!

4

Hey, jbardin.

I have a point that is not entirely clear to me. When you mentioned, “The normal plan and apply commands always run validate as a first step,” do you mean that in the source code, the plan and apply commands will execute validate as their initial action—such as by calling a method or initiating a separate process for this command—and if there are any errors, they will fail immediately? Or are you stating a best practice, meaning that most users typically manually run validate via the CLI before executing plan and apply to check for issues, as part of their routine process?

After reviewing the source code, I did not find any coupling between plan /apply and validate , which leads me to guess that you might be referring to the latter scenario?