Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

run-all destroy wrong dependent order, missing warning about dependent module and cannot remove dependent modules of a specific one #3371

Open
riccardomassullo opened this issue Aug 29, 2024 · 4 comments
Open

run-all destroy wrong dependent order, missing warning about dependent module and cannot remove dependent modules of a specific one #3371

riccardomassullo opened this issue Aug 29, 2024 · 4 comments
Assignees
@denis256
Labels
bug Something isn't working

Comments

@riccardomassullo
Copy link

riccardomassullo commented Aug 29, 2024
edited
Loading

Describe the bug

Terragrunt run-all destroy in a specific folder doesn't removes or prompt for dependent modules (that are also not used by any other module).

Steps To Reproduce

This is my project structure:

terragrunt
├── modules
│   ├── a
│   │   └── main.tf
│   ├── b
│   │   └── main.tf
│   ├── c
│   │   └── main.tf
│   ├── d
│   │   └── main.tf
│   ├── e
│   │   └── main.tf
│   └── f
│       └── main.tf
│
├── organization_1
│   ├── account_1
│   │   ├── us-east-1
│   │   │   ├── a
│   │   │   │   └── terragrunt.hcl
│   │   │   ├── b
│   │   │   │   └── terragrunt.hcl
│   │   │   ├── c
│   │   │   │   └── terragrunt.hcl
│   │   │   ├── d
│   │   │   │   └── terragrunt.hcl
│   │   │   ├── e
│   │   │   │   └── terragrunt.hcl
│   │   │   ├── f
│   │   │   │   └── terragrunt.hcl
│   │   │   └── region.hcl            # region level variables
│   │   └── account.hcl               # account level variables
│   └── organization.hcl              # organization level variables
└── terragrunt.hcl                    # root terragrunt.hcl

Scenarios:

  1. if i run the command terragrunt run-all plan or terragrunt run-all apply in organization_1/account_1/us-east-1 folder it works as expected plans/creates/modify ALL the resources in the region
    modules order result:
  Group 1
  - Module a
  - Module f

  Group 2
  - Module b
  - Module c

  Group 3
  - Module d
  - Module e
  1. if i run the command terragrunt run-all destroy in organization_1/account_1/us-east-1 it works as expected destroys ALL the resources IN THE SPECIFIED ORDER, in the region
    modules order result:
  Group 1
  - Module d
  - Module e
  - Module f

  Group 2
  - Module b
  - Module c

  Group 3
  - Module a
  1. if i run the command terragrunt run-all plan or terragrunt run-all apply in organization_1/account_1/us-east-1/b folder it works as expected destroys ALL the resources IN THE SPECIFIED ORDER, in the region
    modules order result:
Group 1
- Module ../a

Group 2
- Module ./
  1. if i run the command terragrunt destroy in organization_1/account_1/us-east-1/b folder it DOES WARN about a dependent module, as expected.
    modules order result:
Detected dependent modules:
/terragrunt/organization_1/account_1/us-east-1/e
WARNING: Are you sure you want to continue? (y/n)
  1. if i run the command terragrunt run-all destroy in organization_1/account_1/us-east-1/b folder it DOES NOT WARN about dependent modules, an DOES NOT attempt to delete any dependent module (the same goes for the command terragrunt run-all destroy --terragrunt-working dir ./b).
    modules order result:
Group 1
- Module ./

the same if i run the command terragrunt run-all destroy in organization_1/account_1/us-east-1/c folder it DOES NOT WARN about dependent modules, an DOES NOT attempt to delete any dependent module (the same goes for the command terragrunt run-all destroy --terragrunt-working dir ./c).
modules order result:

Group 1
- Module ./
  1. also running terragrunt run-all destroy --terragrunt-include-dir ./c --terragrunt-include-dir ./d from organization_1/account_1/us-east-1 returned a strange result:
    modules order result:
Group 1
- Module d

Group 2
- Module c

Group 3
- Module a

Here a dependencies graph generated via terragrunt graph-dependencies:
dependencies

There is a way to remove a specific module and all dependent ones?
As an example, i want to remove b, so, the expected output, should be:

Group 1
- Module ../e

Group 2
- Module ./

An other example, running run-all destroy in organization_1/account_1/eu-east-1/c should produce something like:

Group 1
- Module ../e
- Module ../d

Group 2
- Module ./

An other example, running run-all destroy in organization_1/account_1/eu-east-1/a should produce something like:

Group 1
- Module ../e
- Module ../d

Group 2
- Module ../b
- Module ../c

Group 3
- Module ./

Expected behavior

Terragrunt run-all destroy in a specific folder doesn't removes or prompt for dependent modules (that are also not used by any other module).

Trying to remove a "stack" of dependent modules fails, i tried almost all combination of include/exclude flags without obtaining the wanted result (only specifying every module dir include/exclude, but that's not a feasible approach at all).

As an example, i want to remove b, so, the expected output, should be:

Group 1
- Module ../e

Group 2
- Module ./

An other example, running run-all destroy in organization_1/account_1/eu-east-1/c should produce something like:

Group 1
- Module ../e
- Module ../d

Group 2
- Module ./

An other example, running run-all destroy in organization_1/account_1/eu-east-1/a should produce something like:

Group 1
- Module ../e
- Module ../d
- Module ../f

Group 2
- Module ../b
- Module ../c

Group 3
- Module ./

Versions

  • Terragrunt version: 0.67.0
  • OpenTofu/Terraform version: 1.9.5
  • Environment details: Ubuntu 20.04

Additional context

Trying to remove a "stack" of dependent modules fails, i tried almost all combination of include/exclude flags without obtaining the wanted result (only specifying every module dir include/exclude, but that's not a feasible approach at all).
@riccardomassullo riccardomassullo added the bug Something isn't working label Aug 29, 2024
@riccardomassullo riccardomassullo mentioned this issue Aug 29, 2024
Closed
2 tasks
@denis256
Copy link
Member

denis256 commented Sep 2, 2024

Hello,
Is the entire project hosted on the git repo? or is it without version control?

@riccardomassullo
Copy link
Author

riccardomassullo commented Sep 5, 2024
edited
Loading

Sorry, what do you mean?
This is a mockup structure/example of our infrastructure, not hosted anywhere.

@denis256
Copy link
Member

denis256 commented Sep 6, 2024

I mean that finding of dependent modules is based on checking dependencies from the base of git repository, if code is not in git repository, dependent modules finding may not work

@riccardomassullo
Copy link
Author

riccardomassullo commented Sep 6, 2024
edited
Loading

The modules are local modules located in the folder modules/. These modules are simple terraform modules.
So, we can say it is a local project (not really true since it is versioned in git as per live and modules best practices from your github repos).

Then, the dependencies between them (declared in the teffragrunt.hcl files) are not respected in destroy operations, i don't think it is a matter of git or local but only of how the tree of operations is built.

If you look at the examples, dependency graph and expected result i think is pretty clear.

Let me know if you need more specs/details/whatever.

Thanks.

P.S. i think that the linked issue is exactly what could fix this
P.P.S All the dependency between stacks/modules are managed via dependency terragrunt block.

Edit: if you look at example 6, removing the stack c (running run-all destroy from folder organization_1/account_1/eu-east-1/c) doesn't remove the dependent ones e and d:

Group 1
- Module ./

while i would expect the following operations in the following order:

Group 1
- Module ../e
- Module ../d

Group 2
- Module ./

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@denis256 denis256

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@denis256 @riccardomassullo