v4.5.0: debug logging of terraform output (#330)

* Add DebugLogger * Use DebugLogger when fetching outputs * Set second_output to sensitive in attributes suite * Update Changelog * Update Gemfile.locks * Add link to 4.5.0 * Update version to 4.5.0 * Replace instance variable use with attribute
newcontext-oss · Apr 10, 2019 · 4b4c8e3 · 4b4c8e3
1 parent c48355f
commit 4b4c8e3
Show file tree

Hide file tree

Showing 13 changed files with 152 additions and 33 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,15 @@ adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased][unreleased]
 
+## [4.5.0] - 2019-04-10
+
+### Changed
+
+- The output of `terraform output` is logged at the debug level to
+  prevent sensitive output values from being printed by default. This
+  output can be viewed by enabling the debug log level. For example:
+  `kitchen converge INSTANCE --log-level=debug`
+
 ## [4.4.0] - 2019-04-06
 
 ### Added
@@ -609,7 +618,8 @@ Gandalf the Free-As-In-Beer
 
 - Initial release
 
-[unreleased]: https://github.com/newcontext/kitchen-terraform/compare/v4.4.0...HEAD
+[unreleased]: https://github.com/newcontext/kitchen-terraform/compare/v4.5.0...HEAD
+[4.5.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.4.0...v4.5.0
 [4.4.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.3.0...v4.4.0
 [4.3.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.2.1...v4.3.0
 [4.2.1]: https://github.com/newcontext/kitchen-terraform/compare/v4.2.0...v4.2.1

diff --git a/lib/kitchen/driver/terraform.rb b/lib/kitchen/driver/terraform.rb
@@ -30,6 +30,7 @@
 require "kitchen/terraform/config_attribute/variables"
 require "kitchen/terraform/config_attribute/verify_version"
 require "kitchen/terraform/configurable"
+require "kitchen/terraform/debug_logger"
 require "kitchen/terraform/shell_out"
 require "kitchen/terraform/verify_version"
 require "shellwords"
@@ -275,16 +276,17 @@ def retrieve_outputs(&block)
     run_workspace_select_instance
     ::Kitchen::Terraform::Command::Output.run(
       client: config_client,
-      options: {
-        cwd: config_root_module_directory, live_stream: logger, timeout: config_command_timeout,
-      }, &block
+      options: {cwd: config_root_module_directory,  live_stream: debug_logger,  timeout: config_command_timeout},
+      &block
     )
   rescue ::Kitchen::Terraform::Error => error
     raise ::Kitchen::ActionFailed, error.message
   end
 
   private
 
+  attr_accessor :debug_logger
+
   def apply_run
     apply_run_get
     apply_run_validate
@@ -452,6 +454,11 @@ def destroy_run_workspace_select_default
     )
   end
 
+  def initialize(config = {})
+    super
+    self.debug_logger = ::Kitchen::Terraform::DebugLogger.new logger
+  end
+
   # @api private
   def lock_flag
     "-lock=#{config_lock}"

diff --git a/lib/kitchen/terraform/debug_logger.rb b/lib/kitchen/terraform/debug_logger.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "delegate"
+
+module Kitchen
+  module Terraform
+    # This class delegates to a logger but ensures the debug level is the default level used for logging messages.
+    class DebugLogger < ::SimpleDelegator
+      # This method overrides the #<< method of the delegate to call #debug.
+      #
+      # @param message [#to_s] the message to be logged.
+      # @return [nil, true] if the given severity is high enough for this particular logger then return
+      #   <code>nil</code>; else return <code>true</code>.
+      def <<(message)
+        debug message
+      end
+    end
+  end
+end
diff --git a/lib/kitchen/terraform/version.rb b/lib/kitchen/terraform/version.rb
@@ -72,7 +72,7 @@ def temporarily_override(version:)
 
