During the compilation step the target directory is removed and recreated

[narun4sk]

Describe the bug/feature

It seems that during the compilation step the target directory is removed and recreated.

This causes troubles if trying to adapt Kapitan to compile terraform targets, as all the metadata of the terraform is deleted and therefore after each kapitan compile terraform must be reinitialised. In general no other files may be stored in the target directory (say lambda function tarballs which terraform deploy on aws), as everything is wiped out.

Is there a not too hacky workaround?

[ramaro]

Unfortunately I can't think of a way to avoid this. Kapitan must overwrite the compiled directory so that it can correctly diff. I'd advise you to keep terraform state somewhere else?

[narun4sk]

I keep terraform state in the S3 bucket, so it's not a massive problem. However terraform creates the hidden directory .terraform not just for the state, during the terraform init step it downloads there the required provider/plugin binaries. Therefore after each kapitan compile those binaries must be downloaded again 😢 Also I would like to keep some other files inside the target directory, which were created outside of Kapitan's scope of concerns.

I was hoping that Kapitan will leave alone any files which it does not manage 😕

[narun4sk]

Would it be feasible to implement something like the post compilation hook? For instance when Kapitan would finish compiling the particular target it would copy/move the compiled files to the specified location.

[gburiola]

Hey @narun4sk, we solve that problem by setting env variable TF_DATA_DIR to a location outside the compiled folder.

example:

.
├── .TF_DATA_DIR
│   ├── target1
│   └── target2
├── compiled
│   ├── target1
│   └── target2
└── inventory
    ├── classes
    └── targets
        ├── target1.yml
        └── target2.yml

More info on https://www.terraform.io/docs/commands/environment-variables.html#tf_data_dir

[brunobertoldi]

With the introduction of the .terraform.lock.hcl file, can we reconsider this issue?

Anyway, based on @gburiola suggestion, another workaround is running:

.TF_DATA_DIR/target1$ terraform init ../../compiled/target1

This way, both .terraform and .terraform.lock.hcl are outside the compiled folder and .terraform.lock.hcl can be pushed to the repo.

ℹ️ Also there's no need to set TF_DATA_DIR env variable.

[ademariag]

hi @brunobertoldi I have yet another approach:

I just merged into master #687

I have added the following input:

      - input_type: copy
        ignore_missing: true
        input_paths:
          - resources/state/${target_name}/.terraform.lock.hcl
        output_path: terraform/

what I have in my terraform.sh is a small tiny copy:

if [[ -f $ROOT/compiled/${TARGET_NAME}/terraform/.terraform.lock.hcl ]]
then
  mkdir -p $ROOT/resources/state/${TARGET_NAME}/
  cp $ROOT/compiled/${TARGET_NAME}/terraform/.terraform.lock.hcl \
    $ROOT/resources/state/${TARGET_NAME}/.terraform.lock.hcl

together they help work around the issue waiting for hashicorp/terraform#27241

Join our #kapitan channel on the kubernetes slack if you want more details

[brunobertoldi]

Thanks, @ademariag!
Do you commit/push both or is state in your gitignore?

[ademariag]

I commit them, otherwise you would still get the same annoying behaviour.