Open GeorgePalacios opened 3 years ago
@GeorgePalacios, show was never intended to display the plan file in a human readable format. It was only implemented to detect destroy operations. Therefore, all that it currently does is run silently (nothing written to stdout) and set a pipeline variable. At the time this was implemented, it was decided to run show silently due to the risk of exposing secrets/sensitive values in the build logs. This behavior is by design.
I would be willing to reconsider this if the human readable output can be access controlled and deleted. See also #60. The build logs will likely not redact secrets or sensitive values given the fact its coming from a third party binary. Would you be ok with show revealing secrets or are there some conditions where you would believe this to be ok?
I assumed this could be used.
On Wed, Jul 21, 2021 at 2:43 PM Charles Zipp @.***> wrote:
@GeorgePalacios https://github.com/GeorgePalacios, show was never intended to display the plan file in a human readable format. It was only implemented to detect destroy operations. Therefore, all that it currently does is run silently (nothing written to stdout) and set a pipeline variable. At the time this was implemented, it was decided to run show silently due to the risk of exposing secrets/sensitive values in the build logs. This behavior is by design.
I would be willing to reconsider this if the human readable output can be access controlled and deleted. See also #60 https://github.com/charleszipp/azure-pipelines-tasks-terraform/issues/60. The build logs will likely not redact secrets or sensitive values given the fact its coming from a third party binary. Would you be ok with show revealing secrets or are there some conditions where you would believe this to be ok?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/charleszipp/azure-pipelines-tasks-terraform/issues/59#issuecomment-884200361, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHHCHM6IEGZCH3U3HDFOS3DTY3FG3ANCNFSM47FP7WXA .
Describe the bug When running Terraform show via a Devops release pipeline, no output is produced, past generic warnings.
As an example, the below output is received - I can see a destroy will occur, but where is the actual output from terraform show?
To Reproduce Steps to reproduce the behavior:
Expected behavior A human-readable output in the logs for the terraform show step
Pipeline Logs
Agent Configuration
Additional context Our plan files are being produced at build phase - the file is then contained in an artifact and released via a release pipeline - I want a manual intervention in the release pipeline to check the output of terraform show.