diff --git a/CHANGELOG.md b/CHANGELOG.md
index cbdc04a8a..b092569c0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,15 @@ adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
## [Unreleased][unreleased]
+## [4.5.0] - 2019-04-10
+
+### Changed
+
+- The output of `terraform output` is logged at the debug level to
+ prevent sensitive output values from being printed by default. This
+ output can be viewed by enabling the debug log level. For example:
+ `kitchen converge INSTANCE --log-level=debug`
+
## [4.4.0] - 2019-04-06
### Added
@@ -609,7 +618,8 @@ Gandalf the Free-As-In-Beer
- Initial release
-[unreleased]: https://github.com/newcontext/kitchen-terraform/compare/v4.4.0...HEAD
+[unreleased]: https://github.com/newcontext/kitchen-terraform/compare/v4.5.0...HEAD
+[4.5.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.4.0...v4.5.0
[4.4.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.3.0...v4.4.0
[4.3.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.2.1...v4.3.0
[4.2.1]: https://github.com/newcontext/kitchen-terraform/compare/v4.2.0...v4.2.1
diff --git a/lib/kitchen/driver/terraform.rb b/lib/kitchen/driver/terraform.rb
index 079475e2b..fbaec90ce 100644
--- a/lib/kitchen/driver/terraform.rb
+++ b/lib/kitchen/driver/terraform.rb
@@ -30,6 +30,7 @@
require "kitchen/terraform/config_attribute/variables"
require "kitchen/terraform/config_attribute/verify_version"
require "kitchen/terraform/configurable"
+require "kitchen/terraform/debug_logger"
require "kitchen/terraform/shell_out"
require "kitchen/terraform/verify_version"
require "shellwords"
@@ -275,9 +276,8 @@ def retrieve_outputs(&block)
run_workspace_select_instance
::Kitchen::Terraform::Command::Output.run(
client: config_client,
- options: {
- cwd: config_root_module_directory, live_stream: logger, timeout: config_command_timeout,
- }, &block
+ options: {cwd: config_root_module_directory, live_stream: debug_logger, timeout: config_command_timeout},
+ &block
)
rescue ::Kitchen::Terraform::Error => error
raise ::Kitchen::ActionFailed, error.message
@@ -285,6 +285,8 @@ def retrieve_outputs(&block)
private
+ attr_accessor :debug_logger
+
def apply_run
apply_run_get
apply_run_validate
@@ -452,6 +454,11 @@ def destroy_run_workspace_select_default
)
end
+ def initialize(config = {})
+ super
+ self.debug_logger = ::Kitchen::Terraform::DebugLogger.new logger
+ end
+
# @api private
def lock_flag
"-lock=#{config_lock}"
diff --git a/lib/kitchen/terraform/debug_logger.rb b/lib/kitchen/terraform/debug_logger.rb
new file mode 100644
index 000000000..44def59f7
--- /dev/null
+++ b/lib/kitchen/terraform/debug_logger.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "delegate"
+
+module Kitchen
+ module Terraform
+ # This class delegates to a logger but ensures the debug level is the default level used for logging messages.
+ class DebugLogger < ::SimpleDelegator
+ # This method overrides the #<< method of the delegate to call #debug.
+ #
+ # @param message [#to_s] the message to be logged.
+ # @return [nil, true] if the given severity is high enough for this particular logger then return
+ # nil; else return true.
+ def <<(message)
+ debug message
+ end
+ end
+ end
+end
diff --git a/lib/kitchen/terraform/version.rb b/lib/kitchen/terraform/version.rb
index a5328433d..6a518e279 100644
--- a/lib/kitchen/terraform/version.rb
+++ b/lib/kitchen/terraform/version.rb
@@ -72,7 +72,7 @@ def temporarily_override(version:)
# @api private
def value
- self.value = ::Gem::Version.new "4.4.0" if not @value
+ self.value = ::Gem::Version.new "4.5.0" if not @value
@value
end
diff --git a/ruby-2.3/Gemfile.lock b/ruby-2.3/Gemfile.lock
index 6220422b2..a3e773127 100644
--- a/ruby-2.3/Gemfile.lock
+++ b/ruby-2.3/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
PATH
remote: ..
