Mark attributes providers mark as sensitive
This updates GetResource so that the value returned has marks where the provider's schema has marked an attribute as sensitive
This commit is contained in:
parent
af20a769be
commit
5e2905d222
|
@ -11856,7 +11856,14 @@ variable "sensitive_map" {
|
||||||
|
|
||||||
resource "test_resource" "foo" {
|
resource "test_resource" "foo" {
|
||||||
value = var.sensitive_map.x
|
value = var.sensitive_map.x
|
||||||
}`,
|
sensitive_value = "should get marked"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "test_resource" "bar" {
|
||||||
|
value = test_resource.foo.sensitive_value
|
||||||
|
random = test_resource.foo.id # not sensitive
|
||||||
|
}
|
||||||
|
`,
|
||||||
})
|
})
|
||||||
|
|
||||||
p := testProvider("test")
|
p := testProvider("test")
|
||||||
|
@ -11893,6 +11900,12 @@ resource "test_resource" "foo" {
|
||||||
fooChangeSrc := plan.Changes.ResourceInstance(addr)
|
fooChangeSrc := plan.Changes.ResourceInstance(addr)
|
||||||
verifySensitiveValue(fooChangeSrc.AfterValMarks)
|
verifySensitiveValue(fooChangeSrc.AfterValMarks)
|
||||||
|
|
||||||
|
barAddr := mustResourceInstanceAddr("test_resource.bar")
|
||||||
|
barChangeSrc := plan.Changes.ResourceInstance(barAddr)
|
||||||
|
if len(barChangeSrc.AfterValMarks) != 1 {
|
||||||
|
t.Fatalf("there should only be 1 marked path for bar, there are %v", len(barChangeSrc.AfterValMarks))
|
||||||
|
}
|
||||||
|
|
||||||
state, diags := ctx.Apply()
|
state, diags := ctx.Apply()
|
||||||
if diags.HasErrors() {
|
if diags.HasErrors() {
|
||||||
t.Fatalf("apply errors: %s", diags.Err())
|
t.Fatalf("apply errors: %s", diags.Err())
|
||||||
|
|
|
@ -425,6 +425,11 @@ func testProviderSchema(name string) *ProviderSchema {
|
||||||
Type: cty.String,
|
Type: cty.String,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
},
|
},
|
||||||
|
"sensitive_value": {
|
||||||
|
Type: cty.String,
|
||||||
|
Sensitive: true,
|
||||||
|
Optional: true,
|
||||||
|
},
|
||||||
"random": {
|
"random": {
|
||||||
Type: cty.String,
|
Type: cty.String,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
|
|
|
@ -727,7 +727,7 @@ func (d *evaluationStateData) GetResource(addr addrs.Resource, rng tfdiags.Sourc
|
||||||
}
|
}
|
||||||
|
|
||||||
// Planned resources are temporarily stored in state with empty values,
|
// Planned resources are temporarily stored in state with empty values,
|
||||||
// and need to be replaced bu the planned value here.
|
// and need to be replaced by the planned value here.
|
||||||
if is.Current.Status == states.ObjectPlanned {
|
if is.Current.Status == states.ObjectPlanned {
|
||||||
if change == nil {
|
if change == nil {
|
||||||
// If the object is in planned status then we should not get
|
// If the object is in planned status then we should not get
|
||||||
|
@ -752,6 +752,10 @@ func (d *evaluationStateData) GetResource(addr addrs.Resource, rng tfdiags.Sourc
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If our schema contains sensitive values, mark those as sensitive
|
||||||
|
if schema.ContainsSensitive() {
|
||||||
|
val = markProviderSensitiveAttributes(schema, val, nil)
|
||||||
|
}
|
||||||
instances[key] = val
|
instances[key] = val
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -768,7 +772,13 @@ func (d *evaluationStateData) GetResource(addr addrs.Resource, rng tfdiags.Sourc
|
||||||
})
|
})
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
instances[key] = ios.Value
|
|
||||||
|
val := ios.Value
|
||||||
|
// If our schema contains sensitive values, mark those as sensitive
|
||||||
|
if schema.ContainsSensitive() {
|
||||||
|
val = markProviderSensitiveAttributes(schema, val, nil)
|
||||||
|
}
|
||||||
|
instances[key] = val
|
||||||
}
|
}
|
||||||
|
|
||||||
var ret cty.Value
|
var ret cty.Value
|
||||||
|
@ -935,3 +945,19 @@ func moduleDisplayAddr(addr addrs.ModuleInstance) string {
|
||||||
return addr.String()
|
return addr.String()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// markProviderSensitiveAttributes returns an updated value
|
||||||
|
// where attributes that are Sensitive are marked
|
||||||
|
func markProviderSensitiveAttributes(schema *configschema.Block, val cty.Value, path cty.Path) cty.Value {
|
||||||
|
var pvm []cty.PathValueMarks
|
||||||
|
for name, attrS := range schema.Attributes {
|
||||||
|
if attrS.Sensitive {
|
||||||
|
path := append(path, cty.GetAttrStep{Name: name})
|
||||||
|
pvm = append(pvm, cty.PathValueMarks{
|
||||||
|
Path: path,
|
||||||
|
Marks: cty.NewValueMarks("sensitive"),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return val.MarkWithPaths(pvm)
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue