Module refuses to run in Terraform 15 due to ipsec_secret-static output variables not being marked sensitive
ARMUSOPS opened this issue · 4 comments
Output when attempting to apply using the 1.5.0 version of this module with Terraform 15:
│ Error: Output refers to sensitive values
│
│ on .terraform/modules/vpn-module-static-xxx/outputs.tf line 52:
│ 52: output "ipsec_secret-static" {
│
│ Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true.
See https://www.terraform.io/upgrade-guides/0-15.html#sensitive-output-values
Same issue on following outputs
╷
│ Error: Output refers to sensitive values
│
│ on .terraform/modules/ha_vpn/modules/vpn_ha/outputs.tf line 51:
│ 51: output "tunnels" {
│
│ Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true.
╵
╷
│ Error: Output refers to sensitive values
│
│ on .terraform/modules/ha_vpn/modules/vpn_ha/outputs.tf line 59:
│ 59: output "tunnel_names" {
│
│ Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true.
╵
╷
│ Error: Output refers to sensitive values
│
│ on .terraform/modules/ha_vpn/modules/vpn_ha/outputs.tf line 67:
│ 67: output "tunnel_self_links" {
│
│ Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true.
╵
@sestegra @ARMUSOPS Issue is not in the module. In your root module code you need to add sensitive = true
for outputs which are marked sensitive in vpn module outputs. I ran a few tests and it ran fine as long as I have sensitive = true
in my root module output.
output "prod_tunnel" {
description = "Prod VPN tunnel."
value = module.vpn-gw-us-ce1-prd-mgt-internal
sensitive = true
}
output "mgt_tunnel" {
description = "Mgt VPN tunnel."
value = module.vpn-gw-us-ce1-mgt-prd-internal
sensitive = true
}
Also please make sure you are using (at least) Terraform v0.15.1. The 0.15.0 release had a bug which was overly aggressive with marking values as sensitive: https://github.com/hashicorp/terraform/blob/v0.15/CHANGELOG.md#0151-april-26-2021
@morgante we may need to update examples as it is missing sensitive = true in outputs which will result in failed tests with TF 0.15.X or 1.X.X. I will send PR for it.
Thanks