core: Adding Sensitive attribute to resource schema
This an effort to address hashicorp/terraform#516. Adding the Sensitive attribute to the resource schema, opening up the ability for resource maintainers to mark some fields as sensitive. Sensitive fields are hidden in the output, and, possibly in the future, could be encrypted.
This commit is contained in:
parent
fcc3736e6b
commit
9d7fb89114
|
@ -46,6 +46,7 @@ func resourceAwsDbInstance() *schema.Resource {
|
||||||
"password": &schema.Schema{
|
"password": &schema.Schema{
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
|
Sensitive: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
"engine": &schema.Schema{
|
"engine": &schema.Schema{
|
||||||
|
|
|
@ -147,26 +147,38 @@ func formatPlanModuleExpand(
|
||||||
v = "<computed>"
|
v = "<computed>"
|
||||||
}
|
}
|
||||||
|
|
||||||
newResource := ""
|
if attrDiff.Sensitive {
|
||||||
|
v = "<sensitive>"
|
||||||
|
}
|
||||||
|
|
||||||
|
updateMsg := ""
|
||||||
if attrDiff.RequiresNew && rdiff.Destroy {
|
if attrDiff.RequiresNew && rdiff.Destroy {
|
||||||
newResource = opts.Color.Color(" [red](forces new resource)")
|
updateMsg = opts.Color.Color(" [red](forces new resource)")
|
||||||
|
} else if attrDiff.Sensitive && oldValues {
|
||||||
|
updateMsg = opts.Color.Color(" [yellow](attribute changed)")
|
||||||
}
|
}
|
||||||
|
|
||||||
if oldValues {
|
if oldValues {
|
||||||
|
var u string
|
||||||
|
if attrDiff.Sensitive {
|
||||||
|
u = "<sensitive>"
|
||||||
|
} else {
|
||||||
|
u = attrDiff.Old
|
||||||
|
}
|
||||||
buf.WriteString(fmt.Sprintf(
|
buf.WriteString(fmt.Sprintf(
|
||||||
" %s:%s %#v => %#v%s\n",
|
" %s:%s %#v => %#v%s\n",
|
||||||
attrK,
|
attrK,
|
||||||
strings.Repeat(" ", keyLen-len(attrK)),
|
strings.Repeat(" ", keyLen-len(attrK)),
|
||||||
attrDiff.Old,
|
u,
|
||||||
v,
|
v,
|
||||||
newResource))
|
updateMsg))
|
||||||
} else {
|
} else {
|
||||||
buf.WriteString(fmt.Sprintf(
|
buf.WriteString(fmt.Sprintf(
|
||||||
" %s:%s %#v%s\n",
|
" %s:%s %#v%s\n",
|
||||||
attrK,
|
attrK,
|
||||||
strings.Repeat(" ", keyLen-len(attrK)),
|
strings.Repeat(" ", keyLen-len(attrK)),
|
||||||
v,
|
v,
|
||||||
newResource))
|
updateMsg))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -103,15 +103,21 @@ func (h *UiHook) PreApply(
|
||||||
attrDiff := d.Attributes[attrK]
|
attrDiff := d.Attributes[attrK]
|
||||||
|
|
||||||
v := attrDiff.New
|
v := attrDiff.New
|
||||||
|
u := attrDiff.Old
|
||||||
if attrDiff.NewComputed {
|
if attrDiff.NewComputed {
|
||||||
v = "<computed>"
|
v = "<computed>"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if attrDiff.Sensitive {
|
||||||
|
u = "<sensitive>"
|
||||||
|
v = "<sensitive>"
|
||||||
|
}
|
||||||
|
|
||||||
attrBuf.WriteString(fmt.Sprintf(
|
attrBuf.WriteString(fmt.Sprintf(
|
||||||
" %s:%s %#v => %#v\n",
|
" %s:%s %#v => %#v\n",
|
||||||
attrK,
|
attrK,
|
||||||
strings.Repeat(" ", keyLen-len(attrK)),
|
strings.Repeat(" ", keyLen-len(attrK)),
|
||||||
attrDiff.Old,
|
u,
|
||||||
v))
|
v))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -147,6 +147,12 @@ type Schema struct {
|
||||||
//
|
//
|
||||||
// ValidateFunc currently only works for primitive types.
