Check for stale plan with no state metadata #29755
Conversation
Ensure that we still check for a stale plan even when it was created with no previous state. Create separate errors for incorrect lineage vs incorrect serial. To prevent confusion when applying a first plan multiple times, only report it as a stale plan rather than different lineage.
In order to test applying a plan from an existing state, we need to be able to inject the state meta into the planfile.
There was a problem hiding this comment.
This does seem like a good incremental improvement over what we had before and I would like to move forward with it as-is.
However, this did get me thinking about why we aren't also using statefile.StatesMarshalEqual here to get an even stronger assurance that we're applying to an identical state snapshot than what we planned against. The lineage/serial checks would still be important then to deal with a situation where two different snapshots just happen to have identical content, but we'd get a stronger assurance in the first-apply case that we aren't applying one workspace's first saved plan as another workspace's first plan too.
Can you think of reasons why that wouldn't be appropriate? Again, I'm not suggesting that we delay this changeset to do it, but I think it would be good to consider this stronger idea as a separate change while we have the relevant mental context for this loaded anyway.
|
Yeah, comparing the state directly rather than using these metadata fields is definitely an option. It was the case of dealing with identical states except for the lineage/serial fields that I didn't pursue it immediately. And since we would have to check lineage and serial anyway to account for that case, the added value of checking the state contents seems pretty small when outside of manipulation on the state data external from Terraform, the lineage+serial always correspond to one exact state. |
|
@jbardin |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
When we create the first planfile with no existing state, the internal snapshot will have no metadata to check. We were incorrectly skipping the entire staleness check when encountering this situation, allowing that first plan file to be applied multiple times. This can overwrite the existing state with new resources, leading to extensive manual cleanup.
First we can return different errors for lineage and serial to help direct users when the plan is incorrectly applied. When encountering a "first plan", only check the serial to provide a better error message indicating it is most likely stale, rather than from a different state which we cannot verify.
Fixes #24078