How do i handle password prompt in terraform remote-exec

Question

I am deploying ubuntu vm via terraform. Using remote-exec, i am performing some operations by doing ssh to the vm using connection block. In the inline, while copying config file from server, i am getting password prompt. I need a way to handle the password prompt.

resource "null_resource" "remoteprovision" {
  depends_on = [null_resource.waiting_for_vm_bootup]
  provisioner "remote-exec" {
    connection {
      host        = var.overlay_config ? data.nutanix_floating_ip.test[0].status[0].resources[0].floating_ip : nutanix_virtual_machine.gigatg.nic_list_status[0].ip_endpoint_list[0].ip
      type        = "ssh"
      user        = "test"
      timeout     = "180s"
      password    = "test"
    }
    inline = [
      "wget -nH --cut-dirs=2 --no-parent -R 'index.html*' http://10.115.32.216/nutanix/cloud.conf -P /home/test/",
      "sudo sed -r 's/(\\b[0-9]{1,3}\\.){3}[0-9]{1,3}\\b'/${var.cntrl_ip}/ cloud.conf"

Terraform Log:

module.traffic_gen_inst1.null_resource.waiting_for_giga_bootup: Creation complete after 3m0s [id=4643443120274302222]
module.traffic_gen_inst1.null_resource.remoteprovision: Creating...
module.traffic_gen_inst1.null_resource.remoteprovision: Provisioning with 'remote-exec'...
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): Connecting to remote host via SSH...
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):   Host: xxxxxxx
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):   User: test
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):   Password: true
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):   Private key: false
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):   Certificate: false
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):   SSH Agent: false
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):   Checking Host Key: false
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): Connected!
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): --2022-12-25 22:23:00--  http://10.115.32.216/nutanix/cloud.conf
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): Connecting to xxxxxxx:80... connected.
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): HTTP request sent, awaiting response... 200 OK
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): Length: 153
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): Saving to: ‘/home/test/cloud.conf’

module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):       gigam   0%       0  --.-KB/s
module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec):  cloud.conf 100%     153  --.-KB/s    in 0s

module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): 2022-12-25 22:23:00 (47.2 MB/s) - ‘/home/test/cloud.conf’ saved [153/153]

module.traffic_gen_inst1.null_resource.remoteprovision (remote-exec): [sudo] password for test:
module.traffic_gen_inst1.null_resource.remoteprovision: Still creating... [10s elapsed]
module.traffic_gen_inst1.null_resource.remoteprovision: Still creating... [20s elapsed]
module.traffic_gen_inst1.null_resource.remoteprovision: Still creating... [30s elapsed]
module.traffic_gen_inst1.null_resource.remoteprovision: Still creating... [40s elapsed]

Answer 1

The remote-exec is not designed to allow interactive prompts. In general, you should make sure to have a user that can use sudo without interactive passwords to provision the target non-interactively. Depending on your machine and environment, this could be done for example with cloud-init.

For sudo you could try to send the password via STDIN:

#!/bin/bash 

echo ${var.ssh_pass} | sudo -S ${var.command} 
# or
sudo -S <<<  ${var.ssh_pass} ${var.command}

Source: https://github.com/hashicorp/terraform/issues/6967#issuecomment-406414006