Closed philmph closed 1 week ago
Thanks for reporting this @philmph, we should have a fix out for this shortly.
@philmph Appreciate the detailed report. A patch release v2.53.1 is on its way out and should be available shortly.
Thanks @manicminer for the immediate response and fix - No more issues after Renovate update to v2.53.1 :)
Community Note
Terraform (and AzureAD Provider) Version
Running on Terraform Cloud hosted runner
Updating via Renovate Bot
chore(deps): update terraform azuread to v2.53.0
:2.52.0
->2.53.0
Affected Resource(s)
azuread_application
Terraform Configuration Files
I am running a module which deploys apps + spns + secrets. The module is called by different environments with the respective root module. The
azuread_application
does NOT utilize the newpassword
block.variables.tf
main.tf
azuread_application_password
is NOT a defined output (the module also handles directly adding the secret to f.e. Key Vault and TFE Workspaces without human interaction but i omitted the code as it is not relevant)outputs.tf
Debug Output
Only relevant part from the root module calling the module using the
azuread_application
resource withoutpassword
block:Human readable (hopefully)
Error: Output refers to sensitive values on outputs.tf line 1:
output "managed_entraid_identities" {
To reduce the risk of accidentally exporting sensitive data that was intended to be only internal, Terraform requires that any root module output containing sensitive data be explicitly marked as sensitive, to confirm your intent.If you do intend to export this data, annotate the output value as sensitive by adding the following argument:
sensitive = true
Panic Output
-
Expected Behavior
Terraform doesn't force me to chain
sensitive = true
for existing deployments which don't use thepassword
block in resourceazuread_application
.Actual Behavior
Run exists with
1
because output is not marked assensitive = true
while not using the newpassword
block.Steps to Reproduce
v.2.52.0
tov2.53.0
plan
Important Factoids
-
References