Merge pull request #29039 from hashicorp/jbardin/sensitive
New marks.Sensitive type, and audit of sensitive marks usage
This commit is contained in:
commit
c687ebeaf1
|
@ -11,6 +11,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
||||||
viewsjson "github.com/hashicorp/terraform/internal/command/views/json"
|
viewsjson "github.com/hashicorp/terraform/internal/command/views/json"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
)
|
)
|
||||||
|
@ -123,7 +124,7 @@ func TestDiagnostic(t *testing.T) {
|
||||||
EvalContext: &hcl.EvalContext{
|
EvalContext: &hcl.EvalContext{
|
||||||
Variables: map[string]cty.Value{
|
Variables: map[string]cty.Value{
|
||||||
"boop": cty.ObjectVal(map[string]cty.Value{
|
"boop": cty.ObjectVal(map[string]cty.Value{
|
||||||
"beep": cty.StringVal("blah").Mark("sensitive"),
|
"beep": cty.StringVal("blah").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -336,7 +337,7 @@ Whatever shall we do?
|
||||||
EvalContext: &hcl.EvalContext{
|
EvalContext: &hcl.EvalContext{
|
||||||
Variables: map[string]cty.Value{
|
Variables: map[string]cty.Value{
|
||||||
"boop": cty.ObjectVal(map[string]cty.Value{
|
"boop": cty.ObjectVal(map[string]cty.Value{
|
||||||
"beep": cty.StringVal("blah").Mark("sensitive"),
|
"beep": cty.StringVal("blah").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -14,6 +14,7 @@ import (
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/plans/objchange"
|
"github.com/hashicorp/terraform/internal/plans/objchange"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
|
@ -733,7 +734,7 @@ func (p *blockBodyDiffPrinter) writeNestedBlockDiffs(name string, blockS *config
|
||||||
// If either the old or the new value is marked,
|
// If either the old or the new value is marked,
|
||||||
// Display a special diff because it is irrelevant
|
// Display a special diff because it is irrelevant
|
||||||
// to list all obfuscated attributes as (sensitive)
|
// to list all obfuscated attributes as (sensitive)
|
||||||
if old.IsMarked() || new.IsMarked() {
|
if old.HasMark(marks.Sensitive) || new.HasMark(marks.Sensitive) {
|
||||||
p.writeSensitiveNestedBlockDiff(name, old, new, indent, blankBefore, path)
|
p.writeSensitiveNestedBlockDiff(name, old, new, indent, blankBefore, path)
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
@ -1012,7 +1013,7 @@ func (p *blockBodyDiffPrinter) writeNestedBlockDiff(name string, label *string,
|
||||||
|
|
||||||
func (p *blockBodyDiffPrinter) writeValue(val cty.Value, action plans.Action, indent int) {
|
func (p *blockBodyDiffPrinter) writeValue(val cty.Value, action plans.Action, indent int) {
|
||||||
// Could check specifically for the sensitivity marker
|
// Could check specifically for the sensitivity marker
|
||||||
if val.IsMarked() {
|
if val.HasMark(marks.Sensitive) {
|
||||||
p.buf.WriteString("(sensitive)")
|
p.buf.WriteString("(sensitive)")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -1177,7 +1178,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
|
||||||
// However, these specialized implementations can apply only if both
|
// However, these specialized implementations can apply only if both
|
||||||
// values are known and non-null.
|
// values are known and non-null.
