terraform plan -refresh-only -detailed-exitcode gives incorrect exit code 2 even if the console output says no changes detected

[shaik262]

Terraform Version

v1.8.1

Terraform Configuration Files

...terraform config...

Debug Output

I tried to get the exit code displayed on console it gives 2 even if there are no changes detected as per terraform

Expected Behavior

It should return 0 as there are no changes present as per the console

Actual Behavior

terraform plan -refresh-only -detailed-exitcode gives incorrect exit code 2 even if the console output says no changes detected

Steps to Reproduce

we used this command as a part of ADO pipeline drift detection
$terraform plan -refresh-only -detailied-exitcode

Additional Context

References

No response

[jbardin]

Hi @shaik262,

Thanks for filing the issue! I'm not able to replicate the result you are showing here, and seeing a 0 exit code for empty refresh plans. Can you show exactly how you are setting up and executing terraform to get this output?

Thanks!

[shaik262]

Hi @jbardin, thank you for looking into this issue.

We have an azure pipeline which has a drift detection in place (cronjob based) This schedule phase uses a command to check the drift and depending on the exit code it goes to review and apply stage. Here is the logic
We are using
The agent we are using to run this is ubuntu. Please convert the txt files to yml after downloading.
terraform.txt
azure-pipelines.txt

[jbardin]

Thanks @shaik262. That unfortunately doesn't give me enough to reproduce the behavior. I think what we need is the plan data or Terraform configuration rather than the pipeline configuration.

Have you applied a plan to this configuration since upgrading to v1.8? See the release notes or upgrade guide about using -refresh-only after upgrading.

[shaik262]

Hi @jbardin I went trough the link which you've sent and applied the planned changes, but again in the next schedule the pipeline is waiting in review and apply stage even though there are no changes being displayed by terraform plan. ( the detailed exit code is "2")

[shaik262]

Hello @jbardin. We have resolved this issue. The "terraform show -json tfplan" command for the file with resource changes outside of terraform is giving an output which has a property relevant_attributes, resource_drift and check along with other properties. But the file which has no changes, is also giving an output with the relevant_attribute andcheck. We changed our condition to look for just resources_drift in the output of terraform plan show for any changes as this property is generated in plan to let us know which external changes are causing this drift.

Issue : For some of the files with no changes, the same command is generating relevant_attributes also which lists the sources of all values contributing to changes in the plan.