1.1.9: templatefile + sensitive value: go panic: value is marked, so must be unmarked first #31119

bitsofinfo · 2022-05-24T14:22:00Z

08:16 $ terraform -v
Terraform v1.1.9
on darwin_amd64

Error: Error in function call
│ 
│   on main.tf line 96, in resource "helm_release" "kubernetes_acme_dns_registrar":
│   96:     value = templatefile(var.api_idp_principalDbConfigYaml_filePath, {
│   97:       idp_principal_admin_secretHash = var.idp_principal_admin_secretHash
│   98:     })
│     ├────────────────
│     │ var.api_idp_principalDbConfigYaml_filePath has a sensitive value
│     │ var.idp_principal_admin_secretHash has a sensitive value
│ 
│ Call to function "templatefile" failed: panic in function implementation:
│ value is marked, so must be unmarked first
│ goroutine 282 [running]:
│ runtime/debug.Stack()
│       /usr/local/go/src/runtime/debug/stack.go:24 +0x65
│ github.com/zclconf/go-cty/cty/function.errorForPanic(...)
│       /Users/distiller/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/error.go:44
│ github.com/zclconf/go-cty/cty/function.Function.ReturnTypeForValues.func1()
│       /Users/distiller/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/function.go:217
│ +0x7a
│ panic({0x2e306a0, 0x37d2db0})
│       /usr/local/go/src/runtime/panic.go:1038 +0x215
│ github.com/zclconf/go-cty/cty.Value.assertUnmarked(...)
│       /Users/distiller/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/marks.go:141
│ github.com/zclconf/go-cty/cty.Value.AsString({{{0x3855738, 0xc00005e43a}},
│ {0x3005800, 0xc000b0d380}})
│       /Users/distiller/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/value_ops.go:1254
│ +0x4c
│ github.com/hashicorp/terraform/internal/lang/funcs.MakeTemplateFileFunc.func1({0xc00005625e,
│ 0x1c}, 0xc001d70960)
│       /Users/distiller/project/project/internal/lang/funcs/filesystem.go:90
│ +0xf4
│ github.com/hashicorp/terraform/internal/lang/funcs.MakeTemplateFileFunc.func3({0xc0020b3d40,
│ 0x2, 0x3855770})
│       /Users/distiller/project/project/internal/lang/funcs/filesystem.go:167
│ +0xcb
│ github.com/zclconf/go-cty/cty/function.Function.ReturnTypeForValues({0x0},
│ {0xc0020b3d00, 0x2, 0xc0010c17c0})
│       /Users/distiller/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/function.go:221
│ +0x2ff
│ github.com/zclconf/go-cty/cty/function.Function.Call({0x0}, {0xc0020b3d00,
│ 0x2, 0x2})
│       /Users/distiller/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/function.go:228
│ +0x86
│ github.com/hashicorp/hcl/v2/hclsyntax.(*FunctionCallExpr).Value(0xc000a303c0,
│ 0xc000a6dc08)
│       /Users/distiller/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hclsyntax/expression.go:442
│ +0x249f
│ github.com/hashicorp/hcl/v2/hcldec.(*AttrSpec).decode(0xc000dcf560, 0xaba,
│ {0x5e, 0x7, 0xaba}, 0xc000a6dc08)
│       /Users/distiller/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hcldec/spec.go:211
│ +0x1f6
│ github.com/hashicorp/hcl/v2/hcldec.ObjectSpec.decode(0xc000dcf530,
│ 0xc000dcf530, {0x4e1b240, 0x0, 0x0}, 0x0)
│       /Users/distiller/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hcldec/spec.go:85
│ +0x1e2
│ github.com/hashicorp/hcl/v2/hcldec.decode({0x3854708, 0xc0010c0c60},
│ {0x4e1b240, 0x0, 0x0}, 0x3855428, {0x3855428, 0xc000dcf530}, 0x0)
│       /Users/distiller/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hcldec/decode.go:21
│ +0x11d
│ github.com/hashicorp/hcl/v2/hcldec.(*BlockSetSpec).decode(0xc001ba2930,
│ 0xc000a2c480, {0xc00053dac0, 0xb, 0x6b2}, 0xc000a6dc08)
│       /Users/distiller/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hcldec/spec.go:756
│ +0x1df
│ github.com/hashicorp/hcl/v2/hcldec.ObjectSpec.decode(0xc001ba20c0,
│ 0xc001ba20c0, {0x0, 0x0, 0x0}, 0x100e827)
│       /Users/distiller/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hcldec/spec.go:85
│ +0x1e2
│ github.com/hashicorp/hcl/v2/hcldec.decode({0x3854708, 0xc0010c0ae0}, {0x0,
│ 0x0, 0x0}, 0x0, {0x3855428, 0xc001ba20c0}, 0x0)
│       /Users/distiller/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hcldec/decode.go:21
│ +0x11d
│ github.com/hashicorp/hcl/v2/hcldec.Decode(...)
│       /Users/distiller/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hcldec/public.go:15
│ github.com/hashicorp/terraform/internal/lang.(*Scope).EvalBlock(0xc000a262a0,
│ {0x3854040, 0xc001646bd0}, 0xc000586a58)
│       /Users/distiller/project/project/internal/lang/eval.go:67 +0x1a7
│ github.com/hashicorp/terraform/internal/terraform.(*BuiltinEvalContext).EvaluateBlock(0x0,
│ {0x38542e0, 0xc000b1a2c0}, 0xc00005e43b, {0x0, 0x0}, {{{{0x0, 0x0}}, {0x0,
│ 0x0}}, ...})
│       /Users/distiller/project/project/internal/terraform/eval_context_builtin.go:274
│ +0x139
│ github.com/hashicorp/terraform/internal/terraform.(*NodeAbstractResourceInstance).plan(0xc00155c700,
│ {0x38cd2a0, 0xc00083c700}, 0x0, 0xc000a26240, 0x0, {0x0, 0x0, 0x0})
│       /Users/distiller/project/project/internal/terraform/node_resource_abstract_instance.go:674
│ +0x40e
│ github.com/hashicorp/terraform/internal/terraform.(*NodePlannableResourceInstance).managedResourceExecute(0xc001a586c0,
│ {0x38cd2a0, 0xc00083c700})
│       /Users/distiller/project/project/internal/terraform/node_resource_plan_instance.go:197
│ +0x7a5
│ github.com/hashicorp/terraform/internal/terraform.(*NodePlannableResourceInstance).Execute(0x0,
│ {0x38cd2a0, 0xc00083c700}, 0x0)
│       /Users/distiller/project/project/internal/terraform/node_resource_plan_instance.go:54
│ +0x90
│ github.com/hashicorp/terraform/internal/terraform.(*ContextGraphWalker).Execute(0xc00083c460,
│ {0x38cd2a0, 0xc00083c700}, {0xd104358, 0xc001a586c0})
│       /Users/distiller/project/project/internal/terraform/graph_walk_context.go:133
│ +0xc2
│ github.com/hashicorp/terraform/internal/terraform.(*Graph).walk.func1({0x3273a00,
│ 0xc001a586c0})
│       /Users/distiller/project/project/internal/terraform/graph.go:74 +0x2f0
│ github.com/hashicorp/terraform/internal/dag.(*Walker).walkVertex(0xc001a74240,
│ {0x3273a00, 0xc001a586c0}, 0xc001a5c840)
│       /Users/distiller/project/project/internal/dag/walk.go:381 +0x2f1
│ created by github.com/hashicorp/terraform/internal/dag.(*Walker).Update
│       /Users/distiller/project/project/internal/dag/walk.go:304 +0xf85
│ .
╵
ERRO[0121] Module /Users/dfdfd/Documents/ccc/ddd/XYZ-Balloon-Prototype/devops-terraform/azure/zzz/eastus/eee/rnd2/k8s-kadr has finished with an error: 1 error occurred:
        * exit status 1

