Create customized hook then put "exec < /dev/tty" into it for user input but not work as expected

[leowei0129]

Hi team,

Maybe I should mark this issue as feature request? I create my own hook terraform_plan locally for the purpose to review all the changes before commit. My idea is to check if things defined in main.tf are ok through this hook, then user input yes or no. If yes, pre-commit will pass otherwise pre-commit will fail.

To achieve this, I add exec < /dev/tty in this hook. The snippet looks like this. I create this hook based on terraform_fmt.sh.

function per_dir_hook_unique_part {
  local -r args="$1"
  # shellcheck disable=SC2034 # Unused var.
  local -r dir_path="$2"

  # add PROJECT_ID and APPLICATION_DEFAULT_CREDENTIALS here (dynamically)
  project_id=$(gcloud config get-value project)
  credentials=$(gcloud secrets versions access latest --secret="application-default-credentials")

  echo "PROJECT_ID: ${project_id}"
  echo "CREDENTIALS: ${credentials}"
  terraform plan -var "PROJECT_ID=${project_id}" -var "APPLICATION_DEFAULT_CREDENTIALS=${credentials}"

  exec < /dev/tty
  read -p "Do you agree this plan? (Y/N): " answer
  echo "answer: ${answer}"
...

I expect that the output of terraform plan ... and the prompt Do you agree this plan? (Y/N) should appear before I can enter my answer. But actually nothing shown and it just hangs there waiting for the input.

Until I give an input "Y", every output string defined in this hook (ex: output string through echo, terraform plan) comes out.

Do you think this is an issue? or anything else I miss or wrong?

Thanks.

[yermulnik]

Do you think this is an issue?

That's by GIT design: https://github.com/observing/pre-commit/issues/62 You may want to try to redirect tty directly into read like this https://stackoverflow.com/a/45495062/5093149 (the exec thing seemingly should do the work too, though since it fails you, it's worth to try the read ... < /dev/tty approach maybe)

[leowei0129]

I try read ... < /dev/tty but still not work. I think it should not be a bug from this repo but related to pre-commit? So far I'm not very sure what the root cause is..

[yermulnik]

but related to pre-commit?

It's even not pre-commit but GIT: it doesn't expect hooks to use standard input. Also there might be some another culprit somewhere on the way granted read ... < /dev/tty didn't work for you 🤔 Maybe try and simplify your hook as much as possible for testing, replace everything with just a few lines of code to echo and read input, turn on trace output (set -x), an so on — since others report redirecting tty works for them, there might be something we don't see here. Please let us know the outcome of your findings.

[MaxymVlasov]

A few notes:

• Success tf plan does not mean that you will get success with tf apply
• In most cases tf plan takes much time, which violates the idea of "quick check before committing". That's can be a problem when you'll try to force usage of this hook across the team.
• This hook needs interaction with the user which is unusual for pre-commit users, but let it be
• This hook doesn't automate any checks, it's more likely ask folks to see tf plan output

tf plan is not much different from tf validate. Also, you are already able to check remote API by tflint with --deep option, much quicker than run tf plan

[MaxymVlasov]

By the way, it still can work for your case, but I highly recommend to check https://github.com/terraform-linters/tflint-ruleset-google/blob/master/docs/deep_checking.md