-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Silence refresh output from plans and applies #27214
Comments
Thanks for this feature request, @joeaawad. We might consider a special option for this, although we do tend to resist having various different output customization options because they grow to be a bit of a maintenance nightmare over time. With that said, a more general thing we're planning to pursue in future is to make better use of virtual terminal control codes to make the output more concise, such as by only showing information about pending operations while those operations are pending and to omit them from the final output. Our main blocker for this today is that historically Windows did not have a full virtual terminal implementation and so Terraform has been using an emulation layer to translate to the Win32 Console API. A Windows 10 update has since introduced full terminal support and so we're hoping to be able to take that emulation layer out of the mix in future and thus allow for these improvements. In principle, do you think that having the various "Refreshing state..." messages vanish once the read is complete would address your concern about the final plan output being too verbose? |
Hey @apparentlymart, thanks for the quick response and additional information about future plans. In principal, I do believe that having the |
@joeaawad, just in case you're not aware, or for others reading the issue, your command above has a significant difference from a normal plan with refresh -- the |
Hi @joeaawad, Anything we'd do with new terminal-oriented escape sequences is, I would expect, something we'd activate only when the stdout file descriptor is a terminal, so whether it would work for automated systems would depend on how they are implemented. Some systems implement terminal emulators so that hey can work broadly with various software and get a terminal-like experience, but certainly not all. I think the tradeoff to be made here would therefore be about whether it's reasonable in an automation scenario -- when there isn't a nervous user wondering if this local Terraform process has hung -- to omit these progress-related messages altogether and have Terraform just remain silent until there's something to report. For folks with larger configurations where the plan/refresh phase might take a few minutes rather than a few seconds I expect that would still be quite unnerving, so perhaps there's a compromise in between of emitting fewer messages, perhaps even just one message saying that the refresh/plan operation is underway and therefore Terraform is doing something useful, rather than waiting for input or similar. |
Considering what @jbardin noted and thinking about alternative workarounds, a different permutation I might consider for your case would be:
The above would discard all of the non-error output from the |
Thanks a lot, it looks like that works. While I do think it would be nice to have a simpler way to do this, I am good with closing the issue if you would like. |
@apparentlymart We've been using the workaround in #27214 (comment) but have noticed a difference in behavior between
|
State refresh can take pretty long. We should consider to print a
|
I'd like to also mention: sometimes the refresh output can expose sensitive data. For instance, you have a kubernetes configmap managed by terraform, but the Even if |
Hiding the state refresh from the I get not wanting to be hasty adding more output customisation options, but being able to |
@loganmc10 k8s ConfigMap is not an appropriate way to store sensitive data. However, you can wrap values in the |
Having a CLI-flag to hide state refresh would be super helpful. Especially after terraform now handles "Changes outside of Terraform" better since v1.2. Together this would add up to a really concise output. |
It seems like towards the end of the discussion here this issue veered into discussing the "Changes outside of Terraform" message rather than the refresh progress messages, so I just want to be clear that this issue is focused on what the original requester was describing, which are the various progress messages Terraform CLI prints out on a per-resource basis while performing the refreshing steps during the plan phase:
I believe the tradeoff we're discussing here is whether it would be desirable to hide these progress reports altogether, or to present them in a more compact form that still makes it clear that something is happening without being specific about what exactly that is, so as to reduce the overall size of Terraform's output when working with a larger configuration that may have tens of resource instances already tracked in the state. From discussion so far I think the tensions here are:
At the moment I don't personally see an obviously-correct design change to make here, but I do generally agree that Terraform's current treatment of refreshing events in particular is overly "chatty" for the relative unimportance of that step in the overall workflow -- if it were not something that can potentially take a long time I don't expect we would care to mention it in the UI at all. I would therefore like to find a way to reduce its prominence in the UI while still avoiding Terraform appearing to have "hung" in situations where the overall refresh phase takes a long time. One initial idea I expressed above, which I think would still be worth exploring, is to reduce the refresh phase as a whole to a single message, rather than one message for each distinct resource instance. I can imagine implementing that by having the UI layer watch for the "starting refresh" and the "competed refresh" events for each individual resource instance and just keep a tally of how many refreshes are pending. The rules could then be:
A potential variant of this would be for the UI layer to also keep track of the start times of each resource instance individually to notice if a particular resource instance seems to be taking an unusually long amount of time, and if so call that one out explicitly in the "Still refreshing..." messages to help the user see that something might be "stuck" about that particular one. One advantage of this design is that the number of lines devoted to refreshing in the output would now scale strictly by elapsed time and not by number of resource instances, and so a configuration with tens of resource instances that all refresh relatively quickly would have far fewer lines. Does that seem like a viable compromise to folks here? We do need to keep in mind the common challenge with this sort of feedback discussion: we typically only hear from the people who don't like the current behavior, because the people who like the current behavior have no reason to go looking for a GitHub issue that's considering changing it. So I think before we could proceed here we'd need to spend some time thinking about what might be lost by making this change for people who might rely on details of the current design, but at least the first step is to see if this compromise would be a reasonable one for those who raised this concern in the first place, and then we can move from there to whether the compromise would be also acceptable to people who don't have any problems with the current implementation. Thanks! |