specs:
- kitchen-terraform (4.4.0)
+ kitchen-terraform (4.5.0)
dry-types (~> 0.14.0)
dry-validation (= 0.13.0)
inspec (~> 3.0)
@@ -33,7 +33,7 @@ GEM
tzinfo (~> 1.1)
addressable (2.6.0)
public_suffix (>= 2.0.2, < 4.0)
- autoprefixer-rails (9.5.0)
+ autoprefixer-rails (9.5.1)
execjs
aws-eventstream (1.0.2)
aws-sdk (2.11.256)
@@ -349,7 +349,7 @@ GEM
rspec-expectations (3.8.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
- rspec-its (1.2.0)
+ rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.8.0)
diff --git a/ruby-2.4/Gemfile.lock b/ruby-2.4/Gemfile.lock
index a7835c23d..903f6b48c 100644
--- a/ruby-2.4/Gemfile.lock
+++ b/ruby-2.4/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
PATH
remote: ..
specs:
- kitchen-terraform (4.4.0)
+ kitchen-terraform (4.5.0)
dry-types (~> 0.14.0)
dry-validation (= 0.13.0)
inspec (~> 3.0)
@@ -33,7 +33,7 @@ GEM
tzinfo (~> 1.1)
addressable (2.6.0)
public_suffix (>= 2.0.2, < 4.0)
- autoprefixer-rails (9.5.0)
+ autoprefixer-rails (9.5.1)
execjs
aws-eventstream (1.0.2)
aws-sdk (2.11.256)
@@ -349,7 +349,7 @@ GEM
rspec-expectations (3.8.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
- rspec-its (1.2.0)
+ rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.8.0)
diff --git a/ruby-2.5/Gemfile.lock b/ruby-2.5/Gemfile.lock
index ae2d8049b..90be83ad3 100644
--- a/ruby-2.5/Gemfile.lock
+++ b/ruby-2.5/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
PATH
remote: ..
specs:
- kitchen-terraform (4.4.0)
+ kitchen-terraform (4.5.0)
dry-types (~> 0.14.0)
dry-validation (= 0.13.0)
inspec (~> 3.0)
@@ -33,7 +33,7 @@ GEM
tzinfo (~> 1.1)
addressable (2.6.0)
public_suffix (>= 2.0.2, < 4.0)
- autoprefixer-rails (9.5.0)
+ autoprefixer-rails (9.5.1)
execjs
aws-eventstream (1.0.2)
aws-sdk (2.11.256)
@@ -349,7 +349,7 @@ GEM
rspec-expectations (3.8.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
- rspec-its (1.2.0)
+ rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.8.0)
diff --git a/ruby-2.6/Gemfile.lock b/ruby-2.6/Gemfile.lock
index a0f1f5c7c..a2364dff7 100644
--- a/ruby-2.6/Gemfile.lock
+++ b/ruby-2.6/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
PATH
remote: ..
specs:
- kitchen-terraform (4.4.0)
+ kitchen-terraform (4.5.0)
dry-types (~> 0.14.0)
dry-validation (= 0.13.0)
inspec (~> 3.0)
@@ -33,7 +33,7 @@ GEM
tzinfo (~> 1.1)
addressable (2.6.0)
public_suffix (>= 2.0.2, < 4.0)
- autoprefixer-rails (9.5.0)
+ autoprefixer-rails (9.5.1)
execjs
aws-eventstream (1.0.2)
aws-sdk (2.11.256)
@@ -349,7 +349,7 @@ GEM
rspec-expectations (3.8.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
- rspec-its (1.2.0)
+ rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.8.0)
diff --git a/spec/lib/kitchen/driver/terraform_spec.rb b/spec/lib/kitchen/driver/terraform_spec.rb
index 841c952e2..cfd138061 100644
--- a/spec/lib/kitchen/driver/terraform_spec.rb
+++ b/spec/lib/kitchen/driver/terraform_spec.rb
@@ -17,6 +17,7 @@
require "json"
require "kitchen"
require "kitchen/driver/terraform"
+require "kitchen/terraform/debug_logger"
require "kitchen/terraform/error"
require "kitchen/terraform/shell_out"
require "kitchen/terraform/verify_version"
@@ -166,14 +167,6 @@ def shell_out_run_success(command:, return_value: "mocked `terraform` success",
).and_return return_value
end
- def shell_out_run_yield(command:, standard_output: "mocked `terraform` success")
- allow(shell_out).to receive(:run).with(
- client: config_client,
- command: command,
- options: { cwd: kitchen_root, live_stream: kitchen_logger, timeout: command_timeout },
- ).and_yield standard_output: standard_output
- end
-
it_behaves_like "Kitchen::Terraform::ConfigAttribute::BackendConfigurations"
it_behaves_like "Kitchen::Terraform::ConfigAttribute::Client"
@@ -682,17 +675,30 @@ def shell_out_run_yield(command:, standard_output: "mocked `terraform` success")
describe "#retrieve_outputs" do
subject do
- described_instance
+ described_class.new config
+ end
+
+ let :debug_logger do
+ instance_double ::Kitchen::Terraform::DebugLogger
end
before do
