terragrunt icon indicating copy to clipboard operation
terragrunt copied to clipboard
verified publisher icon gruntwork-io

x-access-token shown in stderr if module not found in repository

Open maonat opened this issue 3 years ago • 3 comments

Hello,

I've found out that terragrunt is printing out the token value if no module is found.

ERRO[0019] Working dir azurerm/shared/acr from source git::https://x-access-token:[email protected]/USER/REPO?ref=main does not exist 
ERRO[0019] Unable to determine underlying exit code, so Terragrunt will exit with error code 1

Terragrunt version v0.38.12

Below my terragrunt.hcl file:

include {
  path = find_in_parent_folders()
}

dependencies {
  paths = ["../rg"]
}

dependency "rg" {
  config_path = "../rg"

  mock_outputs = {
    resource_group_name = join("-", ["rg", local.common_vars.prefix])
  }
  mock_outputs_allowed_terraform_commands = ["validate", "plan"]
}

locals {
  common_vars  = yamldecode(try(file("common_vars.yaml"), file(find_in_parent_folders("common_vars.yaml"))))
  secrets_git_tmp = run_cmd("--terragrunt-quiet", "bash", "${get_path_to_repo_root()}/__scripts__/generate-access-token.sh", "-a", "print")
}

terraform {
  source = "git::https://x-access-token:${local.secrets_git_tmp}@github.com/USER/REPO//azurerm/shared/acr?ref=main"
}

inputs = {
  is_test = true
  sku     = "Basic"  
}

maonat avatar Oct 11 '22 08:10 maonat

Hi, in my test with Github private repo, pulling of terraform module worked fine with:

terraform {
  source = "git::https://x-access-token:[email protected]/denis256/terraform-test-module.git//modules/test-file?ref=master"
}

in your case REPO contains .git at the end?

denis256 avatar Oct 11 '22 19:10 denis256

Hi,

in my test with Github private repo, pulling of terraform module worked fine with:


terraform {

  source = "git::https://x-access-token:[email protected]/denis256/terraform-test-module.git//modules/test-file?ref=master"

}

in your case REPO contains .git at the end?

Nope, it is without .git at the end of the repo name.

What do you mean by it worked fine? That you got the token redacted in the error output that you couldn't find a path?

Is "test-file" a non existing file or a non existing directory?

The issue in my case happens while trying to search for a directory containing multiple .tf files.

maonat avatar Oct 11 '22 21:10 maonat

Hi, two years have passed and seems like the issue is still present. Is there any way to get this solved? Now, after upgrading to the latest terragrunt version, I can also see the token being printed while running a terragrunt apply.

Screenshot

this happens with latest version of tg: 0.58.14

Below with version 0.48.1 where the INFO is not being shown during the apply. This is because of the following commit log level changed from WARN to INFO in this commit: https://github.com/gruntwork-io/terragrunt/commit/b8ee109e3af286b6efc3dc7807c09287ece7dc96?diff=split&w=0 line 212 file: cli/commands/terraform/download_source.go

Screenshot2

@denis256 I know we can change log level to WARN only but this is wrong: We should not see the token used in any way!

maonat avatar Jun 07 '24 14:06 maonat

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for raising this issue.

github-actions[bot] avatar Dec 25 '24 02:12 github-actions[bot]