Upgrading provider versions is essential for keeping your infrastructure managed with Terraform up-to-date and feature-rich.
In software engineering, it is inevitable that components (functions, APIs, implementations) will become deprecated and be phased out. Luckily, Terraform has a robust way of managing provider versions and validating your configuration, so that you can understand which resources are deprecated or misconfigured at the moment.
Working with the output of Terraform's validate command is not always convenient, considering that it can easily be over 50000 (yes, fifty thousand) lines.
A bit on terraform validate
I was recently in such a situation; my Terraform state has close to 3600 resource instances, 2075 of which were deprecated - a cool 57% of all resource instances 😄
│ This resource is deprecated and will be removed in a future major version release.
│
│ (and 4133 more similar warnings elsewhere)
terraform validate (docs) is a great tool - it shows you all the details about deprecated and misconfigured resource instances that need your attention:
{
"format_version": "1.0",
"valid": true,
"error_count": 0,
"warning_count": 2075,
"diagnostics": [
{
"severity": "warning",
"summary": "Deprecated Resource",
"detail": "This resource is deprecated and will be removed in a future major version release. Please use CDEF instead.",
"address": "module.some.module.address.abcd.name",
"range": {
"filename": ".terraform/modules/some.address/main.tf",
"start": {
"line": 539,
"column": 71,
"byte": 13195
},
"end": {
"line": 539,
"column": 72,
"byte": 13196
}
}
}
]
}
The only issue is that the output file of terraform validate -json has more than 50000 lines and is not very convenient to work with. terraform-validate-explorer to the rescue!
terraform-validate-explorer
terraform-validate-explorer is a tool that helps you search and filter resource instances from the output of terraform validate -json. Get it from this GitHub repository.
The idea for this tool came from a situation at work: the state file has many Snowflake resources, and the Terraform provider for Snowflake has undergone many changes in the past year, leading to plenty of deprecations.
Version 1.x of the Snowflake provider became available and I wanted to upgrade the provider, meaning that I had to deal with 2075 resource instances that were deprecated. Some of these manage account role grants and I don't want to break those. As a matter of fact, I don't want to break anything for my stakeholders, so I decided to take things slowly.
"contains" filter
Upgrading these resources one-by-one means that I have to find them first, and this is where the "contains" filter helped me:
The screenshot above shows a search for all resources that have tables_future_read in the name (Snowflake's "future" grants are amazing btw!)
"does not contain" filter
To verify that only snowflake_ resources are deprecated, I filtered all the warnings that do not contain the word snowflake:
No errors and no warnings - perfect!
"regex" filter
If the other two filters are not cutting it for you, you can always do it with one of the worlds's write-only languages.
Suppose you want to look for a resource instance that has future_ in the name, followed by a four-letter word that is at the end of the resource name:
With regex, sky's the limit! Also the 255 character limit I put on that QLineEdit is the limit.
Output file validation
If the output file of terraform validate -json was somehow made invalid (with errrrm, manual edits?), terraform-validate-explorer will check for that too:
Next steps
terraform-validate-explorer is simple at the moment, with just the basic functionality. To make it more useful and more stable in the future, I plan to implement:
- unit tests
- error handling
- showing only unique resources
- filtering an already filtered dataset
Top comments (0)