hashicorp
Add -json flag to terraform state show
Current Terraform Version
Terraform v0.12.20
Use-cases
I need to automate fetching a value from the terraform state that a module developer didn't add to an output.
Attempted Solutions
Currently I'd need to write a very clunky jq query. As an example, if I have a google_compute_address and I had to get the IP address out of that, I'd have do something like this, assuming I've downloaded the terraform state from the remote backend:
cat terraform.tfstate | jq '.resources[] | \
select(.name == "foo") | \
select(.type == "google_compute_address") | \
.attributes.address'
While I could use the terraform_remote_state data provider, this requires an extra terraform config to do and is not trivial to integrate into other CLI interfaces.
Proposal
I'd like to be able to run something like this.
terraform state show -json google_compute_address.foo | jq .address
But get an error since the -json flag is not supported for the state. It seems to me that if terraform show has a -json flag, so should terraform state show since HCL is nowhere near as ubiquitous as JSON.
References
- #21777
This is also needed because terraform state show produces output which is hard to parse because of the additional special characters around attribute names.
This is necessary as well to extract sensitive data from state (specific fields) without downloading the entire state as a giant json blob to disk.
I agree this is needed feature and I would like to see this feature realized so that we can parse/process the json output as per our needs for further processing. At this point it is much harder to parse through the data.
I've created a module (Invicton-Labs/get-state/null) that cleanly extracts state data and doesn't require jq to be installed or having downloaded the terraform.tfstate file. It should work on any Linux or Windows system without anything preinstalled (Mac currently untested).
It returns data in a similar format to the way it's stored in the terraform.tfstate file, so you'd have to do something like:
module "get_state" {
source = "Invicton-Labs/get-state/null
}
output "ip_address" {
value = module.get_state.resources["google_compute_address.foo"].instances[0].attributes.address
}
The module page has an extensive example to show what the output of the resources map looks like.
Having the same issue, strange the docs says that -json is supported by Terraform 0.12 or later. See https://www.terraform.io/docs/cli/commands/show.html
@npalm that's
terraform show, this issue is aboutterraform state show
Arch, and I need terraform state show -json arch
Any updates on this? This would be much appreciated in infrastructure governance tasks
We can do it already with help of terraform state pull
In my case, I'm in the middle of importing our azure stuff, and wish to see what things I have missed, here is how we can do it:
$resources = az resource list | ConvertFrom-Json | Select-Object id, name, resourceGroup
$managed = terraform state pull | ConvertFrom-Json | Select-Object -ExpandProperty resources | Select-Object -ExpandProperty instances | Select-Object -ExpandProperty attributes | Select-Object -ExpandProperty id -Unique
$resources | Where-Object id -notin $managed
here's a simpler example with posix shell and jq
terraform state pull > tfstate.json
ebs_volume_id_1="$(cat tfstate.json | jq -r '.resources[] | select(.type == "aws_ebs_volume" and .name == "volume_one") | .instances[].attributes.id')"
ebs_volume_id_2="$(cat tfstate.json | jq -r '.resources[] | select(.type == "aws_ebs_volume" and .name == "volume_two") | .instances[].attributes.id')"
rm tfstate.json
