Capture Terraform Provisioner Output Effectively

• Introduction
• Step-by-Step Guide
• Code Example
• Additional Notes
• Summary
• Conclusion
• References

In Terraform, you can't directly capture the output of provisioners into variables. This is because Terraform prioritizes managing resources and their state, viewing provisioners as actions performed on those resources. However, while direct output capture isn't possible, you can employ workarounds to achieve similar results.

You can't directly capture the output of Terraform provisioners into variables. Terraform's execution model focuses on resources and their state, treating provisioners as actions performed on those resources.

While you can't store the output directly, you can use workarounds:

1. null_resource with local-exec:

• Use a null_resource with a local-exec provisioner to run your command.
• Capture the command's output using file redirection or other methods within the script.

resource "null_resource" "example" {
  provisioner "local-exec" {
    command = "echo 'hello world' > output.txt"
  }
}

2. External Data Sources:

• Have your provisioner write its output to a file or a service readable by Terraform.
• Use a data source (like local_file, http, etc.) to fetch the output in subsequent resources.

resource "null_resource" "example" {
  provisioner "local-exec" {
    command = "echo '{\"value\": \"hello\"}' > output.json"
  }
}

data "local_file" "output" {
  filename = "output.json"
}

Limitations:

• These workarounds introduce dependencies and might affect Terraform's plan and apply phases.
• Debugging can be trickier compared to direct variable assignment.

Alternatives:

• Consider if you can achieve the desired outcome using Terraform resources directly.
• Explore tools like Terragrunt or external scripting for complex orchestration needs.

This code provides workarounds for capturing output from Terraform provisioners using a null_resource with local-exec provisioner. The first workaround redirects the command output to a file and reads it using local_file data source. The second workaround sends data to an HTTP server and retrieves it using http data source. These workarounds have limitations and should be considered for simple scenarios.

This code demonstrates the workarounds for capturing output from Terraform provisioners.

1. null_resource with local-exec and file redirection:

resource "null_resource" "capture_output" {
  provisioner "local-exec" {
    # Execute a command and redirect its output to a file
    command = "echo 'Hello from provisioner!' > output.txt"
  }
}

# Read the output from the file using a local_file data source
data "local_file" "provisioner_output" {
  filename = "${path.module}/output.txt"
}

output "captured_output" {
  value = data.local_file.provisioner_output.content
}

2. External Data Source (HTTP):

This example assumes you have a simple HTTP server running that returns the output.

resource "null_resource" "trigger_script" {
  provisioner "local-exec" {
    # Execute a script that sends data to an HTTP server
    command = "./send_data.sh"
  }
}

# Fetch the output from the HTTP server
data "http" "provisioner_output" {
  url = "http://your-server/output"
}

output "captured_output" {
  value = data.http.provisioner_output.body
}

Explanation:

• null_resource: We use null_resource as a placeholder to run the provisioner.
• local-exec: This provisioner executes arbitrary commands.
• File Redirection: In the first example, we redirect the command's output to a file (>).
• local_file Data Source: We use local_file to read the content of the output file.
• http Data Source: In the second example, we use http to fetch data from an external HTTP server.
• Outputs: We define outputs to display the captured data.

Remember:

• Replace placeholders like ./send_data.sh and "http://your-server/output" with your actual script and server details.
• These are workarounds and have limitations. Consider alternatives like Terraform resources or external tools for complex scenarios.

• Design Implication: Terraform's principle of immutable infrastructure influences its handling of provisioners. Provisioners are seen as actions with side effects, not primary sources of data for resource configuration.
• Debugging: When using workarounds, ensure your provisioner scripts have appropriate logging or error handling mechanisms. This helps diagnose issues during the plan and apply phases.
• State Management: Remember that the output captured through these workarounds is not part of Terraform's state. Changes to the output won't trigger updates unless reflected in the data source (e.g., modifying the output file).
• Security: If your provisioner script interacts with sensitive data, take precautions to avoid exposing it in the output file or through the HTTP server.
• Alternatives to Consider:
  • Terraform Remote State: If you need to share data between different Terraform workspaces, consider using remote state.
  • Configuration Management Tools: For complex orchestration and configuration tasks, dedicated tools like Ansible, Chef, or Puppet might be more suitable.
• Community Resources: The Terraform community forum and Stack Overflow are valuable resources for finding solutions and discussing alternative approaches.

