azure-pipelines-tasks-terraform icon indicating copy to clipboard operation
azure-pipelines-tasks-terraform copied to clipboard

Published 20 hours ago verified publisher icon jason-johnson

Terraform Output needs a few additional features

Open DenWin opened this issue 4 years ago • 3 comments

Current state

  • terraform output only outputs string, number and bool
  • it uses -json by default
  • it create TF_OUT_* variables
  • even though -json is been used, the outputed variables are in raw format
  • no logging to the console

Issues:

  • lists, objects, etc. will not be returned
  • no warning if a certain object is not been returned
  • if -raw is been used in the commandOptions this will cause an error
  • as state above, at first glance terraform output does not return anything - as it is only silently put into the variables
  • the actual -json cannot be returned

Tasks:

  • [x] add a warning if something is not outputted
  • [x] add logging to the console of the pipeline, what was outputted (somthing like TF_OUT_SOMETHING=something )
  • [ ] include a specific outputtype argument [ raw | json ] and outputkey if a specific key is to be returned - at first only raw
  • [ ] extend the functionality to actually output json-format just as terraform does it and extend the outputtype to allow json
  • [ ] extend the functionality to actually return all kind of output

Don't know whether this should be logged in separate issues - thought this one could serve as a parent issue. Also this is a rather extensive change, hence the priority above, in which I would do the changes

Edit: "give a warning if commandOptions is been used and deprecate commandOptions" this is still required for no-color or to choose a specific state file

DenWin avatar May 21 '21 10:05 DenWin

Thanks @DenWin for providing all this feedback. This is really helpful. Treating this as a parent issue should be fine. I am doing similar approach with the issue to add workspace support. Re 5 from the task list... Similar to what I mentioned in the #34, I have avoided having the task write the stdout to build logs or files when using -json for show and output due to the fact that sensitive values are not redacted. What expectation, if any, would you have from this task to mitigate the exposure of these sensitive values when running terraform output with -json?

Additionally for 6 in the task list, could you update which data type specifically you need support for so that they can be prioritized?

charleszipp avatar May 21 '21 14:05 charleszipp

I will resolve this issue for myself using AzureCLI for now, so no rush for no6. As for 1& 2 I have added these already. A PR including testing is on its way.

About the sensitive values - didn't knew that - I have resolved it this way:

if ( outputVariable.sensitive ) {
    console.log(`TF_OUT_${key.toUpperCase()}`, "=", "********* (sensitive)");
}
else {
    console.log(`TF_OUT_${key.toUpperCase()}`, "=", outputVariable.value);
}

DenWin avatar May 21 '21 14:05 DenWin

bu be aware, once you have debugging actiaveted you will see everything anyway - also the sensitive TF_OUT-variables

DenWin avatar May 21 '21 14:05 DenWin