search

hashicorp / terraform-cdk

Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform
https://www.terraform.io/cdktf
Mozilla Public License 2.0
4.85k stars 450 forks source link

local-exec environment populated by cdktf synth gets lowercased #2443

Open Jiafi opened 1 year ago

Jiafi commented 1 year ago

Community Note

cdktf & Language Versions

cdktf version 0.14.3 Typescript

Affected Resource(s)

nullResource using the LocalExecProvisioner.

Debug Output

    new nullResource.Resource(this, 'postgresScript', {
      provisioners: [
        {
          // Pipe system password into script as input
          type: 'local-exec',
          command: `psql`,
          environment: {
            PGPASSWORD: "password",
          },
        },
      ],
    });

Generates 

            {
            "local-exec": {
              "command": "psql",
              "environment": {
                "pgpassword": "passwordHere"
              }
            }

Expected Behavior

            {
            "local-exec": {
              "command": "psql",
              "environment": {
                "PGPASSWORD": "passwordHere"
              }
            }

Actual Behavior

            {
            "local-exec": {
              "command": "psql",
              "environment": {
                "pgpassword": "passwordHere"
              }
            }

Steps to Reproduce

Create a null provider and resource.

    new nullProvider.NullProvider(this, 'null', {});
    new nullResource.Resource(this, 'postgisAdminScript', {
      provisioners: [
        {
          // Pipe system password into script as input
          type: 'local-exec',
          // If this command fails, the password is printed out locally.  Need to figure out a better way of configuring the password
          command: `echo $PGPASSWORD`,
          environment: {
            PGPASSWORD: "password",
          },
        },
      ],
    });

Important Factoids

environment should respect the casing that is originally used in the environment Record.

It looks like all keys are being lower cased here

References

Jiafi commented 1 year ago

https://github.com/hashicorp/terraform-cdk/pull/2446 Potential fix.

ansgarm commented 1 year ago

Hi @Jiafi πŸ‘‹

Good catch, it seems like these lines are a bit too overambitious: https://github.com/hashicorp/terraform-cdk/blob/1908d763a5a676651579983100f92cb08c74777c/packages/cdktf/lib/terraform-resource.ts#L185-L189

We should confirm what exactly we need to convert there. Probably just the first layer but not deeper.

That said, you can workaround this problem using an escape hatch:

    new nullProvider.NullProvider(this, "null", {});
    const adminScript = new nullResource.Resource(
      this,
      "postgisAdminScript",
      {}
    );
    // using overrides to preserve casing of environment variables (open issue: https://github.com/hashicorp/terraform-cdk/issues/2443)
    adminScript.addOverride("provisioner", [
      {
        // Pipe system password into script as input
        type: "local-exec",
        // If this command fails, the password is printed out locally.  Need to figure out a better way of configuring the password
        command: `echo $PGPASSWORD`,
        environment: {
          PGPASSWORD: "password",
        },
      },
    ]);
Jiafi commented 1 year ago

@ansgarm Thanks for the workaround! It mostly worked but needed to be changed slightly. Needed local-exec as the key.


    new nullProvider.NullProvider(this, "null", {});
    const adminScript = new nullResource.Resource(
      this,
      "postgisAdminScript",
      {}
    );
    // using overrides to preserve casing of environment variables (open issue: https://github.com/hashicorp/terraform-cdk/issues/2443)
    adminScript.addOverride('provisioner', [
      {
        ['local-exec']: {
          command: `${postgisUserSetupScript.path} ${rds.rdsHostOutput} ${this.postgresDB} ${rds.rdsSystemUsernameOutput} ${this.postgresUser}`,
          environment: {
            PGPASSWORD: rds.rdsSystemPasswordOutput,
          },
        },
      },
    ]);
ansgarm commented 1 year ago

Ah, whoops πŸ˜… Glad you figured it out!