Remember that while these workarounds can be helpful, it's crucial to understand their limitations and potential drawbacks. Always prioritize using Terraform resources directly when possible and explore alternative tools for complex scenarios.

Problem: You can't directly store the output of Terraform provisioners into variables.

Workarounds:

Limitations of Workarounds:

• Introduce dependencies that can impact Terraform's plan and apply phases.
• Debugging becomes more complex.

Alternatives to Provisioners:

• Use Terraform Resources: Prioritize achieving your goal directly with Terraform resources if possible.
• External Tools: Explore tools like Terragrunt or external scripting for complex orchestration scenarios.

In conclusion, directly capturing the output of Terraform provisioners into variables isn't feasible due to Terraform's resource-centric execution model. While workarounds using null_resource and external data sources exist, they come with limitations, potentially introducing dependencies and complicating debugging. It's recommended to prioritize achieving desired outcomes using native Terraform resources whenever possible. For intricate orchestration needs that go beyond Terraform's core functionality, consider employing external tools like Terragrunt or dedicated configuration management systems. Always weigh the trade-offs and choose the approach that aligns best with your project's complexity and maintainability goals.

• output of local-exec to variable ? : r/Terraform | Posted by u/Accomplished_Text_10 - 2 votes and 6 comments
• amazon web services - Terraform, getting output from null_resource ... | Jul 25, 2016 ... I'm using Terraform to automate provision of Cognito Identity Pools in AWS. The AWS provider doesn't support Cognito yet so I've been using null_resource and ...
• capture output of provisioners into variables · Issue #610 · hashicorp ... | so that they could be referenced in other TF resources
• How to retrieve the null_resource returned value? - Terraform ... | Hi All, I have the below null_resource to retrieve the prometheus cluster IP: resource "null_resource" "get_prometheus_ip" { provisioner "local-exec" { command = "kubectl get svc prometheus-server -n monitoring | awk -F' ' '{print $3}' | tail -1" } } I want to use its returned result in another place: resource "helm_release" "prometheus-adapter" { name = "prometheus-adapter" chart = "${path.module}/helm/charts/stable/prometheus-adapter/" namespace = "default" // prometheus ...
• Collecting output of a local-exec provisioner as a data source | Aug 18, 2017 ... ... terraform is sending to my script and what the script is expecting. It just fails to parse the arguments and refuses to provide me any ...
• Terminate a Terraform deployment based on output from a ... | Hello all! – I am deploying an entire AWS Elastic Beanstalk environment through Terraform. – I have a Powershell script that fetches some values from within the existing Elastic Beanstalk environment that I am trying to “re-deploy” through Terraform. – I am able to invoke this Powershell script from within my Terraform code. I can also return certain values or return an exit 0 or an exit 1 back to Terraform code from the script. – Back in the Terraform code, I need a way to terminate the dep...
• Capturing Terraform Outputs in Azure DevOps (Mk2) | Dave Lee | In a previous post back in 2021, I described a method for getting Terraform outputs into Azure DevOps pipeline variables. I’ve been doing some work on Infrastructure as Code deployments in pipelines recently and have come across a much beter method.
• Null_resource with provisioner remote_exec errors even when the ... | Hello, just upgraded from Terraform 1.3.3. to 1.3.9 after I got tired of seeing it crash on several occasions. The upgrade fixed the crash, but now I’m seeing another problem that I dont believe was seen earlier. null_resource is used to run bunch of local and remote provisioners(we need this for the complex cluster/storage stack config) and recently I added the output/exeStatus file collection. null_resource is reporting failure even when all of the provisioners have completed successfully. ...
• Terraform Output Values : Complete Guide & Examples | What are Terraform outputs? See the different options for their configuration and how Terraform handles and exports output values between modules.