|
||||||
if old.IsKnown() && new.IsKnown() && !old.IsNull() && !new.IsNull() && typesEqual {
|
if old.IsKnown() && new.IsKnown() && !old.IsNull() && !new.IsNull() && typesEqual {
|
||||||
if old.IsMarked() || new.IsMarked() {
|
if old.HasMark(marks.Sensitive) || new.HasMark(marks.Sensitive) {
|
||||||
p.buf.WriteString("(sensitive)")
|
p.buf.WriteString("(sensitive)")
|
||||||
if p.pathForcesNewResource(path) {
|
if p.pathForcesNewResource(path) {
|
||||||
p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
|
p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
|
||||||
|
@ -1548,7 +1549,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
|
||||||
switch action {
|
switch action {
|
||||||
case plans.Create, plans.NoOp:
|
case plans.Create, plans.NoOp:
|
||||||
v := new.Index(kV)
|
v := new.Index(kV)
|
||||||
if v.IsMarked() {
|
if v.HasMark(marks.Sensitive) {
|
||||||
p.buf.WriteString("(sensitive)")
|
p.buf.WriteString("(sensitive)")
|
||||||
} else {
|
} else {
|
||||||
p.writeValue(v, action, indent+4)
|
p.writeValue(v, action, indent+4)
|
||||||
|
@ -1558,7 +1559,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
|
||||||
newV := cty.NullVal(oldV.Type())
|
newV := cty.NullVal(oldV.Type())
|
||||||
p.writeValueDiff(oldV, newV, indent+4, path)
|
p.writeValueDiff(oldV, newV, indent+4, path)
|
||||||
default:
|
default:
|
||||||
if oldV.IsMarked() || newV.IsMarked() {
|
if oldV.HasMark(marks.Sensitive) || newV.HasMark(marks.Sensitive) {
|
||||||
p.buf.WriteString("(sensitive)")
|
p.buf.WriteString("(sensitive)")
|
||||||
} else {
|
} else {
|
||||||
p.writeValueDiff(oldV, newV, indent+4, path)
|
p.writeValueDiff(oldV, newV, indent+4, path)
|
||||||
|
@ -1738,7 +1739,7 @@ func (p *blockBodyDiffPrinter) writeSensitivityWarning(old, new cty.Value, inden
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if new.IsMarked() && !old.IsMarked() {
|
if new.HasMark(marks.Sensitive) && !old.HasMark(marks.Sensitive) {
|
||||||
p.buf.WriteString(strings.Repeat(" ", indent))
|
p.buf.WriteString(strings.Repeat(" ", indent))
|
||||||
p.buf.WriteString(p.color.Color(fmt.Sprintf("# [yellow]Warning:[reset] this %s will be marked as sensitive and will not\n", diffType)))
|
p.buf.WriteString(p.color.Color(fmt.Sprintf("# [yellow]Warning:[reset] this %s will be marked as sensitive and will not\n", diffType)))
|
||||||
p.buf.WriteString(strings.Repeat(" ", indent))
|
p.buf.WriteString(strings.Repeat(" ", indent))
|
||||||
|
@ -1746,7 +1747,7 @@ func (p *blockBodyDiffPrinter) writeSensitivityWarning(old, new cty.Value, inden
|
||||||
}
|
}
|
||||||
|
|
||||||
// Note if changing this attribute will change its sensitivity
|
// Note if changing this attribute will change its sensitivity
|
||||||
if old.IsMarked() && !new.IsMarked() {
|
if old.HasMark(marks.Sensitive) && !new.HasMark(marks.Sensitive) {
|
||||||
p.buf.WriteString(strings.Repeat(" ", indent))
|
p.buf.WriteString(strings.Repeat(" ", indent))
|
||||||
p.buf.WriteString(p.color.Color(fmt.Sprintf("# [yellow]Warning:[reset] this %s will no longer be marked as sensitive\n", diffType)))
|
p.buf.WriteString(p.color.Color(fmt.Sprintf("# [yellow]Warning:[reset] this %s will no longer be marked as sensitive\n", diffType)))
|
||||||
p.buf.WriteString(strings.Repeat(" ", indent))
|
p.buf.WriteString(strings.Repeat(" ", indent))
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/mitchellh/colorstring"
|
"github.com/mitchellh/colorstring"
|
||||||
|
@ -3193,28 +3194,28 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(1)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(1)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// Nested blocks/sets will mark the whole set/block as sensitive
|
// Nested blocks/sets will mark the whole set/block as sensitive
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_list"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_list"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
@ -3338,35 +3339,35 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(2)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(2)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
@ -3485,23 +3486,23 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "tags"}, cty.IndexStep{Key: cty.StringVal("address")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "tags"}, cty.IndexStep{Key: cty.StringVal("address")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_single"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_single"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
@ -3598,45 +3599,45 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_map"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_map"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_map"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_map"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
@ -3745,35 +3746,35 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(2)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(2)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
@ -3885,27 +3886,27 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(1)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(1)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
@ -3974,21 +3975,21 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("ami"),