related to #30824 ?

The text was updated successfully, but these errors were encountered:

bitsofinfo · 2022-05-24T14:31:01Z

for others, wrapping the sensitive vars in nonsensitive is a work-around..

jbardin · 2022-05-24T14:55:50Z

Thanks @bitsofinfo,

Adding a brief example for reproduction:

variable "tmpl" {
  default = "test.tmpl"
  sensitive = true
}

output out {
  value = templatefile(var.tmpl, {})
}

bitsofinfo added bug new new issue not yet triaged labels May 24, 2022

jbardin added config confirmed a Terraform Core team member has reproduced this issue and removed new new issue not yet triaged labels May 24, 2022

apparentlymart added the v1.1 Issues (primarily bugs) reported against v1.1 releases label Sep 16, 2022

apparentlymart mentioned this issue May 17, 2024

funcs: Don't panic if templatefile path is sensitive #35180

Merged

apparentlymart closed this as completed in #35180 May 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.1.9: templatefile + sensitive value: go panic: value is marked, so must be unmarked first #31119

1.1.9: templatefile + sensitive value: go panic: value is marked, so must be unmarked first #31119

bitsofinfo commented May 24, 2022

bitsofinfo commented May 24, 2022

jbardin commented May 24, 2022

1.1.9: templatefile + sensitive value: go panic: value is marked, so must be unmarked first #31119

1.1.9: templatefile + sensitive value: go panic: value is marked, so must be unmarked first #31119

Comments

bitsofinfo commented May 24, 2022

bitsofinfo commented May 24, 2022

jbardin commented May 24, 2022