command/jsonplan: Add output change sensitivity
When an output value changes, we have a small amount of information we can convey about its sensitivity. If either the output was previously marked sensitive, or is currently marked sensitive in the config, this is tracked in the output change data. This commit encodes this boolean in the change struct's `before_sensitive` and `after_sensitive` fields, in the a way which matches resource value sensitivity. Since we have so little information to work with, these two values will always be booleans, and always equal each. This is logically consistent with how else we want to obscure sensitive data: a changing output which was or is marked sensitive should not have the value shown in human-readable output.
This commit is contained in:
parent
63613ca1b0
commit
5e30d58dc2
|
@ -324,6 +324,19 @@ func (p *plan) marshalOutputChanges(changes *plans.Changes) error {
|
|||
}
|
||||
}
|
||||
|
||||
// The only information we have in the plan about output sensitivity is
|
||||
// a boolean which is true if the output was or is marked sensitive. As
|
||||
// a result, BeforeSensitive and AfterSensitive will be identical, and
|
||||
// either false or true.
|
||||
outputSensitive := cty.False
|
||||
if oc.Sensitive {
|
||||
outputSensitive = cty.True
|
||||
}
|
||||
sensitive, err := ctyjson.Marshal(outputSensitive, outputSensitive.Type())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
a, _ := ctyjson.Marshal(afterUnknown, afterUnknown.Type())
|
||||
|
||||
c := change{
|
||||
|
@ -331,6 +344,8 @@ func (p *plan) marshalOutputChanges(changes *plans.Changes) error {
|
|||
Before: json.RawMessage(before),
|
||||
After: json.RawMessage(after),
|
||||
AfterUnknown: a,
|
||||
BeforeSensitive: json.RawMessage(sensitive),
|
||||
AfterSensitive: json.RawMessage(sensitive),
|
||||
}
|
||||
|
||||
p.OutputChanges[oc.Addr.OutputValue.Name] = c
|
||||
|
|
|
@ -140,7 +140,9 @@
|
|||
],
|
||||
"before": null,
|
||||
"after": "bar",
|
||||
"after_unknown": false
|
||||
"after_unknown": false,
|
||||
"before_sensitive": false,
|
||||
"after_sensitive": false
|
||||
}
|
||||
},
|
||||
"configuration": {
|
||||
|
|
|
@ -81,7 +81,9 @@
|
|||
],
|
||||
"before": null,
|
||||
"after": "bar",
|
||||
"after_unknown": false
|
||||
"after_unknown": false,
|
||||
"before_sensitive": false,
|
||||
"after_sensitive": false
|
||||
}
|
||||
},
|
||||
"prior_state": {
|
||||
|
|
|
@ -61,7 +61,9 @@
|
|||
],
|
||||
"before": "bar",
|
||||
"after": "bar",
|
||||
"after_unknown": false
|
||||
"after_unknown": false,
|
||||
"before_sensitive": false,
|
||||
"after_sensitive": false
|
||||
}
|
||||
},
|
||||
"prior_state": {
|
||||
|
|
|
@ -181,7 +181,9 @@
|
|||
],
|
||||
"before": null,
|
||||
"after": "baz",
|
||||
"after_unknown": false
|
||||
"after_unknown": false,
|
||||
"before_sensitive": false,
|
||||
"after_sensitive": false
|
||||
}
|
||||
},
|
||||
"configuration": {
|
||||
|
|
|
@ -98,7 +98,9 @@
|
|||
],
|
||||
"before": "bar",
|
||||
"after": "bar",
|
||||
"after_unknown": false
|
||||
"after_unknown": false,
|
||||
"before_sensitive": false,
|
||||
"after_sensitive": false
|
||||
}
|
||||
},
|
||||
"prior_state": {
|
||||
|
|
|
@ -140,7 +140,9 @@
|
|||
],
|
||||
"before": null,
|
||||
"after": "bar",
|
||||
"after_unknown": false
|
||||
"after_unknown": false,
|
||||
"before_sensitive": false,
|
||||
"after_sensitive": false
|
||||
}
|
||||
},
|
||||
"configuration": {
|
||||
|
|
|
@ -140,7 +140,9 @@
|
|||
],
|
||||
"before": null,
|
||||
"after": "bar",
|
||||
"after_unknown": false
|
||||
"after_unknown": false,
|
||||
"before_sensitive": false,
|
||||
"after_sensitive": false
|
||||
}
|
||||
},
|
||||
"configuration": {
|
||||
|
|
|
@ -60,7 +60,9 @@
|
|||
],
|
||||
"before": null,
|
||||
"after": "boop",
|
||||
"after_unknown": false
|
||||
"after_unknown": false,
|
||||
"before_sensitive": true,
|
||||
"after_sensitive": true
|
||||
}
|
||||
},
|
||||
"prior_state": {
|
||||
|
|
Loading…
Reference in New Issue