-
Notifications
You must be signed in to change notification settings - Fork 543
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ideas to improve the user experience #817
Comments
Thanks @1mamute, this is incredible feedback. Let me provide some context to explain where we currently are, and then I'll dive into some ideas of what we can do/where to start.
In terms of what we should look at, here's some ideas:
|
I thought the purpose of
I think the importance of this is directly related to the support of the internal states representations. Curling a state file is not the problem but the overhead of having to execute If someone wants to see a That causes another overhead because we have to deal with file names, filesystem permissons and security/compliance concerns with those files. If infracost handles it internally, all these overheads goes away. Using Gitlab Remote State, for example, today we have to:
Instead of pipeing the plan to infracost's stdin:
Notice that unfortunately
I never saw anyone using this and I don't plan to use this feature myself tbh but it might be a feature for some scenarios with multiple terraform repositories or big monorepos. If we address the remote state file, I don't think it would be a major effort to implement since the mechanism to get the files would be the same. I don't know if a remote plan file follows the same schema as any other plan file, if it does then there's no problem besides downloading the remote plan file and if it doesn't, then there is more work to do. Maybe we can investigate if the schemas are the same and if they aren't we raise an issue to see if this is important for the community?
To be frankly I don't know the complexity of this but that would open numerous avenues for Infracost besides making it a standalone tool. Imagine the kinds of integrations it would be possible: using infracost in git hooks to see the cost of planned changes before commiting (setting a budget and failing the hooks if the planned changes surpasses that!) or integrating with terraform-ls to see real-time infrastructure costs in the IDE (that would be f* next level!)
Short term, seems like terraform-exec would be the best path to follow while we reiterate where we wanna go. Don't think passing variables would be a problem, we can simply wrap planConfig struct in our flag I think we should focus on Terraform 1.0 as Hashicorps promises 18 months of maintenance and interoperability with lots of versions of terraform. We just need to check if terraform-exec follows these statements too.
As a new user and contributor, still not sure where we think infracost's place should be in an engineer or company workflow. Is it a tool best suited to generate reports in a CI/CD environment or in a local machine while developing infrastructure as code? What are our main user targets? Only experienced engineers or we also want to make infracost workflow easy for new developers or non-technical people (e.g. business intelligence) to generate infrastructure cost reports? Leaving these things to the user, which we currently do in some extent, creates complexity and like you said makes "more difficult to get immediate value from Infracost". Personally, I think we should make the tool as simple as possible to use, but I respect any decisions by the maintainers. |
Yeah this could be really interesting and definitely something I think we should investigate more. Even if it's not possible to be as accurate as using a plan file, it could provide users with immediate feedback and be used in a lot more places.
Yeah I can see this being useful, especially if we remove the requirement to do Thanks for all the feedback, there's definitely a lot we need to do to make Infracost better for the user 🚀 |
@1mamute this issue has been a huge inspiration to what we've been working on for the last month. It may have been a while but we have made some progress on this... In v0.9.19 we shipped an experimental feature that parses the HCL code directly. We really need users to try it out on their terraform code so we can iron out all the issues, so it would be great if you could give it a shot by running something like the below, comparing the results to how you run Infracost normally:
(Also - we'll be discussing this more in the March Community Call if you're interested) |
Infracost is awesome, we already know that. We can estimate our cloud infrastructures easily, set usage configurations and even run your own cloud pricing API. But, as a new user, I had a hard time setting it up. I subconsciously thought I could generate a infracost report directly from my state files, but this was not the case. It doesn't feels natural to me like other terraform tools i've been using.
The problem
The three main points i'd like to talk is that:
Currently, infracost only supports reading directly from a terraform directory or from a Terraform JSON Output that is the result of a
terraform show -json
command (see #810).There is a open issue (see #811) for discussing supporting terraform's JSON internal state file but I think that tfstate files should also be included.
The documentation is a bit all over the place in this regard. I'll document what I've gathered below in the "Currently supported workflow for infracost usage" sections, feel free to use this in the documentation if it's adequate.
infracost breakdown
's json output filesThere isn't an option to reach any file remotely (maybe this is by design), everything needs to be available to infracost at runtime.
Putting this together with the fact that infracost can't parse the state files by itself means that we can't estimate infrastructure costs from state files stored in any remote backend (e.g: S3, Gitlab) or remote executions plans (e.g: Terraform Cloud Plans) without some script action (see CI/CD below).
I actually thinks that number 1 and 2 leads to number 3. Infracost has external dependencies on tools to (download and) parse terraform configuration in a determined output that can be ingested by it. These external tools needs to be installed and you need to run commands before actually executing infracost. Even though you can run them manually, infracost does it under the hood for you, running one after another, in the right order, to get its desired output. Much like a script.
Local experience
I think that this was the main environment target from the team because the local experience is fine if you have the terraform files, even though it stills needs the terraform binary to be installed (or any other terraform binary, e.g. terragrunt, that you can set via env variable
INFRACOST_TERRAFORM_BINARY
) as I explained before. If you don't have the terraform files, just a state or plan file (which is not usual, btw), things get tricky: see CI/CD below, the same applies.CI/CD
Using infracost in CI/CD is very hacky-ish. You have to clone the repository, cd into the terraform directory and run infracost (that under the hood runs terraform). This means that the image running the pipeline gets bigger because it needs the terraform binary to be present and it also means that you can't generate uniform reports from different branches (different workspaces does works tho) without some serious scripting.
I managed to get my way through a pipeline that have 3 remote state files (one for each branch) by curling the state files from the remote state backend and converting it to Terraform JSON Output that infracosts expects as you can see in #810. The alpine image with curl, terraform and infracost was relatively big and it didn't feel right at all.
Currently supported workflow for infracost usage
infracost diff
terraform show -json tfplan.binary > plan.json
(only local)terraform show -json tfplan.json > plan.json
(only local)infracost breakdown
--use-terraform-state
flag or converting to JSON withterraform show -json terraform.tfstate > terraform.json
(only local)terraform show -json tfplan.binary > plan.json
(only local)terraform show -json tfplan.json > plan.json
(only local)PS:
infracost output
supports only local JSONs outputted byinfracost breakdown
, e.g:infracost breakdown --path /path/to/project1 --format json > project1.json
.Here's the link for terraform's show command documentation.
Proposal
I think in a perfect world infracosts users would have the options to generate breakdown reports from a local terraform directory or any state or plan file either locally or remotely and also generate diff reports from a local terraform directory or any plan file either locally or remotely and compare those against remote state files as well.
Remote
Other terraform tools like driftctl succesfully found a way to reference remote tfstate, maybe it's worth checking them out.
This might be a common problem for other tools like tflint and tfsec as they don't have yet a way to reference a remote state file too. They also work differently (by linting the HCL syntax) but my point still stands.
It even may be worth coming together as a community with those other tools and creating a generic go module that does this in a good way so everyone can use and improve together.
Terraform's plans and states in JSON, binary and .tfstate
If we can't find a way to parse the state files by ourselves, which might be a bad ideia anyway (as stated in this page), a solution would be to bundle hashicorp's terraform-exec module into infracost and run terraform CLIs command from within the application itself. Still feel scripty but it's much more transparent to the user. This would make infracost a standalone tool, that doesn't even need terraform to work. This comes with a increased binary size, but personally, I think it's worth it.
EDIT: Maybe this tool kvz/json2hcl can help in some way?
The text was updated successfully, but these errors were encountered: