Closed woz5999 closed 3 years ago
@alisdair from #27220
revisiting this bit of old code, i can probably refactor it to take advantage of some of the newer dynamic expressions, but this worked as of tf 0.13.x
Thanks for the reproduction case, @woz5999! This is indeed another issue with unmarking sensitive values when evaluating expressions, and this time the splat is the problem here. We'll need to fix that again in the upstream HCL library.
For now, you can replace the use of splat with a for expression, as you hinted at yourself. The following should be a reasonable workaround until we can get this fixed:
locals {
fixed_crash_local = flatten([for kvs in local.a_sensitive_map: [for v in kvs: v]])
}
Thanks @alisdair . Been refactoring and confirm that that's a fix.
I'm seeing a few other cases, though I'm not sure how similar they are under the hood:
crash_local = templatefile("${path.cwd}/foo.tmpl", {
bar = jsonencode(local.a_sensitive_map)
})
# foo.tmpl
%{ for b in jsondecode(bar) ~}
${b.v}
%{ endfor ~}
let me know if you want a new ticket for this, else i can update this one to include the additional case
@woz5999 Thanks again. That is a separate crash, caused by checking the length of a sensitive collection (in TemplateJoinExpr
) as part of rendering a template with a for
loop. It would be very helpful if you could file a new issue to help us track the fix, as it will be a separate patch.
@alisdair #27336
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Terraform Version
Terraform Configuration Files
Crash Output
Expected Behavior
Command Success
Actual Behavior
Panic / terraform crash
Steps to Reproduce
terraform init
terraform plan
Additional Context
References
27220