Skip to content

fix: write Terraform plan artifacts to the run's unique temp dir#203

Merged
patrickchugh merged 1 commit into
patrickchugh:mainfrom
jcoffi:fix/tfplan-temp-path-collision
Jun 28, 2026
Merged

fix: write Terraform plan artifacts to the run's unique temp dir#203
patrickchugh merged 1 commit into
patrickchugh:mainfrom
jcoffi:fix/tfplan-temp-path-collision

Conversation

@jcoffi

@jcoffi jcoffi commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Fixes #202

Type of Change

  • Bug Fix
  • New Feature
  • Refactor
  • Documentation

What this changes

tf_initplan() in modules/tfwrapper.py wrote its plan artifacts (tfplan.bin, tfplan.json, tfgraph.dot) into os.path.dirname(temp_dir.name). temp_dir is the per-process tempfile.TemporaryDirectory, so taking its parent collapses the path back to the shared temp root (usually /tmp). The three artifacts therefore landed at fixed, shared paths.

Run two terravision processes at the same time and they write to the same /tmp/tfplan.bin (and .json/.dot), so they overwrite each other's plan and graph partway through a run. In practice this shows up as corrupted or mismatched diagrams when terravision runs concurrently, for example across parallel CI jobs sharing one runner.

The fix uses temp_dir.name directly, so each run keeps its artifacts inside its own unique directory.

-        tempdir = os.path.dirname(temp_dir.name)
+        tempdir = temp_dir.name

Why this is safe

  • temp_dir.name is already the directory terravision stores as tfdata["terraform_init_dir"] (same file, line 371), so the plan artifacts now sit alongside the init data they belong with.
  • _decode_plan() reads the same three local path variables, so it follows the new location automatically.
  • read_tfsource() locates modules via terraform_init_dir, not these artifact paths, so module resolution is unaffected.
  • No public interface or output changes. Behaviour for a single run is identical.

Testing

  • python -m black --check modules/tfwrapper.py passes.
  • python -m py_compile modules/tfwrapper.py passes.
  • No automated regression test added. The bug lives inside tf_initplan(), where the artifact paths are local variables built inline between real terraform subprocess calls, so there is no clean seam to assert on without a small refactor. This PR is kept to the minimal one-line fix on purpose. I am happy to follow up with a refactor that extracts the path construction into a helper plus a regression test if you would prefer that.

A sibling bug left untouched

modules/tgwrapper.py has the same fixed-path pattern for Terragrunt (/tmp/tg_tfplan.bin and friends, around line 682). I left it out to keep this PR to a single change, but it is worth a separate fix.

Checklist

All Submissions:

  • Checked for other open PRs covering the same change
  • Written Documentation/Tests (see the Testing note above)
  • Done my own code review
  • Disclosed AI tool/model use (below)

AI Assistance Declaration

  • Tools used: opencode (CLI coding agent)
  • Model: Claude Opus 4 (anthropic/claude-opus-4-8)
  • Scope: at the user's request, traced the bug through tf_initplan / _decode_plan / read_tfsource, made the one-line fix, and wrote this PR.

Checklist for Changes to Core Features:

  • Minor one-line bugfix, raised directly as the template allows for minor fixes
  • PR is focused on a single change
  • Explanation of what and why is included above
  • New tests not added (rationale in Testing)
  • Verified the single-run path by tracing every reader of the changed paths

tf_initplan built tfplan.bin, tfplan.json and tfgraph.dot under
os.path.dirname(temp_dir.name). temp_dir is the per-process
TemporaryDirectory, so taking its parent collapses the path back to the
shared temp root (usually /tmp) and the three files land at fixed,
shared paths.

Two terravision runs at once then write to the same /tmp/tfplan.bin
(and .json/.dot) and overwrite each other's plan and graph mid-run.

Use temp_dir.name directly so each run keeps its artifacts in its own
directory. temp_dir.name is already stored as terraform_init_dir and
_decode_plan reads the same local paths, so nothing else changes.
@jcoffi jcoffi force-pushed the fix/tfplan-temp-path-collision branch from a6fdf4c to d0cf4bf Compare June 26, 2026 20:47
@patrickchugh patrickchugh merged commit f19c971 into patrickchugh:main Jun 28, 2026
1 check passed
@jcoffi jcoffi deleted the fix/tfplan-temp-path-collision branch June 28, 2026 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

tf_initplan writes plan artifacts to a shared /tmp path; concurrent runs collide

2 participants