search

terraform-compliance / cli

a lightweight, security focused, BDD test framework against terraform.
https://terraform-compliance.com
MIT License
1.35k stars 152 forks source link

STDERR isn't being used, log level cannot be changed. #723

Open Yakuza-UA opened 11 months ago

Yakuza-UA commented 11 months ago

Description

Error reporting cannot be filtered out using 2>/dev/null nor it is silenced when -S keyword is used.

To Reproduce

Run terraform-compliance on a TF plan with local modules, forcing the tool to show the following warnings:

❗ WARNING (mounting): The reference "module.intl_bus_services_rg" in resource module.intl_bus_services_vnet.azurerm_virtual_network.this is ambiguous. It will not be mounted.
❗ WARNING (mounting): The reference "module.intl_connectivity_01_rg" in resource module.intl_connectivity_01_afw.azurerm_firewall.this is ambiguous. It will not be mounted.
❗ WARNING (mounting): The reference "module.intl_connectivity_01_rg" in resource module.intl_connectivity_01_afw.azurerm_public_ip.this is ambiguous. It will not be mounted.

Re-run using terraform-compliance 2>/dev/null or terraform-compliance -S to observe the behavior has not changed - errors are still shown. In a heavy TF file with loads of module calls such warnings creates a lot of noise which isn't great in a CI environment. It is not possible to redirect errors into a file or /dev/null, nor it is possible to silence them.

Expected Behavior

It would be nice to have errors and warnings redirected to STDERR rather than STDOUT, and in addition to that have a log level parameter rather than boolean nature of --debug keyword. Instead, would be nice to have --log-level and set this one to None, Warnings, Debug, Informational etc....