Reading plan file from other than file #25738
Labels
enhancement
v0.12
Issues (primarily bugs) reported against v0.12 releases
v0.13
Issues (primarily bugs) reported against v0.13 releases
Terraform Version
But also seems to happen with 0.12.xyz versions.
Terraform Configuration Files
After this, run:
terraform init
, thenterraform plan -out=plan.bin
, and finallycat plan.bin | terraform apply /dev/stdin
.Debug Output
N/A.
Crash Output
N/A.
Expected Behavior
I would expect for the
cat plan.bin | terraform apply /dev/stdin
command to behave liketerraform apply plan.bin
does: it reads the file produced by plan phase, and applies the changes therein.Actual Behavior
The following error message was printed:
zip: not a valid zip file
.If I try command
cat plan.bin | terraform apply -
(in a spirit of many other *nix commands accepting-
as alias for stdin), I will get:stat -: no such file or directory
.Steps to Reproduce
terraform init
terraform plan -out=plan.bin
cat plan.bin | terraform apply /dev/stdin
Additional Context
I understand that zip files are structured in such way that reading them from non-seekable stream is not suitable for many libraries, and I guess Go's zip library is one of them.
Could Terraform maybe detect when the user tries to specify non-seekable stream (stdin/pipe/etc) as apply file, read it to memory in full, and then pass it to the zip library?
The exact usecase I have for this is when I am storing encrypted plan file as pipeline artifact in our DevOps pipeline (since storing it unencrypted would expose all the secret stuff in plaintext).
During the apply phase, I tried to make a fifo and pass it through
openssl
decrypting it, before the contents finally reachterraform apply
command, so the unencrypted file would never be stored on the disk wherever the pipeline agent is running.However, this bug prevents such workflow.
FWIW, the approach works in the plan phase:
References
I searched issues with the error message I got but anything even close to this was #22396 , which is just about unhelpful error messages when passing badly formatted plan file or command line parameters.
Workaround
Currently, during apply phase, I do the following:
This of course has the problem of storing the unencrypted plan file on disk during the apply.
The text was updated successfully, but these errors were encountered: