terraform-google-modules/terraform-google-vpn

Module refuses to run in Terraform 15 due to ipsec_secret-static output variables not being marked sensitive

ARMUSOPS opened this issue · 4 comments

ARMUSOPS commented

Output when attempting to apply using the 1.5.0 version of this module with Terraform 15:

│ Error: Output refers to sensitive values

│ on .terraform/modules/vpn-module-static-xxx/outputs.tf line 52:
│ 52: output "ipsec_secret-static" {

│ Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true.

See https://www.terraform.io/upgrade-guides/0-15.html#sensitive-output-values

sestegra commented

Same issue on following outputs

╷
│ Error: Output refers to sensitive values
│
│   on .terraform/modules/ha_vpn/modules/vpn_ha/outputs.tf line 51:
│   51: output "tunnels" {
│
│ Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true.
╵
╷
│ Error: Output refers to sensitive values
│
│   on .terraform/modules/ha_vpn/modules/vpn_ha/outputs.tf line 59:
│   59: output "tunnel_names" {
│
│ Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true.
╵
╷
│ Error: Output refers to sensitive values
│
│   on .terraform/modules/ha_vpn/modules/vpn_ha/outputs.tf line 67:
│   67: output "tunnel_self_links" {
│
│ Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true.
╵
imrannayer commented

@sestegra @ARMUSOPS Issue is not in the module. In your root module code you need to add sensitive = true for outputs which are marked sensitive in vpn module outputs. I ran a few tests and it ran fine as long as I have sensitive = true in my root module output.

output "prod_tunnel" {
  description = "Prod VPN tunnel."
  value       = module.vpn-gw-us-ce1-prd-mgt-internal
  sensitive   = true
}

output "mgt_tunnel" {
  description = "Mgt VPN tunnel."
  value       = module.vpn-gw-us-ce1-mgt-prd-internal
  sensitive   = true
}
morgante commented

Also please make sure you are using (at least) Terraform v0.15.1. The 0.15.0 release had a bug which was overly aggressive with marking values as sensitive: https://github.com/hashicorp/terraform/blob/v0.15/CHANGELOG.md#0151-april-26-2021

imrannayer commented

@morgante we may need to update examples as it is missing sensitive = true in outputs which will result in failed tests with TF 0.15.X or 1.X.X. I will send PR for it.

Thanks

  • 👍1
  • ❤️1