From dd15a6984de479e0c709dd993f6afbeaeeb43de6 Mon Sep 17 00:00:00 2001 From: James Tarling Date: Fri, 21 Apr 2023 14:10:16 +0100 Subject: [PATCH 1/3] Show diff when approved and current plans differ --- terraform-v2/apply.sh | 25 +++++++++++++++++++------ terraform-v2/cmp.py | 24 ------------------------ 2 files changed, 19 insertions(+), 30 deletions(-) delete mode 100644 terraform-v2/cmp.py diff --git a/terraform-v2/apply.sh b/terraform-v2/apply.sh index 454aa033..b58d410d 100644 --- a/terraform-v2/apply.sh +++ b/terraform-v2/apply.sh @@ -5,11 +5,6 @@ include github.py EOF -cat >/tmp/cmp.py <<"EOF" -include cmp.py - -EOF - cat >/tmp/comment_util.py <<"EOF" include comment_util.py @@ -71,6 +66,11 @@ fi set -e +function sanitise_plan() { + local plan="$1" + echo "$plan" | awk '{gsub(/^[[:space:]]*~ latest_restorable_time[[:space:]]*=.*$/,"")};1' +} + if [[ "<< parameters.auto_approve >>" == "true" || $TF_EXIT -eq 0 ]]; then echo "Automatically approving plan" @@ -82,10 +82,23 @@ else exit 1 fi - if python3 /tmp/cmp.py plan.txt approved-plan.txt; then + plan=$(cat "plan.txt") + approved_plan=$(cat "approved-plan.txt") + + sanitised_plan=$(sanitise_plan "$plan") + sanitised_approved_plan=$(sanitise_plan "$approved_plan") + + sanitised_plan_file=$(mktemp) + sanitised_approved_plan_file=$(mktemp) + echo "$sanitised_plan" > "$sanitised_plan_file" + echo "$sanitised_approved_plan" > "$sanitised_approved_plan_file" + + # run diff on temporary files + if diff_output=$(diff "$sanitised_plan_file" "$sanitised_approved_plan_file"); then apply else update_status "Plan not applied in CircleCI Job [${CIRCLE_JOB}](${CIRCLE_BUILD_URL}) (Plan has changed)" + update_status "$diff_output" exit 1 fi fi diff --git a/terraform-v2/cmp.py b/terraform-v2/cmp.py deleted file mode 100644 index ff2056ed..00000000 --- a/terraform-v2/cmp.py +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env python3 - -import sys -import re - -with open(sys.argv[1], encoding="utf-8") as f: - generated_plan = f.read() -with open(sys.argv[2], encoding="utf-8") as f: - plan_from_pr = f.read() - -# Sanitize AWS computed RDS attribute. See commit message. -# Other attributes may need to be added in future. -# Ref: https://github.com/hashicorp/terraform/issues/28803 -generated_plan = re.sub( - r"(?m)^\s+~ latest_restorable_time\s+=.+$", "", generated_plan.strip() -) -plan_from_pr = re.sub( - r"(?m)^\s+~ latest_restorable_time\s+=.+$", "", plan_from_pr.strip() -) - -if generated_plan == plan_from_pr: - exit(0) - -exit(1) From a56beaafd3806ddfd683e723ede7081389fe7cc5 Mon Sep 17 00:00:00 2001 From: James Tarling Date: Fri, 21 Apr 2023 21:41:12 +0100 Subject: [PATCH 2/3] Remove state lock message --- terraform-v2/apply.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform-v2/apply.sh b/terraform-v2/apply.sh index b58d410d..26a22898 100644 --- a/terraform-v2/apply.sh +++ b/terraform-v2/apply.sh @@ -68,7 +68,7 @@ set -e function sanitise_plan() { local plan="$1" - echo "$plan" | awk '{gsub(/^[[:space:]]*~ latest_restorable_time[[:space:]]*=.*$/,"")};1' + echo "$plan" | sed -E '/Releasing state lock. This may take a few moments\.\.\./d' | awk '{gsub(/^[[:space:]]*~ latest_restorable_time[[:space:]]*=.*$/,"")};1' } @@ -98,7 +98,7 @@ else apply else update_status "Plan not applied in CircleCI Job [${CIRCLE_JOB}](${CIRCLE_BUILD_URL}) (Plan has changed)" - update_status "$diff_output" + echo "$diff_output" exit 1 fi fi From da21e9034d4653a9a303c9f2b273e5dad61fed77 Mon Sep 17 00:00:00 2001 From: James Tarling Date: Thu, 27 Apr 2023 10:13:02 +0100 Subject: [PATCH 3/3] Switch off trace mode to simplify output --- terraform-v2/apply.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform-v2/apply.sh b/terraform-v2/apply.sh index 26a22898..49478ee4 100644 --- a/terraform-v2/apply.sh +++ b/terraform-v2/apply.sh @@ -82,6 +82,8 @@ else exit 1 fi + set +x + plan=$(cat "plan.txt") approved_plan=$(cat "approved-plan.txt")