     # @api private
     def value
-      self.value = ::Gem::Version.new "4.4.0" if not @value
+      self.value = ::Gem::Version.new "4.5.0" if not @value
       @value
     end
 

diff --git a/ruby-2.3/Gemfile.lock b/ruby-2.3/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: ..
   specs:
-    kitchen-terraform (4.4.0)
+    kitchen-terraform (4.5.0)
       dry-types (~> 0.14.0)
       dry-validation (= 0.13.0)
       inspec (~> 3.0)
@@ -33,7 +33,7 @@ GEM
       tzinfo (~> 1.1)
     addressable (2.6.0)
       public_suffix (>= 2.0.2, < 4.0)
-    autoprefixer-rails (9.5.0)
+    autoprefixer-rails (9.5.1)
       execjs
     aws-eventstream (1.0.2)
     aws-sdk (2.11.256)
@@ -349,7 +349,7 @@ GEM
     rspec-expectations (3.8.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-its (1.2.0)
+    rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
     rspec-mocks (3.8.0)

diff --git a/ruby-2.4/Gemfile.lock b/ruby-2.4/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: ..
   specs:
-    kitchen-terraform (4.4.0)
+    kitchen-terraform (4.5.0)
       dry-types (~> 0.14.0)
       dry-validation (= 0.13.0)
       inspec (~> 3.0)
@@ -33,7 +33,7 @@ GEM
       tzinfo (~> 1.1)
     addressable (2.6.0)
       public_suffix (>= 2.0.2, < 4.0)
-    autoprefixer-rails (9.5.0)
+    autoprefixer-rails (9.5.1)
       execjs
     aws-eventstream (1.0.2)
     aws-sdk (2.11.256)
@@ -349,7 +349,7 @@ GEM
     rspec-expectations (3.8.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-its (1.2.0)
+    rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
     rspec-mocks (3.8.0)

diff --git a/ruby-2.5/Gemfile.lock b/ruby-2.5/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: ..
   specs:
-    kitchen-terraform (4.4.0)
+    kitchen-terraform (4.5.0)
       dry-types (~> 0.14.0)
       dry-validation (= 0.13.0)
       inspec (~> 3.0)
@@ -33,7 +33,7 @@ GEM
       tzinfo (~> 1.1)
     addressable (2.6.0)
       public_suffix (>= 2.0.2, < 4.0)
-    autoprefixer-rails (9.5.0)
+    autoprefixer-rails (9.5.1)
       execjs
     aws-eventstream (1.0.2)
     aws-sdk (2.11.256)
@@ -349,7 +349,7 @@ GEM
     rspec-expectations (3.8.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-its (1.2.0)
+    rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
     rspec-mocks (3.8.0)

diff --git a/ruby-2.6/Gemfile.lock b/ruby-2.6/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: ..
   specs:
-    kitchen-terraform (4.4.0)
+    kitchen-terraform (4.5.0)
       dry-types (~> 0.14.0)
       dry-validation (= 0.13.0)
       inspec (~> 3.0)
@@ -33,7 +33,7 @@ GEM
       tzinfo (~> 1.1)
     addressable (2.6.0)
       public_suffix (>= 2.0.2, < 4.0)
-    autoprefixer-rails (9.5.0)
+    autoprefixer-rails (9.5.1)
       execjs
     aws-eventstream (1.0.2)
     aws-sdk (2.11.256)
@@ -349,7 +349,7 @@ GEM
     rspec-expectations (3.8.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-its (1.2.0)
+    rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
     rspec-mocks (3.8.0)

diff --git a/spec/lib/kitchen/driver/terraform_spec.rb b/spec/lib/kitchen/driver/terraform_spec.rb
@@ -17,6 +17,7 @@
 require "json"
 require "kitchen"
 require "kitchen/driver/terraform"
+require "kitchen/terraform/debug_logger"
 require "kitchen/terraform/error"
 require "kitchen/terraform/shell_out"
 require "kitchen/terraform/verify_version"
@@ -166,14 +167,6 @@ def shell_out_run_success(command:, return_value: "mocked `terraform` success",
     ).and_return return_value
   end
 
