Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TF0.14: Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true. #168

Open
nodomain opened this issue Feb 27, 2021 · 0 comments
Open

TF0.14: Expressions used in outputs can only refer to sensitive values if the sensitive attribute is true. #168

nodomain opened this issue Feb 27, 2021 · 0 comments
Labels
bug 🐛 An issue with the system

Comments

@nodomain
Copy link

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

When adding a S3 User with key and secret, TF 0.14 errors with this error:

Error: Output refers to sensitive values

  on .terraform/modules/elastic_beanstalk_environment/outputs.tf line 41:
  41: output "setting" {

Expressions used in outputs can only refer to sensitive values if the
sensitive attribute is true.

Terraform code:

module "s3_user_assets" {
  source    = "git::https://github.com/cloudposse/terraform-aws-iam-s3-user.git?ref=master"
  namespace = local.name
  stage     = local.stage
  name      = "assets"
  s3_actions = ["s3:ListBucket",
    "s3:ListBucketMultipartUploads",
    "s3:ListBucketVersions",
    "s3:GetBucketVersioning",
    "s3:PutObject",
    "s3:GetObject",
    "s3:DeleteObject",
    "s3:DeleteObjectVersion",
    "s3:ListMultipartUploadParts",
    "s3:GetObjectVersion",
  "s3:AbortMultipartUpload"]
  s3_resources = [module.s3_assets.this_s3_bucket_arn, "${module.s3_assets.this_s3_bucket_arn}/*"]
}

Elastic Beanstalk module:

module "elastic_beanstalk_environment" {
  source = "cloudposse/elastic-beanstalk-environment/aws"

  # Cloud Posse recommends pinning every module to a specific version
  version                            = "0.37.0"
...

  additional_settings = [
    {
      namespace = "aws:elasticbeanstalk:application:environment"
      name      = "EFS_NAME"
      value     = aws_efs_file_system.files.dns_name
    },
    {
      namespace = "aws:elasticbeanstalk:application:environment"
      name      = "S3_ACCESS_KEY_ID"
      value     = module.s3_user_assets.access_key_id
    },
    {
      namespace = "aws:elasticbeanstalk:application:environment"
      name      = "S3_SECRET_ACCESS_KEY"
      value     = module.s3_user_assets.secret_access_key
    },
  ]
...

I worked around by manually adding the requested sensitive = true to the outputs.tf in the module's cache folder.

Expected Behavior

The variables should be added without error.

Steps to Reproduce

Steps to reproduce the behavior:

See source code above.

Screenshots

If applicable, add screenshots or logs to help explain your problem.

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

  • OS: Mac
  • Version Terraform 0.14.6

Additional Context

Add any other context about the problem here.
@nodomain nodomain added the bug 🐛 An issue with the system label Feb 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nodomain