Don't fail on sensitive output during terraform test

[dvdvorle]

Terraform Version

Terraform v1.10.5
on windows_amd64

Terraform Configuration Files

Inside a (non-root) module: module-x/output.tf

output "password" {
  value     = data.azurerm_key_vault_secret.password.value
}

In module-x/tests/main.tftest.hcl

run "existing" {
  command = plan
}

Debug Output

n/a

Expected Behavior

When running terraform test, I'd expect this to not result in a failure.

Actual Behavior

  run "existing"... fail
╷
│ Error: Output refers to sensitive values
│
│   on output.tf line 95:
│   95: output "password" {
│
│ To reduce the risk of accidentally exporting sensitive data that was intended to be only internal, Terraform requires
│ that any root module output containing sensitive data be explicitly marked as sensitive, to confirm your intent.
│
│ If you do intend to export this data, annotate the output value as sensitive by adding the following argument:
│     sensitive = true
╵
tests\main.tftest.hcl... tearing down
tests\main.tftest.hcl... fail

Failure! 0 passed, 1 failed.

Steps to Reproduce

Create the resources as described, run terraform test

Additional Context

This is running interactively, but should also work in a CI system. Since this is terraform test I'd expect to be able to always see all output, even if it's sensitive, since now I'm sometimes trying to fix a failed test in the dark.

But for this specific issue I'd be happy if I were able to provide a flag like terraform test -module and have it not fail (and not warn!) on this.

References

No response

Generative AI / LLM assisted development?

No response