|
Path: cty.GetAttrPath("ami"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("nested_block_set"),
|
Path: cty.GetAttrPath("nested_block_set"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("ami"),
|
Path: cty.GetAttrPath("ami"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("nested_block_set"),
|
Path: cty.GetAttrPath("nested_block_set"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Schema: &configschema.Block{
|
Schema: &configschema.Block{
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
ctyjson "github.com/zclconf/go-cty/cty/json"
|
ctyjson "github.com/zclconf/go-cty/cty/json"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/states/statefile"
|
"github.com/hashicorp/terraform/internal/states/statefile"
|
||||||
"github.com/hashicorp/terraform/internal/terraform"
|
"github.com/hashicorp/terraform/internal/terraform"
|
||||||
|
@ -404,7 +405,7 @@ func marshalResources(resources map[string]*states.Resource, module addrs.Module
|
||||||
}
|
}
|
||||||
|
|
||||||
func SensitiveAsBool(val cty.Value) cty.Value {
|
func SensitiveAsBool(val cty.Value) cty.Value {
|
||||||
if val.HasMark("sensitive") {
|
if val.HasMark(marks.Sensitive) {
|
||||||
return cty.True
|
return cty.True
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/terraform"
|
"github.com/hashicorp/terraform/internal/terraform"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
@ -122,7 +123,7 @@ func TestMarshalAttributeValues(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
"baz": cty.ListVal([]cty.Value{
|
"baz": cty.ListVal([]cty.Value{
|
||||||
cty.StringVal("goodnight"),
|
cty.StringVal("goodnight"),
|
||||||
cty.StringVal("moon").Mark("sensitive"),
|
cty.StringVal("moon").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
attributeValues{
|
attributeValues{
|
||||||
|
@ -660,7 +661,6 @@ func testSchemas() *terraform.Schemas {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSensitiveAsBool(t *testing.T) {
|
func TestSensitiveAsBool(t *testing.T) {
|
||||||
sensitive := "sensitive"
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
Input cty.Value
|
Input cty.Value
|
||||||
Want cty.Value
|
Want cty.Value
|
||||||
|
@ -674,16 +674,16 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.False,
|
cty.False,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.StringVal("hello").Mark(sensitive),
|
cty.StringVal("hello").Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.NullVal(cty.String).Mark(sensitive),
|
cty.NullVal(cty.String).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
cty.NullVal(cty.DynamicPseudoType).Mark(sensitive),
|
cty.NullVal(cty.DynamicPseudoType).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -691,7 +691,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.False,
|
cty.False,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.NullVal(cty.Object(map[string]cty.Type{"test": cty.String})).Mark(sensitive),
|
cty.NullVal(cty.Object(map[string]cty.Type{"test": cty.String})).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -699,7 +699,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.False,
|
cty.False,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.DynamicVal.Mark(sensitive),
|
cty.DynamicVal.Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -708,13 +708,13 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.EmptyTupleVal,
|
cty.EmptyTupleVal,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.ListValEmpty(cty.String).Mark(sensitive),
|
cty.ListValEmpty(cty.String).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.ListVal([]cty.Value{
|
cty.ListVal([]cty.Value{
|
||||||
cty.StringVal("hello"),
|
cty.StringVal("hello"),
|
||||||
cty.StringVal("friend").Mark(sensitive),
|
cty.StringVal("friend").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.TupleVal([]cty.Value{
|
cty.TupleVal([]cty.Value{
|
||||||
cty.False,
|
cty.False,
|
||||||
|
@ -726,7 +726,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.EmptyTupleVal,
|
cty.EmptyTupleVal,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.SetValEmpty(cty.String).Mark(sensitive),
|
cty.SetValEmpty(cty.String).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -734,17 +734,17 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.TupleVal([]cty.Value{cty.False}),
|
cty.TupleVal([]cty.Value{cty.False}),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.SetVal([]cty.Value{cty.StringVal("hello").Mark(sensitive)}),
|
cty.SetVal([]cty.Value{cty.StringVal("hello").Mark(marks.Sensitive)}),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.EmptyTupleVal.Mark(sensitive),
|
cty.EmptyTupleVal.Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.TupleVal([]cty.Value{
|
cty.TupleVal([]cty.Value{
|
||||||
cty.StringVal("hello"),
|
cty.StringVal("hello"),
|
||||||
cty.StringVal("friend").Mark(sensitive),
|
cty.StringVal("friend").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.TupleVal([]cty.Value{
|
cty.TupleVal([]cty.Value{
|
||||||
cty.False,
|
cty.False,
|
||||||
|
@ -756,7 +756,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.EmptyObjectVal,
|
cty.EmptyObjectVal,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.MapValEmpty(cty.String).Mark(sensitive),
|
cty.MapValEmpty(cty.String).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -769,7 +769,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
{
|
{
|
||||||
cty.MapVal(map[string]cty.Value{
|
cty.MapVal(map[string]cty.Value{
|
||||||
"greeting": cty.StringVal("hello"),
|
"greeting": cty.StringVal("hello"),
|
||||||
"animal": cty.StringVal("horse").Mark(sensitive),
|
"animal": cty.StringVal("horse").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"animal": cty.True,
|
"animal": cty.True,
|
||||||
|
@ -778,8 +778,8 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
{
|
{
|
||||||
cty.MapVal(map[string]cty.Value{
|
cty.MapVal(map[string]cty.Value{
|
||||||
"greeting": cty.StringVal("hello"),
|
"greeting": cty.StringVal("hello"),
|
||||||
"animal": cty.StringVal("horse").Mark(sensitive),
|
"animal": cty.StringVal("horse").Mark(marks.Sensitive),
|
||||||
}).Mark(sensitive),
|
}).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -796,7 +796,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
{
|
{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"greeting": cty.StringVal("hello"),
|
"greeting": cty.StringVal("hello"),
|
||||||
"animal": cty.StringVal("horse").Mark(sensitive),
|
"animal": cty.StringVal("horse").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"animal": cty.True,
|
"animal": cty.True,
|
||||||
|
@ -805,8 +805,8 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
{
|
{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"greeting": cty.StringVal("hello"),
|
"greeting": cty.StringVal("hello"),
|
||||||
"animal": cty.StringVal("horse").Mark(sensitive),
|
"animal": cty.StringVal("horse").Mark(marks.Sensitive),
|
||||||
}).Mark(sensitive),
|
}).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -815,7 +815,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
"a": cty.UnknownVal(cty.String),
|
"a": cty.UnknownVal(cty.String),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"a": cty.StringVal("known").Mark(sensitive),
|
"a": cty.StringVal("known").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
cty.TupleVal([]cty.Value{
|
cty.TupleVal([]cty.Value{
|
||||||
|
@ -829,7 +829,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.ListVal([]cty.Value{
|
cty.ListVal([]cty.Value{
|
||||||
cty.MapValEmpty(cty.String),
|
cty.MapValEmpty(cty.String),
|
||||||
cty.MapVal(map[string]cty.Value{
|
cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.StringVal("known").Mark(sensitive),
|
"a": cty.StringVal("known").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.MapVal(map[string]cty.Value{
|
cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.UnknownVal(cty.String),
|
"a": cty.UnknownVal(cty.String),
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/command/arguments"
|
"github.com/hashicorp/terraform/internal/command/arguments"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -156,9 +157,10 @@ func (v *addHuman) writeConfigAttributesFromExisting(buf *strings.Builder, state
|
||||||
} else {
|
} else {
|
||||||
val = attrS.EmptyValue()
|
val = attrS.EmptyValue()
|
||||||
}
|
}
|
||||||
if attrS.Sensitive || val.IsMarked() {
|
if attrS.Sensitive || val.HasMark(marks.Sensitive) {
|
||||||
buf.WriteString("null # sensitive")
|
buf.WriteString("null # sensitive")
|
||||||
} else {
|
} else {
|
||||||
|
val, _ = val.Unmark()
|
||||||
tok := hclwrite.TokensForValue(val)
|
tok := hclwrite.TokensForValue(val)
|
||||||
if _, err := tok.WriteTo(buf); err != nil {
|
if _, err := tok.WriteTo(buf); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -322,7 +324,7 @@ func (v *addHuman) writeConfigBlocksFromExisting(buf *strings.Builder, stateVal
|
||||||
func (v *addHuman) writeConfigNestedTypeAttributeFromExisting(buf *strings.Builder, name string, schema *configschema.Attribute, stateVal cty.Value, indent int) error {
|
func (v *addHuman) writeConfigNestedTypeAttributeFromExisting(buf *strings.Builder, name string, schema *configschema.Attribute, stateVal cty.Value, indent int) error {
|
||||||
switch schema.NestedType.Nesting {
|
switch schema.NestedType.Nesting {
|
||||||
case configschema.NestingSingle:
|
case configschema.NestingSingle:
|
||||||
if schema.Sensitive || stateVal.IsMarked() {
|
if schema.Sensitive || stateVal.HasMark(marks.Sensitive) {
|
||||||
buf.WriteString(strings.Repeat(" ", indent))
|
buf.WriteString(strings.Repeat(" ", indent))
|
||||||
buf.WriteString(fmt.Sprintf("%s = {} # sensitive\n", name))
|
buf.WriteString(fmt.Sprintf("%s = {} # sensitive\n", name))
|
||||||
return nil
|
return nil
|
||||||
|
@ -347,7 +349,7 @@ func (v *addHuman) writeConfigNestedTypeAttributeFromExisting(buf *strings.Build
|
||||||
buf.WriteString(strings.Repeat(" ", indent))
|
buf.WriteString(strings.Repeat(" ", indent))
|
||||||
buf.WriteString(fmt.Sprintf("%s = [", name))
|
buf.WriteString(fmt.Sprintf("%s = [", name))
|
||||||
|
|
||||||
if schema.Sensitive || stateVal.IsMarked() {
|
if schema.Sensitive || stateVal.HasMark(marks.Sensitive) {
|
||||||
buf.WriteString("] # sensitive\n")
|
buf.WriteString("] # sensitive\n")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -359,7 +361,7 @@ func (v *addHuman) writeConfigNestedTypeAttributeFromExisting(buf *strings.Build
|
||||||
buf.WriteString(strings.Repeat(" ", indent+2))
|
buf.WriteString(strings.Repeat(" ", indent+2))
|
||||||
|
|
||||||
// The entire element is marked.
|
// The entire element is marked.
