Terraform test doesn't like TF_VAR_* env vars?

Terraform
1

Within my company we have a library of custom GitHub Actions that we are encouraged to use. One of those custom github actions is a wrapper around the terraform cli and it does a few useful things, including creating some TF_VAR env vars that will then be available to our terraform configurations.

    - name: Terraform ${{ inputs.action }}
      shell: bash
      working-directory: ${{ inputs.directory }}
      run: |
        (${{ github.action_path }}/script-to-call-terraform.sh
      env:
        INPUT_ACTION: ${{ inputs.action }}
        TF_VAR_squad: ${{ inputs.squad }}
        TF_VAR_tribe: ${{ inputs.tribe }}
        TF_VAR_repo: ${{ env.GITHUB_REPOSITORY_NAME }}
        TF_LOG: ${{ inputs.log_level }}

Today I’ve been trying to use this custom github action to call terraform test which is new in terraform v1.6.x Unfortunately when I do so it fails with:

tests/database.tftest.hcl... in progress
    run "setup_tests"... fail
    run "no_warehouse"... skip
    run "with_warehouse"... skip
  tests/database.tftest.hcl... tearing down
  tests/database.tftest.hcl... fail
  
  Failure! 0 passed, 1 failed, 2 skipped.
  ╷
  │ Error: Variables not allowed
  │ 
  │   on <value for var.repo> line 1:
  │   (source code not available)
  │ 
  │ Variables may not be used here.
  ╵
  ╷
  │ Error: Variables not allowed
  │ 
  │   on <value for var.squad> line 1:
  │   (source code not available)
  │ 
  │ Variables may not be used here.
  ╵
  ╷
  │ Error: Variables not allowed
  │ 
  │   on <value for var.tribe> line 1:
  │   (source code not available)
  │ 
  │ Variables may not be used here.
  ╵

Clearly this is failing because of the presence of environment variables:

  • TF_VAR_tribe
  • TF_VAR_squad
  • TF_VAR_repo

I can of course reproduce the error locally by simply running:

TF_VAR_abc=xyz terraform test

image
image999×369 38.4 KB

My question is simply…why? Why does terraform test balk when some TF_VAR_* vars exist?

2

Hi @jamiekt,

This error message suggests that the environment variable doesn’t contain valid Terraform language expression syntax.

Specifically, “variables not allowed” would be returned if trying to parse something like foo as a Terraform language expression, because that is the syntax for referring to a symbol/variable called foo. The literal string would need to be written as "foo" instead.

In other Terraform CLI commands the rule is that any variable defined as being type = string, type = number or type = bool can be written directly (in raw form) in the environment variable, like TF_VAR_foo=bar, but a variable of any other type – including unspecified, which defaults to any – must be written as a valid Terraform language expression, including quotes if the value is a string.

I would suggest therefore making sure that your variables are declared as type = string to activate the raw interpretation instead of the expression interpretation. If that doesn’t work, that suggests a bug in the terraform test command (making it inconsistent with how these environment variables behave in other commands), which we could then report on GitHub.

3

Hi @apparentlymart ,
You are, as usual, correct :slight_smile: I added this block to the relevant TF configuration:

variable "abc" {
  type = string
}

and thereafter TF_VAR_abc=xyz terraform test ran successfully. In actual fact I didn’t even need the type declaration, this:

variable "abc" {}

also enabled a successful run of TF_VAR_abc=xyz terraform test.

Thank you as always for your help.