marks package

marks.Sensitive
This commit is contained in:
James Bardin 2021-06-23 16:24:58 -04:00
parent d54bcb6276
commit 2c493e38c7
4 changed files with 30 additions and 15 deletions

View File

@ -1,6 +1,7 @@
package funcs
import (
"github.com/hashicorp/terraform/internal/lang/marks"
"github.com/zclconf/go-cty/cty"
"github.com/zclconf/go-cty/cty/function"
)
@ -25,7 +26,7 @@ var SensitiveFunc = function.New(&function.Spec{
},
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
val, _ := args[0].Unmark()
return val.Mark("sensitive"), nil
return val.Mark(marks.Sensitive), nil
},
})
@ -48,12 +49,12 @@ var NonsensitiveFunc = function.New(&function.Spec{
return args[0].Type(), nil
},
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
if args[0].IsKnown() && !args[0].HasMark("sensitive") {
if args[0].IsKnown() && !args[0].HasMark(marks.Sensitive) {
return cty.DynamicVal, function.NewArgErrorf(0, "the given value is not sensitive, so this call is redundant")
}
v, marks := args[0].Unmark()
delete(marks, "sensitive") // remove the sensitive marking
return v.WithMarks(marks), nil
v, m := args[0].Unmark()
delete(m, marks.Sensitive) // remove the sensitive marking
return v.WithMarks(m), nil
},
})

View File

@ -0,0 +1,13 @@
package marks
import (
"strings"
)
type valueMark string
func (m valueMark) GoString() string {
return "marks." + strings.Title(string(m))
}
var Sensitive = valueMark("sensitive")

View File

@ -17,6 +17,7 @@ import (
"github.com/hashicorp/terraform/internal/configs/configschema"
"github.com/hashicorp/terraform/internal/instances"
"github.com/hashicorp/terraform/internal/lang"
"github.com/hashicorp/terraform/internal/lang/marks"
"github.com/hashicorp/terraform/internal/plans"
"github.com/hashicorp/terraform/internal/states"
"github.com/hashicorp/terraform/internal/tfdiags"
@ -261,7 +262,7 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd
if d.Operation == walkValidate {
// Ensure variable sensitivity is captured in the validate walk
if config.Sensitive {
return cty.UnknownVal(wantType).Mark("sensitive"), diags
return marks.Sensitive(cty.UnknownVal(wantType)), diags
}
return cty.UnknownVal(wantType), diags
}
@ -296,9 +297,9 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd
val = cty.UnknownVal(wantType)
}
// Mark if sensitive, and avoid double-marking if this has already been marked
if config.Sensitive && !val.HasMark("sensitive") {
val = val.Mark("sensitive")
// Mark if sensitive
if config.Sensitive {
val = marks.Sensitive(val)
}
return val, diags
@ -432,8 +433,8 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc
instance[cfg.Name] = outputState
if cfg.Sensitive && !outputState.HasMark("sensitive") {
instance[cfg.Name] = outputState.Mark("sensitive")
if cfg.Sensitive {
instance[cfg.Name] = marks.Sensitive(outputState)
}
}
@ -461,8 +462,8 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc
instance[cfg.Name] = change.After
if change.Sensitive && !change.After.HasMark("sensitive") {
instance[cfg.Name] = change.After.Mark("sensitive")
if change.Sensitive {
instance[cfg.Name] = marks.Sensitive(change.After)
}
}
}

View File

@ -9,6 +9,7 @@ import (
"github.com/hashicorp/terraform/internal/configs"
"github.com/hashicorp/terraform/internal/dag"
"github.com/hashicorp/terraform/internal/lang"
"github.com/hashicorp/terraform/internal/lang/marks"
"github.com/hashicorp/terraform/internal/plans"
"github.com/hashicorp/terraform/internal/states"
"github.com/hashicorp/terraform/internal/tfdiags"
@ -281,8 +282,7 @@ func (n *NodeApplyableOutput) Execute(ctx EvalContext, op walkOperation) (diags
// statically declared as sensitive in order to dynamically return
// a sensitive result, to help avoid accidental exposure in the state
// of a sensitive value that the user doesn't want to include there.
_, marks := val.UnmarkDeep()
_, hasSensitive := marks["sensitive"]
hasSensitive := marks.HasSensitive(val)
if n.Addr.Module.IsRoot() {
if !n.Config.Sensitive && hasSensitive {
diags = diags.Append(&hcl.Diagnostic{