|
||||||
if listVals[i].IsMarked() {
|
if listVals[i].HasMark(marks.Sensitive) {
|
||||||
buf.WriteString("{}, # sensitive\n")
|
buf.WriteString("{}, # sensitive\n")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -379,7 +381,7 @@ func (v *addHuman) writeConfigNestedTypeAttributeFromExisting(buf *strings.Build
|
||||||
buf.WriteString(strings.Repeat(" ", indent))
|
buf.WriteString(strings.Repeat(" ", indent))
|
||||||
buf.WriteString(fmt.Sprintf("%s = {", name))
|
buf.WriteString(fmt.Sprintf("%s = {", name))
|
||||||
|
|
||||||
if schema.Sensitive || stateVal.IsMarked() {
|
if schema.Sensitive || stateVal.HasMark(marks.Sensitive) {
|
||||||
buf.WriteString(" } # sensitive\n")
|
buf.WriteString(" } # sensitive\n")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -397,7 +399,7 @@ func (v *addHuman) writeConfigNestedTypeAttributeFromExisting(buf *strings.Build
|
||||||
buf.WriteString(fmt.Sprintf("%s = {", key))
|
buf.WriteString(fmt.Sprintf("%s = {", key))
|
||||||
|
|
||||||
// This entire value is marked
|
// This entire value is marked
|
||||||
if vals[key].IsMarked() {
|
if vals[key].HasMark(marks.Sensitive) {
|
||||||
buf.WriteString("} # sensitive\n")
|
buf.WriteString("} # sensitive\n")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -426,7 +428,7 @@ func (v *addHuman) writeConfigNestedBlockFromExisting(buf *strings.Builder, name
|
||||||
buf.WriteString(fmt.Sprintf("%s {", name))
|
buf.WriteString(fmt.Sprintf("%s {", name))
|
||||||
|
|
||||||
// If the entire value is marked, don't print any nested attributes
|
// If the entire value is marked, don't print any nested attributes
|
||||||
if stateVal.IsMarked() {
|
if stateVal.HasMark(marks.Sensitive) {
|
||||||
buf.WriteString("} # sensitive\n")
|
buf.WriteString("} # sensitive\n")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -440,7 +442,7 @@ func (v *addHuman) writeConfigNestedBlockFromExisting(buf *strings.Builder, name
|
||||||
buf.WriteString("}\n")
|
buf.WriteString("}\n")
|
||||||
return nil
|
return nil
|
||||||
case configschema.NestingList, configschema.NestingSet:
|
case configschema.NestingList, configschema.NestingSet:
|
||||||
if stateVal.IsMarked() {
|
if stateVal.HasMark(marks.Sensitive) {
|
||||||
buf.WriteString(strings.Repeat(" ", indent))
|
buf.WriteString(strings.Repeat(" ", indent))
|
||||||
buf.WriteString(fmt.Sprintf("%s {} # sensitive\n", name))
|
buf.WriteString(fmt.Sprintf("%s {} # sensitive\n", name))
|
||||||
return nil
|
return nil
|
||||||
|
@ -460,7 +462,7 @@ func (v *addHuman) writeConfigNestedBlockFromExisting(buf *strings.Builder, name
|
||||||
return nil
|
return nil
|
||||||
case configschema.NestingMap:
|
case configschema.NestingMap:
|
||||||
// If the entire value is marked, don't print any nested attributes
|
// If the entire value is marked, don't print any nested attributes
|
||||||
if stateVal.IsMarked() {
|
if stateVal.HasMark(marks.Sensitive) {
|
||||||
buf.WriteString(fmt.Sprintf("%s {} # sensitive\n", name))
|
buf.WriteString(fmt.Sprintf("%s {} # sensitive\n", name))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -475,7 +477,7 @@ func (v *addHuman) writeConfigNestedBlockFromExisting(buf *strings.Builder, name
|
||||||
buf.WriteString(strings.Repeat(" ", indent))
|
buf.WriteString(strings.Repeat(" ", indent))
|
||||||
buf.WriteString(fmt.Sprintf("%s %q {", name, key))
|
buf.WriteString(fmt.Sprintf("%s %q {", name, key))
|
||||||
// This entire map element is marked
|
// This entire map element is marked
|
||||||
if vals[key].IsMarked() {
|
if vals[key].HasMark(marks.Sensitive) {
|
||||||
buf.WriteString("} # sensitive\n")
|
buf.WriteString("} # sensitive\n")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/terminal"
|
"github.com/hashicorp/terraform/internal/terminal"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -342,7 +343,7 @@ func TestAdd_writeConfigBlocksFromExisting(t *testing.T) {
|
||||||
v := addHuman{optional: true}
|
v := addHuman{optional: true}
|
||||||
val := cty.ObjectVal(map[string]cty.Value{
|
val := cty.ObjectVal(map[string]cty.Value{
|
||||||
"root_block_device": cty.ObjectVal(map[string]cty.Value{
|
"root_block_device": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("foo").Mark("bar"),
|
"volume_type": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingSingle)
|
schema := addTestSchema(configschema.NestingSingle)
|
||||||
|
@ -365,7 +366,7 @@ func TestAdd_writeConfigBlocksFromExisting(t *testing.T) {
|
||||||
"root_block_device": cty.ObjectVal(map[string]cty.Value{
|
"root_block_device": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("foo"),
|
"volume_type": cty.StringVal("foo"),
|
||||||
}),
|
}),
|
||||||
}).Mark("bar")
|
}).Mark(marks.Sensitive)
|
||||||
schema := addTestSchema(configschema.NestingSingle)
|
schema := addTestSchema(configschema.NestingSingle)
|
||||||
var buf strings.Builder
|
var buf strings.Builder
|
||||||
v.writeConfigBlocksFromExisting(&buf, val, schema.BlockTypes, 0)
|
v.writeConfigBlocksFromExisting(&buf, val, schema.BlockTypes, 0)
|
||||||
|
@ -412,7 +413,7 @@ root_block_device {
|
||||||
val := cty.ObjectVal(map[string]cty.Value{
|
val := cty.ObjectVal(map[string]cty.Value{
|
||||||
"root_block_device": cty.ListVal([]cty.Value{
|
"root_block_device": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("foo").Mark("sensitive"),
|
"volume_type": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
|
@ -446,7 +447,7 @@ root_block_device {
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
}),
|
}),
|
||||||
}).Mark("mark"),
|
}).Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingList)
|
schema := addTestSchema(configschema.NestingList)
|
||||||
var buf strings.Builder
|
var buf strings.Builder
|
||||||
|
@ -500,7 +501,7 @@ root_block_device {
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingSet)
|
schema := addTestSchema(configschema.NestingSet)
|
||||||
var buf strings.Builder
|
var buf strings.Builder
|
||||||
|
@ -549,7 +550,7 @@ root_block_device "2" {
|
||||||
val := cty.ObjectVal(map[string]cty.Value{
|
val := cty.ObjectVal(map[string]cty.Value{
|
||||||
"root_block_device": cty.MapVal(map[string]cty.Value{
|
"root_block_device": cty.MapVal(map[string]cty.Value{
|
||||||
"1": cty.ObjectVal(map[string]cty.Value{
|
"1": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("foo").Mark("sensitive"),
|
"volume_type": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
"2": cty.ObjectVal(map[string]cty.Value{
|
"2": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
|
@ -583,7 +584,7 @@ root_block_device "2" {
|
||||||
"2": cty.ObjectVal(map[string]cty.Value{
|
"2": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingMap)
|
schema := addTestSchema(configschema.NestingMap)
|
||||||
var buf strings.Builder
|
var buf strings.Builder
|
||||||
|
@ -606,7 +607,7 @@ root_block_device "2" {
|
||||||
}),
|
}),
|
||||||
"2": cty.ObjectVal(map[string]cty.Value{
|
"2": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingMap)
|
schema := addTestSchema(configschema.NestingMap)
|
||||||
|
@ -783,13 +784,13 @@ func TestAdd_WriteConfigNestedTypeAttributeFromExisting(t *testing.T) {
|
||||||
"disks": cty.ListVal([]cty.Value{
|
"disks": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"mount_point": cty.StringVal("/mnt/foo"),
|
"mount_point": cty.StringVal("/mnt/foo"),
|
||||||
"size": cty.StringVal("50GB").Mark("hi"),
|
"size": cty.StringVal("50GB").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
// This is an odd example, where the entire element is marked.
|
// This is an odd example, where the entire element is marked.
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"mount_point": cty.StringVal("/mnt/bar"),
|
"mount_point": cty.StringVal("/mnt/bar"),
|
||||||
"size": cty.StringVal("250GB"),
|
"size": cty.StringVal("250GB"),
|
||||||
}).Mark("bye"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -825,7 +826,7 @@ func TestAdd_WriteConfigNestedTypeAttributeFromExisting(t *testing.T) {
|
||||||
"size": cty.StringVal("250GB"),
|
"size": cty.StringVal("250GB"),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive")
|
}).Mark(marks.Sensitive)
|
||||||
|
|
||||||
schema := addTestSchema(configschema.NestingList)
|
schema := addTestSchema(configschema.NestingList)
|
||||||
var buf strings.Builder
|
var buf strings.Builder
|
||||||
|
@ -880,12 +881,12 @@ func TestAdd_WriteConfigNestedTypeAttributeFromExisting(t *testing.T) {
|
||||||
"disks": cty.MapVal(map[string]cty.Value{
|
"disks": cty.MapVal(map[string]cty.Value{
|
||||||
"foo": cty.ObjectVal(map[string]cty.Value{
|
"foo": cty.ObjectVal(map[string]cty.Value{
|
||||||
"mount_point": cty.StringVal("/mnt/foo"),
|
"mount_point": cty.StringVal("/mnt/foo"),
|
||||||
"size": cty.StringVal("50GB").Mark("sensitive"),
|
"size": cty.StringVal("50GB").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
"bar": cty.ObjectVal(map[string]cty.Value{
|
"bar": cty.ObjectVal(map[string]cty.Value{
|
||||||
"mount_point": cty.StringVal("/mnt/bar"),
|
"mount_point": cty.StringVal("/mnt/bar"),
|
||||||
"size": cty.StringVal("250GB"),
|
"size": cty.StringVal("250GB"),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingMap)
|
schema := addTestSchema(configschema.NestingMap)
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/command/arguments"
|
"github.com/hashicorp/terraform/internal/command/arguments"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/terminal"
|
"github.com/hashicorp/terraform/internal/terminal"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
@ -228,7 +229,7 @@ func TestApplyJSON_outputs(t *testing.T) {
|
||||||
|
|
||||||
v.Outputs(map[string]*states.OutputValue{
|
v.Outputs(map[string]*states.OutputValue{
|
||||||
"boop_count": {Value: cty.NumberIntVal(92)},
|
"boop_count": {Value: cty.NumberIntVal(92)},
|
||||||
"password": {Value: cty.StringVal("horse-battery").Mark("sensitive"), Sensitive: true},
|
"password": {Value: cty.StringVal("horse-battery").Mark(marks.Sensitive), Sensitive: true},
|
||||||
})
|
})
|
||||||
|
|
||||||
want := []map[string]interface{}{
|
want := []map[string]interface{}{
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hcled"
|
"github.com/hashicorp/hcl/v2/hcled"
|
||||||
"github.com/hashicorp/hcl/v2/hclparse"
|
"github.com/hashicorp/hcl/v2/hclparse"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -260,7 +261,7 @@ func NewDiagnostic(diag tfdiags.Diagnostic, sources map[string][]byte) *Diagnost
|
||||||
Traversal: traversalStr,
|
Traversal: traversalStr,
|
||||||
}
|
}
|
||||||
switch {
|
switch {
|
||||||
case val.IsMarked():
|
case val.HasMark(marks.Sensitive):
|
||||||
// We won't say anything at all about sensitive values,
|
// We won't say anything at all about sensitive values,
|
||||||
// because we might give away something that was
|
// because we might give away something that was
|
||||||
// sensitive about them.
|
// sensitive about them.
|
||||||
|
@ -323,7 +324,7 @@ func compactValueStr(val cty.Value) string {
|
||||||
// helpful but concise messages in diagnostics. It is not comprehensive
|
// helpful but concise messages in diagnostics. It is not comprehensive
|
||||||
// nor intended to be used for other purposes.
|
// nor intended to be used for other purposes.
|
||||||
|
|
||||||
if val.IsMarked() {
|
if val.HasMark(marks.Sensitive) {
|
||||||
// We check this in here just to make sure, but note that the caller
|
// We check this in here just to make sure, but note that the caller
|
||||||
// of compactValueStr ought to have already checked this and skipped
|
// of compactValueStr ought to have already checked this and skipped
|
||||||
// calling into compactValueStr anyway, so this shouldn't actually
|
// calling into compactValueStr anyway, so this shouldn't actually
|
||||||
|
|
|
@ -12,6 +12,7 @@ import (
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hcltest"
|
"github.com/hashicorp/hcl/v2/hcltest"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -360,7 +361,7 @@ func TestNewDiagnostic(t *testing.T) {
|
||||||
Variables: map[string]cty.Value{
|
Variables: map[string]cty.Value{
|
||||||
"var": cty.ObjectVal(map[string]cty.Value{
|
"var": cty.ObjectVal(map[string]cty.Value{
|
||||||
"boop": cty.MapVal(map[string]cty.Value{
|