|
// ValidateFunc currently only works for primitive types.
|
||||||
ValidateFunc SchemaValidateFunc
|
ValidateFunc SchemaValidateFunc
|
||||||
|
|
||||||
|
// Sensitive ensures that the attribute's value does not get displayed in
|
||||||
|
// logs or regular output. It should be used for passwords or other
|
||||||
|
// secret fields. Futrure versions of Terraform may encrypt these
|
||||||
|
// values.
|
||||||
|
Sensitive bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// SchemaDefaultFunc is a function called to return a default value for
|
// SchemaDefaultFunc is a function called to return a default value for
|
||||||
|
@ -281,6 +287,11 @@ func (s *Schema) finalizeDiff(
|
||||||
d.RequiresNew = true
|
d.RequiresNew = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if s.Sensitive {
|
||||||
|
// Set the Sensitive flag so output is hidden in the UI
|
||||||
|
d.Sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
return d
|
return d
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -247,22 +247,30 @@ func (d *ModuleDiff) String() string {
|
||||||
attrDiff := rdiff.Attributes[attrK]
|
attrDiff := rdiff.Attributes[attrK]
|
||||||
|
|
||||||
v := attrDiff.New
|
v := attrDiff.New
|
||||||
|
u := attrDiff.Old
|
||||||
if attrDiff.NewComputed {
|
if attrDiff.NewComputed {
|
||||||
v = "<computed>"
|
v = "<computed>"
|
||||||
}
|
}
|
||||||
|
|
||||||
newResource := ""
|
if attrDiff.Sensitive {
|
||||||
|
u = "<sensitive>"
|
||||||
|
v = "<sensitive>"
|
||||||
|
}
|
||||||
|
|
||||||
|
updateMsg := ""
|
||||||
if attrDiff.RequiresNew {
|
if attrDiff.RequiresNew {
|
||||||
newResource = " (forces new resource)"
|
updateMsg = " (forces new resource)"
|
||||||
|
} else if attrDiff.Sensitive {
|
||||||
|
updateMsg = " (attribute changed)"
|
||||||
}
|
}
|
||||||
|
|
||||||
buf.WriteString(fmt.Sprintf(
|
buf.WriteString(fmt.Sprintf(
|
||||||
" %s:%s %#v => %#v%s\n",
|
" %s:%s %#v => %#v%s\n",
|
||||||
attrK,
|
attrK,
|
||||||
strings.Repeat(" ", keyLen-len(attrK)),
|
strings.Repeat(" ", keyLen-len(attrK)),
|
||||||
attrDiff.Old,
|
u,
|
||||||
v,
|
v,
|
||||||
newResource))
|
updateMsg))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -284,6 +292,7 @@ type ResourceAttrDiff struct {
|
||||||
NewRemoved bool // True if this attribute is being removed
|
NewRemoved bool // True if this attribute is being removed
|
||||||
NewExtra interface{} // Extra information for the provider
|
NewExtra interface{} // Extra information for the provider
|
||||||
RequiresNew bool // True if change requires new resource
|
RequiresNew bool // True if change requires new resource
|
||||||
|
Sensitive bool // True if the data should not be displayed in UI output
|
||||||
Type DiffAttrType
|
Type DiffAttrType
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -153,6 +153,11 @@ func TestModuleDiff_String(t *testing.T) {
|
||||||
New: "bar",
|
New: "bar",
|
||||||
RequiresNew: true,
|
RequiresNew: true,
|
||||||
},
|
},
|
||||||
|
"secretfoo": &ResourceAttrDiff{
|
||||||
|
Old: "foo",
|
||||||
|
New: "bar",
|
||||||
|
Sensitive: true,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -610,4 +615,5 @@ CREATE: nodeA
|
||||||
bar: "foo" => "<computed>"
|
bar: "foo" => "<computed>"
|
||||||
foo: "foo" => "bar"
|
foo: "foo" => "bar"
|
||||||
longfoo: "foo" => "bar" (forces new resource)
|
longfoo: "foo" => "bar" (forces new resource)
|
||||||
|
secretfoo: "<sensitive>" => "<sensitive>" (attribute changed)
|
||||||
`
|
`
|
||||||
|
|
Loading…
Reference in New Issue