Terraform output failing, but not recorded as failed

[Bouke]

The task reports as succeeded, but looking at the logs it is very apparent that it should've been marked as failed instead:

Reporting the proper task status is fundamental to building a stable CI pipeline.

2024-02-28T14:18:10.4624112Z ##[section]Starting: Terraform Output
2024-02-28T14:18:10.4630081Z ==============================================================================
2024-02-28T14:18:10.4630241Z Task         : Terraform
2024-02-28T14:18:10.4630303Z Description  : Execute terraform commands to manage resources on AzureRM, Amazon Web Services(AWS) and Google Cloud Platform(GCP)
2024-02-28T14:18:10.4630449Z Version      : 4.227.24
2024-02-28T14:18:10.4630538Z Author       : Microsoft Corporation
2024-02-28T14:18:10.4630614Z Help         : [Learn more about this task](https://aka.ms/AAf0uqr)
2024-02-28T14:18:10.4630706Z ==============================================================================
2024-02-28T14:18:11.1468734Z [command]/opt/hostedtoolcache/terraform/1.7.4/x64/terraform output -json
2024-02-28T14:25:42.4777063Z ╷
2024-02-28T14:25:42.4779840Z │ Error: Failed to load state: Error retrieving keys for Storage Account "XXX": autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-02-28T14:21:42.4623915Z, assertion valid from 2024-02-28T14:03:09.0000000Z, expiry time of assertion 2024-02-28T14:13:08.0000000Z. Review the documentation at https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials . Trace ID: 3e7d8c18-c8c8-426b-a629-7fb4ad761700 Correlation ID: 8202538a-1ca5-4ccf-be51-caf862f60b33 Timestamp: 2024-02-28 14:21:42Z","error_codes":[700024],"timestamp":"2024-02-28 14:21:42Z","trace_id":"3e7d8c18-c8c8-426b-a629-7fb4ad761700","correlation_id":"8202538a-1ca5-4ccf-be51-caf862f60b33","error_uri":"https://login.microsoftonline.com/error?code=700024"}
2024-02-28T14:25:42.4781479Z │ 
2024-02-28T14:25:42.4781790Z │ 
2024-02-28T14:25:42.4782095Z ╵
2024-02-28T14:25:42.5070749Z ##[section]Finishing: Terraform Output

[mericstam]

Hi thanks for reporting. If you run the command locally, what exitcode do you get?

Br Manuel

[Bouke]

I haven't tried reproducing this issue locally. This specific error is because the task-provided auth token expired. I have no idea how I could reproduce that locally.

[mericstam]

ok got it. I was just curious what exitcode terraform commad gets when this happens. br Manuel

[denisyfrolov]

I face the same issue. Exitcode is 1. It happens when TF can't load its state:

Pipeline continues as normal with this error:

Error: Failed to load state: Error retrieving keys for Storage Account "***": autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-06-30T22:04:39.8297163Z, assertion valid from 2024-06-30T21:40:32.0000000Z, expiry time of assertion 2024-06-30T21:50:32.0000000Z. Review the documentation at https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials . Trace ID: *** Correlation ID: *** Timestamp: 2024-06-30 22:04:39Z","error_codes":[700024],"timestamp":"2024-06-30 22:04:39Z","trace_id":"***","correlation_id":"***","error_uri":"[https://login.microsoftonline.com/error?code=700024"}](https://login.microsoftonline.com/error?code=700024%22})

Reproduced locally:

PS C:\...\tf> terraform output

Error: Failed to load state: blobs.Client#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:***\nTime:2024-06-30T22:39:11.4584662Z"

PS C:\...\tf> $LastExitCode
1