[shatteredspace]

If Terraform was used for the deployment of the infrastructure, then state IS the actual configuration of the system.

All that a plan does is evaluate what is going to change in the current Terraform state by performing a dry-run of the Terraform code that you have supplied.

If you would actually like to make changes to the Terraform state based on what the Terraform code evaluated then you run a Terraform apply - which will, for the resources deployed via Terraform, update the configurations themselves and update the Terraform state by using the Terraform code as the instruction set.

You can actually see this in action with plan and apply as the output will show you +,-, and ~ where ~ is settings that are going to change but are not new configurations or configuration to be removed.

Edit: Learned from some other comments that Terraform has a 'refresh' command that will take deploy+n time configurations done outside of Terraform and sync those configurations with the state. This might be what you ideally are looking for after deployments?

[jrochkind1]

Right. I guess I'm asking about what happens if state changed outside of terraform.

I thought I had seen terraform correcting it (to match what terraform thinks it should be) in some cases.

OP seems to suggest that in some cases it does and in other cases it doens't. I am surprised if that is inconsistent and unpredictable, and would have expected terraform to (modulo bugs) either always or never do that. And am wondering what terraform's intent is with that.

[shatteredspace]

Made an edit to my original comment but it may help to be here also.

'terraform refresh' may be what you are looking for. This will update the state to match current configurations that may have been done outside of Terraform.

[snom380]

From https://www.terraform.io/docs/cli/commands/refresh.html :

> You shouldn't typically need to use this command, because Terraform automatically performs the same refreshing actions as a part of creating a plan in both the terraform plan and terraform apply commands.

[jrochkind1]

I'm talking about fixing the external actual configuration that has diverged, to match what terraform config wants it to be.

However, snom380 says this is what terraform is intended to do, and does with properly implemented providers, which makes sense to me.

I'm not sure if you are talking about the same things. We -- me, snom380, and the original quote I made from OP -- are talking about what happens when external actually existing live resources have diverged from terraform's state. I understand what you said that under a "perfect" situation, this would not happen. But it does sometimes for various reasons, what the original quote from OP is talking about and what I'm talking about is what happens when it does. I think maybe you are talking about something else.