Describe the bug
Environment variables are not being exported as you'd imagine. The quotation marks from the example in the README are being exported. Perhaps some 3rd party tool like terraform is ignoring/stripping them? They do not belong.
If this behavior is desired, I'd recommend simply changing the example to not include quotes.
SIDE NOTE: I believe this example promotes bad practice anyway. The .pre-commit-config.yaml is gets checked into Git. Secrets like these should never be put in Git, so this config should not contain secrets. Instead, if this functionality is needed, one should configure a proper profile and set the AWS_PROFILE environment variable instead.
I noticed this when trying to implement the same feature in Python for #648, but now I need clarity on this ;-)
How can we reproduce it?
This is evident if you do the use the example from the README...
- id: terraform_fmt
args:
- --env-vars=AWS_DEFAULT_REGION="us-west-2"
- --env-vars=AWS_ACCESS_KEY_ID="anaccesskey"
- --env-vars=AWS_SECRET_ACCESS_KEY="asecretkey"... and then modify your terraform_fmt.sh to call the following immediately after common::parse_and_export_env_vars to see what's actually being set in the environment:
env | grep AWS_ >> /tmp/env_vars
python3 -c "import os; print({k: v for k, v in os.environ.items() if k.startswith('AWS_')})" >> /tmp/env_varsYou'll see in /tmp/env_vars that the quotes came along. This is incorrect.
AWS_DEFAULT_REGION="us-west-2"
AWS_SECRET_ACCESS_KEY="asecretkey"
AWS_ACCESS_KEY_ID="anaccesskey"
{'AWS_DEFAULT_REGION': '"us-west-2"', 'AWS_SECRET_ACCESS_KEY': '"asecretkey"', 'AWS_ACCESS_KEY_ID': '"anaccesskey"'}
Environment information
- OS: Win11 with Ubuntu 22.04 on WSL2
uname -a and/or systeminfo | Select-String "^OS" output:
Linux MYPCNAME 5.15.146.1-microsoft-standard-WSL2 #1 SMP Thu Jan 11 04:09:03 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
- Tools availability and versions:
GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
pre-commit 3.6.2
Terraform v1.5.6
python SKIPPED
Python 3.10.12
checkov SKIPPED
infracost SKIPPED
terraform-docs SKIPPED
terragrunt SKIPPED
terrascan SKIPPED
tflint SKIPPED
tfsec SKIPPED
trivy SKIPPED
tfupdate SKIPPED
hcledit SKIPPED
file content
repos:
- repo: /home/eric/src/pre-commit-terraform
rev: some_local_ref
hooks:
- id: terraform_fmt
args:
- --env-vars=AWS_DEFAULT_REGION="us-west-2"
- --env-vars=AWS_ACCESS_KEY_ID="anaccesskey"
- --env-vars=AWS_SECRET_ACCESS_KEY="asecretkey" 
Describe the bug
Environment variables are not being exported as you'd imagine. The quotation marks from the example in the README are being exported. Perhaps some 3rd party tool like
terraformis ignoring/stripping them? They do not belong.If this behavior is desired, I'd recommend simply changing the example to not include quotes.
I noticed this when trying to implement the same feature in Python for #648, but now I need clarity on this ;-)
How can we reproduce it?
This is evident if you do the use the example from the README...
... and then modify your
terraform_fmt.shto call the following immediately aftercommon::parse_and_export_env_varsto see what's actually being set in the environment:You'll see in
/tmp/env_varsthat the quotes came along. This is incorrect.Environment information
uname -aand/orsysteminfo | Select-String "^OS"output:Linux MYPCNAME 5.15.146.1-microsoft-standard-WSL2 #1 SMP Thu Jan 11 04:09:03 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux.pre-commit-config.yaml:file content
repos: - repo: /home/eric/src/pre-commit-terraform rev: some_local_ref hooks: - id: terraform_fmt args: - --env-vars=AWS_DEFAULT_REGION="us-west-2" - --env-vars=AWS_ACCESS_KEY_ID="anaccesskey" - --env-vars=AWS_SECRET_ACCESS_KEY="asecretkey"