Skip to content

Terragrunt doesn't escape input variables in some situations #3368

New issue
New issue
Open
#4681
Open
Terragrunt doesn't escape input variables in some situations#3368
#4681
Labels
awaiting responseWaiting for a response or more data from issue reporterbugSomething isn't working
@dpedu

Description

@dpedu
dpedu
opened on Aug 28, 2024

Describe the bug

I have a terragrunt.hcl config with inputs like:

inputs = {
  stuff = jsondecode(file("stuff.json"))
}

If stuff.json contains a string anywhere within it that contains characters like: ${foo}, the way Terragrunt invokes Terraform results in an error:

$ terragrunt plan --terragrunt-log-level debug --terragrunt-debug
...
15:49:12.011 STDOUT terraform: │ Error: Variables not allowed
15:49:12.011 STDOUT terraform: │
15:49:12.011 STDOUT terraform: │   on <value for var.stuff> line 1:
15:49:12.011 STDOUT terraform: │   (source code not available)
15:49:12.011 STDOUT terraform: │
15:49:12.011 STDOUT terraform: │ Variables may not be used here.
...

Steps To Reproduce

Terragrunt config:

terraform {
  source = "/Users/dpedu/code/sillymodule"
}

inputs = {
  stuff = jsondecode(file("stuff.json"))
}

stuff.json:

{
    "foo": "test ${bar} test"
}

Sillymodule main.tf:

terraform {
  backend "s3" {}
}

variable "stuff" {
  type    = map(string)
  default = {}
}

Expected behavior

Terragrunt should pass input variables to terraform in the same manner that they are written, escaping as necessary.

Nice to haves

Terminal output:

$ ~/Downloads/terragrunt_darwin_arm64 plan --terragrunt-log-level debug --terragrunt-debug
15:54:21.405 DEBUG  Terragrunt Version: 0.67.0
15:54:21.411 DEBUG  Did not find any locals block: skipping evaluation.
15:54:21.412 DEBUG  Running command: terraform --version
15:54:21.590 DEBUG  terraform version: 1.9.2
15:54:21.590 DEBUG  Reading Terragrunt config file at terragrunt.hcl
15:54:21.590 DEBUG  Did not find any locals block: skipping evaluation.
15:54:21.590 DEBUG  Did not find any locals block: skipping evaluation.
15:54:21.592 DEBUG  terraform files in /Users/dpedu/code/tgtesting/dollarbug/.terragrunt-cache/zkefbz3Gly-jCio4QV13c-CkEjw/PrZCQT1w3Qeo-ReaX-gLYPGYNlc are up to date. Will not download again.
15:54:21.592 DEBUG  Copying files from /Users/dpedu/code/tgtesting/dollarbug into /Users/dpedu/code/tgtesting/dollarbug/.terragrunt-cache/zkefbz3Gly-jCio4QV13c-CkEjw/PrZCQT1w3Qeo-ReaX-gLYPGYNlc
15:54:21.593 DEBUG  Setting working directory to /Users/dpedu/code/tgtesting/dollarbug/.terragrunt-cache/zkefbz3Gly-jCio4QV13c-CkEjw/PrZCQT1w3Qeo-ReaX-gLYPGYNlc
15:54:21.593 INFO   Debug mode requested: generating debug file terragrunt-debug.tfvars.json in working dir /Users/dpedu/code/tgtesting/dollarbug/.terragrunt-cache/zkefbz3Gly-jCio4QV13c-CkEjw/PrZCQT1w3Qeo-ReaX-gLYPGYNlc
15:54:21.593 DEBUG  The following variables were detected in the terraform module:
15:54:21.593 DEBUG  [stuff]
15:54:21.593 DEBUG  Variables passed to terraform are located in "/Users/dpedu/code/tgtesting/dollarbug/terragrunt-debug.tfvars.json"
15:54:21.593 DEBUG  Run this command to replicate how terraform was invoked:
15:54:21.593 DEBUG  	terraform -chdir="/Users/dpedu/code/tgtesting/dollarbug/.terragrunt-cache/zkefbz3Gly-jCio4QV13c-CkEjw/PrZCQT1w3Qeo-ReaX-gLYPGYNlc" plan -var-file="/Users/dpedu/code/tgtesting/dollarbug/terragrunt-debug.tfvars.json"
15:54:21.594 DEBUG  Running command: terraform init
15:54:21.620 STDOUT terraform: Initializing the backend...
15:54:24.626 STDOUT terraform: Initializing provider plugins...
15:54:24.626 STDOUT terraform: Terraform has been successfully initialized!
15:54:24.628 STDOUT terraform:
15:54:24.628 STDOUT terraform: You may now begin working with Terraform. Try running "terraform plan" to see
15:54:24.628 STDOUT terraform: any changes that are required for your infrastructure. All Terraform commands
15:54:24.628 STDOUT terraform: should now work.
15:54:24.628 STDOUT terraform: If you ever set or change modules or backend configuration for Terraform,
15:54:24.628 STDOUT terraform: rerun this command to reinitialize your working directory. If you forget, other
15:54:24.628 STDOUT terraform: commands will detect it and remind you to do so if necessary.
15:54:24.629 DEBUG  Running command: terraform plan
15:54:26.217 STDOUT terraform: ╷
15:54:26.217 STDOUT terraform: │ Error: Variables not allowed
15:54:26.217 STDOUT terraform: │
15:54:26.218 STDOUT terraform: │   on <value for var.stuff> line 1:
15:54:26.218 STDOUT terraform: │   (source code not available)
15:54:26.218 STDOUT terraform: │
15:54:26.218 STDOUT terraform: │ Variables may not be used here.
15:54:26.218 STDOUT terraform: ╵
15:54:26.222 ERROR  terraform invocation failed in /Users/dpedu/code/tgtesting/dollarbug/.terragrunt-cache/zkefbz3Gly-jCio4QV13c-CkEjw/PrZCQT1w3Qeo-ReaX-gLYPGYNlc error=[/Users/dpedu/code/tgtesting/dollarbug/.terragrunt-cache/zkefbz3Gly-jCio4QV13c-CkEjw/PrZCQT1w3Qeo-ReaX-gLYPGYNlc] exit status 1
15:54:26.421 ERROR  1 error occurred:
	* [/Users/dpedu/code/tgtesting/dollarbug/.terragrunt-cache/zkefbz3Gly-jCio4QV13c-CkEjw/PrZCQT1w3Qeo-ReaX-gLYPGYNlc] exit status 1

Versions

  • Terragrunt version: 0.67.0
  • OpenTofu/Terraform version: Terraform 1.9.2
  • Environment details: macOS

Additional context

The debug flags used produce terragrunt-debug.tfvars.json, which looks like this:

{
  "stuff": {
    "foo": "test ${bar} test"
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    awaiting responseWaiting for a response or more data from issue reporterbugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions