Skip to content

bug: cli/api: terraform.tfvars and *.auto.tfvars are silently ignored #8501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
johnstcn opened this issue Jul 13, 2023 · 3 comments · Fixed by #11549
Closed

bug: cli/api: terraform.tfvars and *.auto.tfvars are silently ignored #8501

johnstcn opened this issue Jul 13, 2023 · 3 comments · Fixed by #11549
Assignees
@mtojek
Labels
s2 Broken use cases or features (with a workaround). Only humans may set this.

Comments

@johnstcn
Copy link
Member

johnstcn commented Jul 13, 2023
edited
Loading

Problem

Per the Terraform Documentation

Terraform also automatically loads a number of variable definitions files if they are present:
Files named exactly terraform.tfvars or terraform.tfvars.json.
Any files with names ending in .auto.tfvars or .auto.tfvars.json.

Coder silently ignores the above files and prompts the user to specify values for template variables without a default specified.

Steps to reproduce:

main.tf:

variable "name" {
  type = string
}

resource "local_file" "a" {
  filename = "${path.module}/a.txt"
  content  = "hello ${var.name}"
}

output "a" {
  value = local_file.a.content
}

terraform.tfvars:

name = "world"

Output of terraform plan:

terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # local_file.a will be created
  + resource "local_file" "a" {
      + content              = "hello world"
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0777"
      + file_permission      = "0777"
      + filename             = "./a.txt"
      + id                   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + a = "hello world"

Output of coder templates create:

==> ⧗ Queued
=== ✔ Queued [184ms]
==> ⧗ Setting up
=== ✔ Setting up [0ms]
==> ⧗ No README.md provided
=== ✔ No README.md provided [0ms]
==> ⧗ Parsing template parameters
=== ✔ Parsing template parameters [5ms]
==> ⧗ Cleaning Up
=== ✘ Cleaning Up [4ms]
=== ✘ Cleaning Up [12ms]
running command "coder templates create": update job: required template variables need values: name

Specifying the variable name (e.g. --variable name=foo) allows the template to be created, but this then clobbers the default value from *.tfvars as shown by the output of coder state pull:

{
  "version": 4,
  "terraform_version": "1.5.3",
  "serial": 1,
  "lineage": "87d175b4-eeb6-404d-9c67-75095fdd29ee",
  "outputs": {
    "a": {
      "value": "hello foo",
      "type": "string"
    }
  },
  "resources": [
    {
      "mode": "managed",
      "type": "local_file",
      "name": "a",
      "provider": "provider[\"registry.terraform.io/hashicorp/local\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "content": "hello foo",
            "content_base64": null,
            "content_base64sha256": "bIqlJPriejYH+cQgRWe2XUg0GzvMDjbp5QhWqq8HPSE=",
            "content_base64sha512": "IrdVX6WAqR0wqX6EJZ9z7CiUVRRDnOnJ3K4pMFSBwuKrdtRdB9OiSoSSvPBo9GOJxUxneXXPkKeDA7PTm8Y8hA==",
            "content_md5": "b4e9c4bc17e0a52c17c59c1fb7fad2e3",
            "content_sha1": "e42fac7662fe66e50afa1e67a549a51aa5b664b0",
            "content_sha256": "6c8aa524fae27a3607f9c4204567b65d48341b3bcc0e36e9e50856aaaf073d21",
            "content_sha512": "22b7555fa580a91d30a97e84259f73ec28945514439ce9c9dcae29305481c2e2ab76d45d07d3a24a8492bcf068f46389c54c677975cf90a78303b3d39bc63c84",
            "directory_permission": "0777",
            "file_permission": "0777",
            "filename": "./a.txt",
            "id": "e42fac7662fe66e50afa1e67a549a51aa5b664b0",
            "sensitive_content": null,
            "source": null
          },
          "sensitive_attributes": []
        }
      ]
    }
  ],
  "check_results": null
}

The file terraform.tfvars is however present in the uploaded template tar, as evidenced by the output of coder templates pull <template_name> --tar | tar -tvf -:

-rw-r--r-- coder/coder    1153 2023-07-13 17:05 .terraform.lock.hcl
-rw-r--r-- coder/coder     183 2023-07-13 17:04 main.tf
-rw-r--r-- coder/coder      15 2023-07-13 15:16 terraform.tfvars
@cdr-bot cdr-bot bot added the bug label Jul 13, 2023
@johnstcn johnstcn changed the title bug: cli (and probably also api): .auto.tfvars are silently ignored bug: cli/api: terraform.tfvars and *.auto.tfvars are silently ignored Jul 13, 2023
@bpmct bpmct added the s2 Broken use cases or features (with a workaround). Only humans may set this. label Jul 14, 2023
@bpmct bpmct mentioned this issue Jul 14, 2023
Closed
@bpmct
Copy link
Member

bpmct commented Aug 15, 2023

In this case, we probably shouldn't upload the file but instead send them to the database as managed variables.

@sreya sreya self-assigned this Aug 21, 2023
@sreya sreya removed their assignment Sep 13, 2023
@ffais
Copy link
Contributor

ffais commented Nov 27, 2023

any news on this issue?

@mtojek mtojek self-assigned this Dec 14, 2023
@mtojek
Copy link
Member

mtojek commented Dec 14, 2023
edited
Loading

It seems that *.tfvars files have the following format:

image_id = "ami-abc123"
availability_zone_names = [
  "us-east-1a",
  "us-west-1c",
]

Fortunately, they contain only variable assignments and no conditional logic. It will make parsing easier.

The only thing we need to confirm is the definition precedence:

  1. The terraform.tfvars file
  2. The terraform.tfvars.json file
  3. Any *.auto.tfvars or *.auto.tfvars.json files, processed in a lexical order of their filenames.
  4. Variables file passed via CLI.
  5. Variables passed via CLI.

As @bpmct noticed, CLI should not pack .tfvars files into template archives.

Battle plan:

This was referenced Dec 14, 2023
Merged
Merged
@mtojek mtojek mentioned this issue Jan 10, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mtojek mtojek

Labels
s2 Broken use cases or features (with a workaround). Only humans may set this.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: load variables from tfvars files coder/coder
5 participants
@sreya @johnstcn @mtojek @bpmct @ffais