Hacker News new | ask | show | jobs
by luhn 3292 days ago
> Always write your plan -out, and apply that plan

I have in my dotfiles:

    alias tfplan='terraform plan -out=.tfplan -refresh=false'
    alias tffreshplan='terraform plan -out=.tfplan'
    alias tfapply='terraform apply .tfplan; rm .tfplan'
That way I never accidentally `terraform apply` without creating a plan first. I also have it not refresh the state by default, which is mostly unnecessary and speeds up the planning significantly.
2 comments
sethvargo 3292 days ago
Hey all - Seth here from HashiCorp (the company that makes Terraform). The next version of Terraform (0.10) natively adopts very similar behavior, presenting a plan before applying as an added safety step. You can read more in the 0.10 upgrade guide. At the time of this writing, 0.10 is not yet released, but compiling Terraform from source at master will inherit this behavior.

https://github.com/hashicorp/terraform/blob/master/website/s...

link
scrollaway 3291 days ago
I feel bad about not following up on it yet but my comment on TF#13276 sums up the issues I have with Terraform after using it for a little under a year now.

https://github.com/hashicorp/terraform/issues/13276

I hope you all can work on improving the definitions, because many of them really are a chore compared to setting things up in the AWS dashboard, at the moment (security groups for example).

link
kalmar 3292 days ago
Oh interesting. Note to self: see if there's an option to disable `terraform apply` without a plan.

I always refresh when running the pre-apply plan, but while iterating I use that. Do you always run your `tffreshplan` command before applying?

link
nodesocket 3292 days ago
Agree would be nice to add a new option which prevents invoking `apply` without a supplied plan argument. Create an issue in the GitHub, I'll upvote.
link
RyanGWU82 3292 days ago
My muscle memory for "terraform apply" was too strong, so I just moved "terraform" out of my path altogether. Now I have a wrapper that invokes it safely (or a Makefile, depending on which project I'm working on).
link
kalmar 3292 days ago
Here's an issue: https://github.com/hashicorp/terraform/issues/15263
link