-  def shell_out_run_yield(command:, standard_output: "mocked `terraform` success")
-    allow(shell_out).to receive(:run).with(
-      client: config_client,
-      command: command,
-      options: { cwd: kitchen_root, live_stream: kitchen_logger, timeout: command_timeout },
-    ).and_yield standard_output: standard_output
-  end
-
   it_behaves_like "Kitchen::Terraform::ConfigAttribute::BackendConfigurations"
 
   it_behaves_like "Kitchen::Terraform::ConfigAttribute::Client"
@@ -682,17 +675,30 @@ def shell_out_run_yield(command:, standard_output: "mocked `terraform` success")
 
   describe "#retrieve_outputs" do
     subject do
-      described_instance
+      described_class.new config
+    end
+
+    let :debug_logger do
+      instance_double ::Kitchen::Terraform::DebugLogger
     end
 
     before do
       subject.finalize_config! kitchen_instance
+      subject.send :debug_logger=, debug_logger
     end
 
     shared_examples "`terraform output` is run" do
       context "when the command results in failure due to no outputs defined" do
         before do
-          shell_out_run_failure command: "output -json", message: "no outputs defined"
+          allow(shell_out).to receive(:run).with(
+            client: config_client,
+            command: "output -json",
+            options: {
+              cwd: kitchen_root,
+              live_stream: debug_logger,
+              timeout: command_timeout
+            },
+          ).and_raise ::Kitchen::Terraform::Error, "no outputs defined"
         end
 
         specify "should ignore the failure and yield an empty hash" do
@@ -703,20 +709,36 @@ def shell_out_run_yield(command:, standard_output: "mocked `terraform` success")
       end
 
       context "when the command results in failure not due to no outputs defined" do
+        let :error_message do
+          "mocked `terraform output` failure"
+        end
+
         before do
-          shell_out_run_failure command: "output -json", message: "mocked `terraform output` failure"
+          allow(shell_out).to receive(:run).with(
+            client: config_client,
+            command: "output -json",
+            options: {
+              cwd: kitchen_root,
+              live_stream: debug_logger,
+              timeout: command_timeout
+            },
+          ).and_raise ::Kitchen::Terraform::Error, error_message
         end
 
         specify "should result in an action failed error with the failed command output" do
           expect do
             subject.retrieve_outputs
-          end.to raise_error ::Kitchen::ActionFailed, "mocked `terraform output` failure"
+          end.to raise_error ::Kitchen::ActionFailed, error_message
         end
       end
 
       context "when the command results in success" do
         before do
-          shell_out_run_yield command: "output -json", standard_output: terraform_output_value
+          allow(shell_out).to receive(:run).with(
+            client: config_client,
+            command: "output -json",
+            options: { cwd: kitchen_root, live_stream: debug_logger, timeout: command_timeout },
+          ).and_yield standard_output: terraform_output_value
         end
 
         context "when the value of the command result is not valid JSON" do

diff --git a/spec/lib/kitchen/terraform/debug_logger_spec.rb b/spec/lib/kitchen/terraform/debug_logger_spec.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen"
+require "kitchen/terraform/debug_logger"
+
+::RSpec.describe ::Kitchen::Terraform::DebugLogger do
+  subject do 
+    described_class.new logger
+  end
+
+  let :logger do 
+    instance_double ::Kitchen::Logger 
+  end
+
+  shared_examples "#debug" do
+    after do 
+      subject << "message" 
+    end
+
+    specify "forwards the message to #debug of the wrapped logger" do 
+      expect(logger).to receive(:debug).with "message" 
+    end
+  end
+
+  describe "#<< " do 
+    it_behaves_like "#debug" 
+  end
+
+  describe "#debug" do 
+    it_behaves_like "#debug" 
+  end
+end
diff --git a/spec/lib/kitchen/terraform/version_spec.rb b/spec/lib/kitchen/terraform/version_spec.rb
@@ -24,7 +24,7 @@
   end
 
   let :version do
-    ::Gem::Version.new "4.4.0"
+    ::Gem::Version.new "4.5.0"
   end
 
   describe ".assign_plugin_version" do

diff --git a/spec/support/kitchen/terraform/configurable_examples.rb b/spec/support/kitchen/terraform/configurable_examples.rb
@@ -34,7 +34,7 @@
     end
 
     it "equals the gem version" do
-      expect(subject.instance_variable_get(:@plugin_version)).to eq "4.4.0"
+      expect(subject.instance_variable_get(:@plugin_version)).to eq "4.5.0"
     end
   end
 

diff --git a/test/terraform/attributes/outputs.tf b/test/terraform/attributes/outputs.tf
@@ -3,7 +3,8 @@ output "first_output" {
 }
 
 output "second_output" {
-  value = "Second Output"
+  value     = "Second Output"
+  sensitive = true
 }
 
 output "third_output" {