Hey @apparentlymart, I like the idea of a time based update instead of per resource update in general and that would certainly be an improvement, but as far as I am concerned, that would still not resolve this issue for my use case. I'm still strongly on the side of adding a new flag like
To help explain our use case, we have some automated jobs that, in a single job, plan dozens of Terraform root modules that collectively manage thousands of resources. As a result, output space is at an extreme premium since the more people have to scroll and face a wall of text, the less likely they are to actually read all of the output and make sure the changes are actually doing what they think they are doing. Even if it changes to be every 10 second update messages, a handful of the larger root modules can take 10 minutes or more to refresh their state files. As a result, we would need to continue using our current custom tooling to I'm happy to hop on a call (@korinne has my email) to help provide more information and context on our Terraform usage/automation and the scale of it if you are interested. The scale at which my company is using Terraform (5000+ state files) may be a bit unusual, but most of the state files are fairly small and I don't think our usage patterns are unusual relative to other fairly mature companies since I'm aware of at least several other companies with very similar usage patterns. |
Hi @joe-a-t! Thanks for sharing these additional details. It sounds like you'd expect Would it really make a material difference if it were Terraform discarding the output, rather than I personally don't feel very excited about adding a new option to achieve something that can already be achieved with Terraform as it's currently implemented, but if there were something unique about this new mode that would be broadly interesting to a lot of users then of course that would be a different tradeoff. I'm sure @korinne would be happy to meet and talk in more detail, though of course I'll leave it up to her to reach out about that! |
I guess the biggest net new functionality part that I really care about is #29808 since the big problem that I have is the fact that we currently have to do regex filtering to get rid of the I think it would certainly be nice and in my personal opinion the best solution to have a single flag we can set that tells Terraform we only want a minimal output (eg no refreshing resources output and no objects have changed outside of Terraform output). But if we had to do two separate things to get rid of both of those output types, that would be fine if it did not involve us needing to do a more expensive regex to get the desired output. |
Thank you @apparentlymart for your detailed answer 🙏 As you said, I think that a lot of folks use Terraform in automation context and don't need interactivity in this case.
This makes Terraform a great CLI tool for interactive usage, but in automation context this interactivity can be a burden. I see this issue as a specific case like this. And the flags
I totally agree with you, but in this case I think that adding a |
@apparentlymart In my case, the problem is that |
I just end up doing this when I want to suppress all the noise. |
@apparentlymart After considering your great write up, and follow up here / there, discussing a silence option, I would even go further and propose that all the "Refreshing state...", "Reading...", "Read complete after" is actually more appropriate for a (Due to the impact this inevitably will have, it would be best done during a version bump.) In the mean while also I use a work-around like @cregkly commented |
If anyone comes across this thread from Google and is shocked that Hashicorp still hasn't provided a quiet output flag, this gist will help if you are willing to apply to the source code, compile, then use that binary. https://gist.github.com/et304383/998a155363c66ae0de3ee62fac155e70 Save the file locally. Then after cloning the terraform source code:
Obviously modify these commands as neccessary for wherever you go bin path is and where you want the executable symlink to be located and named. My output:
I get that it's not a flag, but it is a separate binary so you can use it as you wish if you want to run quiet terraform. |
As mentioned in #29061 but I don't see it discussed here: perhaps it would make sense to move all the "debugging" output to stderr and keep stdout "clean". Then users can more easily filter out what matters to them. In the case of "terraform plan" I imagine stdout having strictly only the diff while the refresh state and progress report would go to stderr. |
Just give us a |
+1 on the ideas presented here. I have an alias set up below for my local runs: But for pipelines this is needlessly complex when reading through their code, plus all the issues that can come about with line buffering behaviours. A simple I guess it's moot with the new license, but it's wild this has been open for almost 5 years. |
Current Terraform Version
Use-cases
Silence all of the
module.abc: Refreshing state... [id=abc]
output in plans and applies so that the output is more concise and easier to review. This is especially useful when you have automation iterating through a number of different terraform directories and outputting plans for each of them.Attempted Solutions
Historically, I have been able to use:
Because
terraform plan
has historically done a refresh of all items before running a plan, this was an adequate solution that allowed me to discard all of the successful refresh output and only output the actual plan or an error from the refresh process. However, with #26270 changing the refresh to occur just in time and saying that the refresh command will be deprecated in the future, it does not appear that this will continue to work moving forwards. Additionally, this solution encounters all the problems that #26270 was created to avoid, which is less than ideal.Proposal
Add an argument to the plan and apply commands like
-silent-refresh
that hides all of themodule.abc: Refreshing state... [id=abc]
outputs. I believe this would simply require adding a new argument and puttingterraform/command/hook_ui.go
Lines 257 to 259 in ef65f55
References
The text was updated successfully, but these errors were encountered: