ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #26936 from hashicorp/alisdair/unmark-provider-arguments 

terraform: Unmark provider configuration arguments
This commit is contained in:
Alisdair McDiarmid 2020-11-16 14:01:02 -05:00 committed by GitHub
parent a977d2e8d4 1c7f412d13
commit 7cfba365dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 86 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
terraform/node_provider.go
View File

@ -68,8 +68,12 @@ func (n *NodeApplyableProvider) ValidateProvider(ctx EvalContext, provider provi
return diags return diags
} }
// If our config value contains any marked values, ensure those are
// stripped out before sending this to the provider
unmarkedConfigVal, _ := configVal.UnmarkDeep()
req := providers.PrepareProviderConfigRequest{ req := providers.PrepareProviderConfigRequest{
Config: configVal, Config: unmarkedConfigVal,
} }
validateResp := provider.PrepareProviderConfig(req) validateResp := provider.PrepareProviderConfig(req)
@ -109,10 +113,14 @@ func (n *NodeApplyableProvider) ConfigureProvider(ctx EvalContext, provider prov
return diags return diags
} }
// If our config value contains any marked values, ensure those are
// stripped out before sending this to the provider
unmarkedConfigVal, _ := configVal.UnmarkDeep()
// Allow the provider to validate and insert any defaults into the full // Allow the provider to validate and insert any defaults into the full
// configuration. // configuration.
req := providers.PrepareProviderConfigRequest{ req := providers.PrepareProviderConfigRequest{
Config: configVal, Config: unmarkedConfigVal,
} }
// PrepareProviderConfig is only used for validation. We are intentionally // PrepareProviderConfig is only used for validation. We are intentionally
@ -126,11 +134,11 @@ func (n *NodeApplyableProvider) ConfigureProvider(ctx EvalContext, provider prov
// If the provider returns something different, log a warning to help // If the provider returns something different, log a warning to help
// indicate to provider developers that the value is not used. // indicate to provider developers that the value is not used.
preparedCfg := prepareResp.PreparedConfig preparedCfg := prepareResp.PreparedConfig
if preparedCfg != cty.NilVal && !preparedCfg.IsNull() && !preparedCfg.RawEquals(configVal) { if preparedCfg != cty.NilVal && !preparedCfg.IsNull() && !preparedCfg.RawEquals(unmarkedConfigVal) {
log.Printf("[WARN] PrepareProviderConfig from %q changed the config value, but that value is unused", n.Addr) log.Printf("[WARN] PrepareProviderConfig from %q changed the config value, but that value is unused", n.Addr)
} }
configDiags := ctx.ConfigureProvider(n.Addr, configVal) configDiags := ctx.ConfigureProvider(n.Addr, unmarkedConfigVal)
diags = diags.Append(configDiags.InConfigBody(configBody)) diags = diags.Append(configDiags.InConfigBody(configBody))
return diags return diags

74
terraform/node_provider_test.go
View File

@ -115,3 +115,77 @@ func TestNodeApplyableProviderExecute_unknownApply(t *testing.T) {
t.Errorf("wrong configuration value\ngot: %#v\nwant: %#v", got, want) t.Errorf("wrong configuration value\ngot: %#v\nwant: %#v", got, want)
} }
} }
func TestNodeApplyableProviderExecute_sensitive(t *testing.T) {
config := &configs.Provider{
Name: "foo",
Config: configs.SynthBody("", map[string]cty.Value{
"test_string": cty.StringVal("hello").Mark("sensitive"),
}),
}
provider := mockProviderWithConfigSchema(simpleTestSchema())
providerAddr := addrs.AbsProviderConfig{
Module: addrs.RootModule,
Provider: addrs.NewDefaultProvider("foo"),
}
n := &NodeApplyableProvider{&NodeAbstractProvider{
Addr: providerAddr,
Config: config,
}}
ctx := &MockEvalContext{ProviderProvider: provider}
ctx.installSimpleEval()
if err := n.Execute(ctx, walkApply); err != nil {
t.Fatalf("err: %s", err)
}
if !ctx.ConfigureProviderCalled {
t.Fatal("should be called")
}
gotObj := ctx.ConfigureProviderConfig
if !gotObj.Type().HasAttribute("test_string") {
t.Fatal("configuration object does not have \"test_string\" attribute")
}
if got, want := gotObj.GetAttr("test_string"), cty.StringVal("hello"); !got.RawEquals(want) {
t.Errorf("wrong configuration value\ngot: %#v\nwant: %#v", got, want)
}
}
func TestNodeApplyableProviderExecute_sensitiveValidate(t *testing.T) {
config := &configs.Provider{
Name: "foo",
Config: configs.SynthBody("", map[string]cty.Value{
"test_string": cty.StringVal("hello").Mark("sensitive"),
}),
}
provider := mockProviderWithConfigSchema(simpleTestSchema())
providerAddr := addrs.AbsProviderConfig{
Module: addrs.RootModule,
Provider: addrs.NewDefaultProvider("foo"),
}
n := &NodeApplyableProvider{&NodeAbstractProvider{
Addr: providerAddr,
Config: config,
}}
ctx := &MockEvalContext{ProviderProvider: provider}
ctx.installSimpleEval()
if err := n.Execute(ctx, walkValidate); err != nil {
t.Fatalf("err: %s", err)
}
if !provider.PrepareProviderConfigCalled {
t.Fatal("should be called")
}
gotObj := provider.PrepareProviderConfigRequest.Config
if !gotObj.Type().HasAttribute("test_string") {
t.Fatal("configuration object does not have \"test_string\" attribute")
}
if got, want := gotObj.GetAttr("test_string"), cty.StringVal("hello"); !got.RawEquals(want) {
t.Errorf("wrong configuration value\ngot: %#v\nwant: %#v", got, want)
}
}