Merge pull request #28180 from hashicorp/jbardin/mark-provider-sensitive

check for unknowns when marking resource values
This commit is contained in:
James Bardin 2021-03-24 10:26:07 -04:00 committed by GitHub
commit 07ecfb13f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 99 additions and 1 deletions

View File

@ -979,12 +979,17 @@ func getValMarks(schema *configschema.Block, val cty.Value, path cty.Path) []cty
if !blockS.Block.ContainsSensitive() { if !blockS.Block.ContainsSensitive() {
continue continue
} }
blockV := val.GetAttr(name)
if blockV.IsNull() || !blockV.IsKnown() {
continue
}
// Create a copy of the path, with this step added, to add to our PathValueMarks slice // Create a copy of the path, with this step added, to add to our PathValueMarks slice
blockPath := make(cty.Path, len(path), len(path)+1) blockPath := make(cty.Path, len(path), len(path)+1)
copy(blockPath, path) copy(blockPath, path)
blockPath = append(path, cty.GetAttrStep{Name: name}) blockPath = append(path, cty.GetAttrStep{Name: name})
blockV := val.GetAttr(name)
switch blockS.Nesting { switch blockS.Nesting {
case configschema.NestingSingle, configschema.NestingGroup: case configschema.NestingSingle, configschema.NestingGroup:
pvm = append(pvm, getValMarks(&blockS.Block, blockV, blockPath)...) pvm = append(pvm, getValMarks(&blockS.Block, blockV, blockPath)...)

View File

@ -1,6 +1,7 @@
package terraform package terraform
import ( import (
"fmt"
"sync" "sync"
"testing" "testing"
@ -550,3 +551,95 @@ func evaluatorForModule(stateSync *states.SyncState, changesSync *plans.ChangesS
Changes: changesSync, Changes: changesSync,
} }
} }
func TestMarkProviderSensitive(t *testing.T) {
schema := &configschema.Block{
Attributes: map[string]*configschema.Attribute{
"unsensitive": {
Type: cty.String,
Optional: true,
},
"sensitive": {
Type: cty.String,
Sensitive: true,
},
},
BlockTypes: map[string]*configschema.NestedBlock{
"list": &configschema.NestedBlock{
Nesting: configschema.NestingList,
Block: configschema.Block{
Attributes: map[string]*configschema.Attribute{
"unsensitive": {
Type: cty.String,
Optional: true,
},
"sensitive": {
Type: cty.String,
Sensitive: true,
},
},
},
},
},
}
for _, tc := range []struct {
given cty.Value
expect cty.Value
}{
{
cty.UnknownVal(schema.ImpliedType()),
cty.UnknownVal(schema.ImpliedType()),
},
{
cty.ObjectVal(map[string]cty.Value{
"sensitive": cty.UnknownVal(cty.String),
"unsensitive": cty.UnknownVal(cty.String),
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
}),
cty.ObjectVal(map[string]cty.Value{
"sensitive": cty.UnknownVal(cty.String).Mark("sensitive"),
"unsensitive": cty.UnknownVal(cty.String),
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
}),
},
{
cty.ObjectVal(map[string]cty.Value{
"sensitive": cty.NullVal(cty.String),
"unsensitive": cty.UnknownVal(cty.String),
"list": cty.ListVal([]cty.Value{
cty.ObjectVal(map[string]cty.Value{
"sensitive": cty.UnknownVal(cty.String),
"unsensitive": cty.UnknownVal(cty.String),
}),
cty.ObjectVal(map[string]cty.Value{
"sensitive": cty.NullVal(cty.String),
"unsensitive": cty.NullVal(cty.String),
}),
}),
}),
cty.ObjectVal(map[string]cty.Value{
"sensitive": cty.NullVal(cty.String).Mark("sensitive"),
"unsensitive": cty.UnknownVal(cty.String),
"list": cty.ListVal([]cty.Value{
cty.ObjectVal(map[string]cty.Value{
"sensitive": cty.UnknownVal(cty.String).Mark("sensitive"),
"unsensitive": cty.UnknownVal(cty.String),
}),
cty.ObjectVal(map[string]cty.Value{
"sensitive": cty.NullVal(cty.String).Mark("sensitive"),
"unsensitive": cty.NullVal(cty.String),
}),
}),
}),
},
} {
t.Run(fmt.Sprintf("%#v", tc.given), func(t *testing.T) {
got := markProviderSensitiveAttributes(schema, tc.given)
if !got.RawEquals(tc.expect) {
t.Fatalf("\nexpected: %#v\ngot: %#v\n", tc.expect, got)
}
})
}
}