Merge pull request #28036 from hashicorp/pselle/provider_sensitivity_non-experiment

Make provider sensitivity default behavior

experiments/experiment.go

@@ -22,8 +22,8 @@ func init() {
 	// Each experiment constant defined above must be registered here as either
 	// a current or a concluded experiment.
 	registerConcludedExperiment(VariableValidation, "Custom variable validation can now be used by default, without enabling an experiment.")
+	registerConcludedExperiment(SuppressProviderSensitiveAttrs, "Provider-defined sensitive attributes are now redacted by default, without enabling an experiment.")
 	registerCurrentExperiment(ModuleVariableOptionalAttrs)
-	registerCurrentExperiment(SuppressProviderSensitiveAttrs)
 }
 
 // GetCurrent takes an experiment name and returns the experiment value

terraform/context_apply_test.go

@@ -11938,10 +11938,6 @@ resource "test_resource" "foo" {
 func TestContext2Apply_variableSensitivityProviders(t *testing.T) {
 	m := testModuleInline(t, map[string]string{
 		"main.tf": `
-terraform {
-	experiments = [provider_sensitive_attrs]
-}
-
 resource "test_resource" "foo" {
 	sensitive_value = "should get marked"
 }

terraform/evaluate.go

@@ -15,7 +15,6 @@ import (
 	"github.com/hashicorp/terraform/addrs"
 	"github.com/hashicorp/terraform/configs"
 	"github.com/hashicorp/terraform/configs/configschema"
-	"github.com/hashicorp/terraform/experiments"
 	"github.com/hashicorp/terraform/instances"
 	"github.com/hashicorp/terraform/lang"
 	"github.com/hashicorp/terraform/plans"
@@ -758,15 +757,11 @@ func (d *evaluationStateData) GetResource(addr addrs.Resource, rng tfdiags.Sourc
 				continue
 			}
 
-			// EXPERIMENTAL: Suppressing provider-defined sensitive attrs
+			// If our provider schema contains sensitive values, mark those as sensitive
-			// from Terraform output.
-
-			// If our schema contains sensitive values, mark those as sensitive
-			if moduleConfig.Module.ActiveExperiments.Has(experiments.SuppressProviderSensitiveAttrs) {
 			if schema.ContainsSensitive() {
 				val = markProviderSensitiveAttributes(schema, val)
 			}
-			}
+
 			instances[key] = val.MarkWithPaths(change.AfterValMarks)
 			continue
 		}
@@ -785,15 +780,11 @@ func (d *evaluationStateData) GetResource(addr addrs.Resource, rng tfdiags.Sourc
 		}
 
 		val := ios.Value
-		// EXPERIMENTAL: Suppressing provider-defined sensitive attrs
-		// from Terraform output.
 
 		// If our schema contains sensitive values, mark those as sensitive
-		if moduleConfig.Module.ActiveExperiments.Has(experiments.SuppressProviderSensitiveAttrs) {
 		if schema.ContainsSensitive() {
 			val = markProviderSensitiveAttributes(schema, val)
 		}
-		}
 		instances[key] = val
 	}
 

terraform/evaluate_test.go

@@ -10,7 +10,6 @@ import (
 	"github.com/hashicorp/terraform/addrs"
 	"github.com/hashicorp/terraform/configs"
 	"github.com/hashicorp/terraform/configs/configschema"
-	"github.com/hashicorp/terraform/experiments"
 	"github.com/hashicorp/terraform/plans"
 	"github.com/hashicorp/terraform/states"
 	"github.com/hashicorp/terraform/tfdiags"
@@ -190,8 +189,6 @@ func TestEvaluatorGetResource(t *testing.T) {
 				ManagedResources: map[string]*configs.Resource{
 					"test_resource.foo": rc,
 				},
-				// Necessary while provider sensitive attrs are experimental
-				ActiveExperiments: experiments.NewSet(experiments.SuppressProviderSensitiveAttrs),
 			},
 		},
 		State: stateSync,
@@ -421,8 +418,6 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
 						},
 					},
 				},
-				// Necessary while provider sensitive attrs are experimental
-				ActiveExperiments: experiments.NewSet(experiments.SuppressProviderSensitiveAttrs),
 			},
 		},
 		State:   stateSync,