marks package

marks.Sensitive
This commit is contained in:
James Bardin 2021-06-23 16:24:58 -04:00
parent d54bcb6276
commit 2c493e38c7
4 changed files with 30 additions and 15 deletions

View File

@ -1,6 +1,7 @@
package funcs package funcs
import ( import (
"github.com/hashicorp/terraform/internal/lang/marks"
"github.com/zclconf/go-cty/cty" "github.com/zclconf/go-cty/cty"
"github.com/zclconf/go-cty/cty/function" "github.com/zclconf/go-cty/cty/function"
) )
@ -25,7 +26,7 @@ var SensitiveFunc = function.New(&function.Spec{
}, },
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) { Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
val, _ := args[0].Unmark() val, _ := args[0].Unmark()
return val.Mark("sensitive"), nil return val.Mark(marks.Sensitive), nil
}, },
}) })
@ -48,12 +49,12 @@ var NonsensitiveFunc = function.New(&function.Spec{
return args[0].Type(), nil return args[0].Type(), nil
}, },
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) { Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
if args[0].IsKnown() && !args[0].HasMark("sensitive") { if args[0].IsKnown() && !args[0].HasMark(marks.Sensitive) {
return cty.DynamicVal, function.NewArgErrorf(0, "the given value is not sensitive, so this call is redundant") return cty.DynamicVal, function.NewArgErrorf(0, "the given value is not sensitive, so this call is redundant")
} }
v, marks := args[0].Unmark() v, m := args[0].Unmark()
delete(marks, "sensitive") // remove the sensitive marking delete(m, marks.Sensitive) // remove the sensitive marking
return v.WithMarks(marks), nil return v.WithMarks(m), nil
}, },
}) })

View File

@ -0,0 +1,13 @@
package marks
import (
"strings"
)
type valueMark string
func (m valueMark) GoString() string {
return "marks." + strings.Title(string(m))
}
var Sensitive = valueMark("sensitive")

View File

@ -17,6 +17,7 @@ import (
"github.com/hashicorp/terraform/internal/configs/configschema" "github.com/hashicorp/terraform/internal/configs/configschema"
"github.com/hashicorp/terraform/internal/instances" "github.com/hashicorp/terraform/internal/instances"
"github.com/hashicorp/terraform/internal/lang" "github.com/hashicorp/terraform/internal/lang"
"github.com/hashicorp/terraform/internal/lang/marks"
"github.com/hashicorp/terraform/internal/plans" "github.com/hashicorp/terraform/internal/plans"
"github.com/hashicorp/terraform/internal/states" "github.com/hashicorp/terraform/internal/states"
"github.com/hashicorp/terraform/internal/tfdiags" "github.com/hashicorp/terraform/internal/tfdiags"
@ -261,7 +262,7 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd
if d.Operation == walkValidate { if d.Operation == walkValidate {
// Ensure variable sensitivity is captured in the validate walk // Ensure variable sensitivity is captured in the validate walk
if config.Sensitive { if config.Sensitive {
return cty.UnknownVal(wantType).Mark("sensitive"), diags return marks.Sensitive(cty.UnknownVal(wantType)), diags
} }
return cty.UnknownVal(wantType), diags return cty.UnknownVal(wantType), diags
} }
@ -296,9 +297,9 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd
val = cty.UnknownVal(wantType) val = cty.UnknownVal(wantType)
} }
// Mark if sensitive, and avoid double-marking if this has already been marked // Mark if sensitive
if config.Sensitive && !val.HasMark("sensitive") { if config.Sensitive {
val = val.Mark("sensitive") val = marks.Sensitive(val)
} }
return val, diags return val, diags
@ -432,8 +433,8 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc
instance[cfg.Name] = outputState instance[cfg.Name] = outputState
if cfg.Sensitive && !outputState.HasMark("sensitive") { if cfg.Sensitive {
instance[cfg.Name] = outputState.Mark("sensitive") instance[cfg.Name] = marks.Sensitive(outputState)
} }
} }
@ -461,8 +462,8 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc
instance[cfg.Name] = change.After instance[cfg.Name] = change.After
if change.Sensitive && !change.After.HasMark("sensitive") { if change.Sensitive {
instance[cfg.Name] = change.After.Mark("sensitive") instance[cfg.Name] = marks.Sensitive(change.After)
} }
} }
} }

View File

@ -9,6 +9,7 @@ import (
"github.com/hashicorp/terraform/internal/configs" "github.com/hashicorp/terraform/internal/configs"
"github.com/hashicorp/terraform/internal/dag" "github.com/hashicorp/terraform/internal/dag"
"github.com/hashicorp/terraform/internal/lang" "github.com/hashicorp/terraform/internal/lang"
"github.com/hashicorp/terraform/internal/lang/marks"
"github.com/hashicorp/terraform/internal/plans" "github.com/hashicorp/terraform/internal/plans"
"github.com/hashicorp/terraform/internal/states" "github.com/hashicorp/terraform/internal/states"
"github.com/hashicorp/terraform/internal/tfdiags" "github.com/hashicorp/terraform/internal/tfdiags"
@ -281,8 +282,7 @@ func (n *NodeApplyableOutput) Execute(ctx EvalContext, op walkOperation) (diags
// statically declared as sensitive in order to dynamically return // statically declared as sensitive in order to dynamically return
// a sensitive result, to help avoid accidental exposure in the state // a sensitive result, to help avoid accidental exposure in the state
// of a sensitive value that the user doesn't want to include there. // of a sensitive value that the user doesn't want to include there.
_, marks := val.UnmarkDeep() hasSensitive := marks.HasSensitive(val)
_, hasSensitive := marks["sensitive"]
if n.Addr.Module.IsRoot() { if n.Addr.Module.IsRoot() {
if !n.Config.Sensitive && hasSensitive { if !n.Config.Sensitive && hasSensitive {
diags = diags.Append(&hcl.Diagnostic{ diags = diags.Append(&hcl.Diagnostic{