subject.finalize_config! kitchen_instance
+ subject.send :debug_logger=, debug_logger
end
shared_examples "`terraform output` is run" do
context "when the command results in failure due to no outputs defined" do
before do
- shell_out_run_failure command: "output -json", message: "no outputs defined"
+ allow(shell_out).to receive(:run).with(
+ client: config_client,
+ command: "output -json",
+ options: {
+ cwd: kitchen_root,
+ live_stream: debug_logger,
+ timeout: command_timeout
+ },
+ ).and_raise ::Kitchen::Terraform::Error, "no outputs defined"
end
specify "should ignore the failure and yield an empty hash" do
@@ -703,20 +709,36 @@ def shell_out_run_yield(command:, standard_output: "mocked `terraform` success")
end
context "when the command results in failure not due to no outputs defined" do
+ let :error_message do
+ "mocked `terraform output` failure"
+ end
+
before do
- shell_out_run_failure command: "output -json", message: "mocked `terraform output` failure"
+ allow(shell_out).to receive(:run).with(
+ client: config_client,
+ command: "output -json",
+ options: {
+ cwd: kitchen_root,
+ live_stream: debug_logger,
+ timeout: command_timeout
+ },
+ ).and_raise ::Kitchen::Terraform::Error, error_message
end
specify "should result in an action failed error with the failed command output" do
expect do
subject.retrieve_outputs
- end.to raise_error ::Kitchen::ActionFailed, "mocked `terraform output` failure"
+ end.to raise_error ::Kitchen::ActionFailed, error_message
end
end
context "when the command results in success" do
before do
- shell_out_run_yield command: "output -json", standard_output: terraform_output_value
+ allow(shell_out).to receive(:run).with(
+ client: config_client,
+ command: "output -json",
+ options: { cwd: kitchen_root, live_stream: debug_logger, timeout: command_timeout },
+ ).and_yield standard_output: terraform_output_value
end
context "when the value of the command result is not valid JSON" do
diff --git a/spec/lib/kitchen/terraform/debug_logger_spec.rb b/spec/lib/kitchen/terraform/debug_logger_spec.rb
new file mode 100644
index 000000000..d17f45706
--- /dev/null
+++ b/spec/lib/kitchen/terraform/debug_logger_spec.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen"
+require "kitchen/terraform/debug_logger"
+
+::RSpec.describe ::Kitchen::Terraform::DebugLogger do
+ subject do
+ described_class.new logger
+ end
+
+ let :logger do
+ instance_double ::Kitchen::Logger
+ end
+
+ shared_examples "#debug" do
+ after do
+ subject << "message"
+ end
+
+ specify "forwards the message to #debug of the wrapped logger" do
+ expect(logger).to receive(:debug).with "message"
+ end
+ end
+
+ describe "#<< " do
+ it_behaves_like "#debug"
+ end
+
+ describe "#debug" do
+ it_behaves_like "#debug"
+ end
+end
diff --git a/spec/lib/kitchen/terraform/version_spec.rb b/spec/lib/kitchen/terraform/version_spec.rb
index 3afb108f2..9c1f18e57 100644
--- a/spec/lib/kitchen/terraform/version_spec.rb
+++ b/spec/lib/kitchen/terraform/version_spec.rb
@@ -24,7 +24,7 @@
end
let :version do
- ::Gem::Version.new "4.4.0"
+ ::Gem::Version.new "4.5.0"
end
describe ".assign_plugin_version" do
diff --git a/spec/support/kitchen/terraform/configurable_examples.rb b/spec/support/kitchen/terraform/configurable_examples.rb
index e781c5440..44ec81d72 100644
--- a/spec/support/kitchen/terraform/configurable_examples.rb
+++ b/spec/support/kitchen/terraform/configurable_examples.rb
@@ -34,7 +34,7 @@
end
it "equals the gem version" do
- expect(subject.instance_variable_get(:@plugin_version)).to eq "4.4.0"
+ expect(subject.instance_variable_get(:@plugin_version)).to eq "4.5.0"
end
end
diff --git a/test/terraform/attributes/outputs.tf b/test/terraform/attributes/outputs.tf
index 98c308493..33f046141 100644
--- a/test/terraform/attributes/outputs.tf
+++ b/test/terraform/attributes/outputs.tf
@@ -3,7 +3,8 @@ output "first_output" {
}
output "second_output" {
- value = "Second Output"
+ value = "Second Output"
+ sensitive = true
}
output "third_output" {