ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #27818 from hashicorp/alisdair/unmark-provisioner-config 

core: Unmark provisioner config before validation
This commit is contained in:
Alisdair McDiarmid 2021-02-18 11:27:59 -05:00 committed by GitHub
parent 9de4f472f6 3f017b4413
commit c0b22007fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
terraform/context_validate_test.go
View File

@ -1965,3 +1965,46 @@ resource "test_instance" "a" {
} }
} }
} }
func TestContext2Validate_sensitiveProvisionerConfig(t *testing.T) {
m := testModule(t, "validate-sensitive-provisioner-config")
p := testProvider("aws")
p.GetProviderSchemaResponse = &providers.GetProviderSchemaResponse{
ResourceTypes: map[string]providers.Schema{
"aws_instance": {
Block: &configschema.Block{
Attributes: map[string]*configschema.Attribute{
"foo": {Type: cty.String, Optional: true},
},
},
},
},
}
pr := simpleMockProvisioner()
c := testContext2(t, &ContextOpts{
Config: m,
Providers: map[addrs.Provider]providers.Factory{
addrs.NewDefaultProvider("aws"): testProviderFuncFixed(p),
},
Provisioners: map[string]provisioners.Factory{
"test": testProvisionerFuncFixed(pr),
},
})
pr.ValidateProvisionerConfigFn = func(r provisioners.ValidateProvisionerConfigRequest) provisioners.ValidateProvisionerConfigResponse {
if r.Config.ContainsMarked() {
t.Errorf("provisioner config contains marked values")
}
return pr.ValidateProvisionerConfigResponse
}
diags := c.Validate()
if diags.HasErrors() {
t.Fatalf("unexpected error: %s", diags.Err())
}
if !pr.ValidateProvisionerConfigCalled {
t.Fatal("ValidateProvisionerConfig not called")
}
}

4
terraform/node_resource_validate.go
View File

@ -90,8 +90,10 @@ func (n *NodeValidatableResource) validateProvisioner(ctx EvalContext, p *config
return diags.Append(fmt.Errorf("EvaluateBlock returned nil value")) return diags.Append(fmt.Errorf("EvaluateBlock returned nil value"))
} }
// Use unmarked value for validate request
unmarkedConfigVal, _ := configVal.UnmarkDeep()
req := provisioners.ValidateProvisionerConfigRequest{ req := provisioners.ValidateProvisionerConfigRequest{
Config: configVal, Config: unmarkedConfigVal,
} }
resp := provisioner.ValidateProvisionerConfig(req) resp := provisioner.ValidateProvisionerConfig(req)

11
terraform/testdata/validate-sensitive-provisioner-config/main.tf vendored Normal file
View File

@ -0,0 +1,11 @@
variable "secret" {
type = string
default = " password123"
sensitive = true
}
resource "aws_instance" "foo" {
provisioner "test" {
test_string = var.secret
}
}