fix: Use "terraform state pull" instead of "terraform show"

kylecarbs · kylecarbs · commit a66be5debe3a · 2022-05-02T19:07:11.000Z
Although the terraform-exec docs don't indicate this, the result of
"terraform show" isn't actually the state... it's a trimmed version
of the state that excludes resource identifiers, essentially removing
all state that did exist.

Tests will be written to ensure Terraform state reconciliation can occur.
This will happen in another PR, as dogfood is currently broken because of this.
diff --git a/provisioner/terraform/provision.go b/provisioner/terraform/provision.go
@@ -239,14 +239,11 @@ func (t *terraform) Provision(stream proto.DRPCProvisioner_ProvisionStream) erro
 		errorMessage := err.Error()
 		// Terraform can fail and apply and still need to store it's state.
 		// In this case, we return Complete with an explicit error message.
-		state, err := terraform.Show(stream.Context())
+		// #nosec
+		stateData, err := exec.CommandContext(stream.Context(), t.binaryPath, "state", "pull").Output()
 		if err != nil {
 			return xerrors.Errorf("show state: %w", err)
 		}
-		stateData, err := json.Marshal(state)
-		if err != nil {
-			return xerrors.Errorf("marshal state: %w", err)
-		}
 		return stream.Send(&proto.Provision_Response{
 			Type: &proto.Provision_Response_Complete{
 				Complete: &proto.Provision_Complete{
@@ -364,9 +361,15 @@ func parseTerraformPlan(ctx context.Context, terraform *tfexec.Terraform, planfi
 }
 
 func parseTerraformApply(ctx context.Context, terraform *tfexec.Terraform) (*proto.Provision_Response, error) {
-	state, err := terraform.Show(ctx)
+	// #nosec
+	stateRaw, err := exec.CommandContext(ctx, terraform.ExecPath(), "state", "pull").Output()
+	if err != nil {
+		return nil, xerrors.Errorf("show terraform state: %w", err)
+	}
+	var state tfjson.State
+	err = json.Unmarshal(stateRaw, &state)
 	if err != nil {
-		return nil, xerrors.Errorf("show state file: %w", err)
+		return nil, xerrors.Errorf("unmarshal state: %w", err)
 	}
 	resources := make([]*proto.Resource, 0)
 	if state.Values != nil {
@@ -501,15 +504,10 @@ func parseTerraformApply(ctx context.Context, terraform *tfexec.Terraform) (*pro
 		}
 	}
 
-	statefileContent, err := json.Marshal(state)
-	if err != nil {
-		return nil, xerrors.Errorf("marshal state: %w", err)
-	}
-
 	return &proto.Provision_Response{
 		Type: &proto.Provision_Response_Complete{
 			Complete: &proto.Provision_Complete{
-				State:     statefileContent,
+				State:     stateRaw,
 				Resources: resources,
 			},
 		},