"boop": cty.MapVal(map[string]cty.Value{
|
||||||
"hello!": cty.StringVal("bleurgh").Mark("sensitive"),
|
"hello!": cty.StringVal("bleurgh").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
|
@ -416,7 +417,7 @@ func TestNewDiagnostic(t *testing.T) {
|
||||||
Variables: map[string]cty.Value{
|
Variables: map[string]cty.Value{
|
||||||
"var": cty.ObjectVal(map[string]cty.Value{
|
"var": cty.ObjectVal(map[string]cty.Value{
|
||||||
"boop": cty.MapVal(map[string]cty.Value{
|
"boop": cty.MapVal(map[string]cty.Value{
|
||||||
"hello!": cty.StringVal("bleurgh").Mark("sensitive"),
|
"hello!": cty.StringVal("bleurgh").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
|
@ -597,7 +598,7 @@ func TestNewDiagnostic(t *testing.T) {
|
||||||
"a": cty.True,
|
"a": cty.True,
|
||||||
"b": cty.NumberFloatVal(123.45),
|
"b": cty.NumberFloatVal(123.45),
|
||||||
"c": cty.NullVal(cty.String),
|
"c": cty.NullVal(cty.String),
|
||||||
"d": cty.StringVal("secret").Mark("sensitive"),
|
"d": cty.StringVal("secret").Mark(marks.Sensitive),
|
||||||
"e": cty.False,
|
"e": cty.False,
|
||||||
"f": cty.ListValEmpty(cty.String),
|
"f": cty.ListValEmpty(cty.String),
|
||||||
"g": cty.MapVal(map[string]cty.Value{
|
"g": cty.MapVal(map[string]cty.Value{
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -17,7 +18,7 @@ func TestOutputsFromMap(t *testing.T) {
|
||||||
},
|
},
|
||||||
// Sensitive string output
|
// Sensitive string output
|
||||||
"beep": {
|
"beep": {
|
||||||
Value: cty.StringVal("horse-battery").Mark("sensitive"),
|
Value: cty.StringVal("horse-battery").Mark(marks.Sensitive),
|
||||||
Sensitive: true,
|
Sensitive: true,
|
||||||
},
|
},
|
||||||
// Sensitive object output which is marked at the leaf
|
// Sensitive object output which is marked at the leaf
|
||||||
|
@ -25,7 +26,7 @@ func TestOutputsFromMap(t *testing.T) {
|
||||||
Value: cty.ObjectVal(map[string]cty.Value{
|
Value: cty.ObjectVal(map[string]cty.Value{
|
||||||
"a": cty.ObjectVal(map[string]cty.Value{
|
"a": cty.ObjectVal(map[string]cty.Value{
|
||||||
"b": cty.ObjectVal(map[string]cty.Value{
|
"b": cty.ObjectVal(map[string]cty.Value{
|
||||||
"c": cty.StringVal("oh, hi").Mark("sensitive"),
|
"c": cty.StringVal("oh, hi").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/command/arguments"
|
"github.com/hashicorp/terraform/internal/command/arguments"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/terminal"
|
"github.com/hashicorp/terraform/internal/terminal"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
@ -80,7 +81,7 @@ func TestRefreshJSON_outputs(t *testing.T) {
|
||||||
|
|
||||||
v.Outputs(map[string]*states.OutputValue{
|
v.Outputs(map[string]*states.OutputValue{
|
||||||
"boop_count": {Value: cty.NumberIntVal(92)},
|
"boop_count": {Value: cty.NumberIntVal(92)},
|
||||||
"password": {Value: cty.StringVal("horse-battery").Mark("sensitive"), Sensitive: true},
|
"password": {Value: cty.StringVal("horse-battery").Mark(marks.Sensitive), Sensitive: true},
|
||||||
})
|
})
|
||||||
|
|
||||||
want := []map[string]interface{}{
|
want := []map[string]interface{}{
|
||||||
|
|
|
@ -3,6 +3,7 @@ package configschema
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -19,7 +20,7 @@ func (b *Block) ValueMarks(val cty.Value, path cty.Path) []cty.PathValueMarks {
|
||||||
attrPath = append(path, cty.GetAttrStep{Name: name})
|
attrPath = append(path, cty.GetAttrStep{Name: name})
|
||||||
pvm = append(pvm, cty.PathValueMarks{
|
pvm = append(pvm, cty.PathValueMarks{
|
||||||
Path: attrPath,
|
Path: attrPath,
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -58,7 +59,7 @@ func TestBlockValueMarks(t *testing.T) {
|
||||||
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
|
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive": cty.UnknownVal(cty.String).Mark("sensitive"),
|
"sensitive": cty.UnknownVal(cty.String).Mark(marks.Sensitive),
|
||||||
"unsensitive": cty.UnknownVal(cty.String),
|
"unsensitive": cty.UnknownVal(cty.String),
|
||||||
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
|
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
|
||||||
}),
|
}),
|
||||||
|
@ -79,15 +80,15 @@ func TestBlockValueMarks(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive": cty.NullVal(cty.String).Mark("sensitive"),
|
"sensitive": cty.NullVal(cty.String).Mark(marks.Sensitive),
|
||||||
"unsensitive": cty.UnknownVal(cty.String),
|
"unsensitive": cty.UnknownVal(cty.String),
|
||||||
"list": cty.ListVal([]cty.Value{
|
"list": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive": cty.UnknownVal(cty.String).Mark("sensitive"),
|
"sensitive": cty.UnknownVal(cty.String).Mark(marks.Sensitive),
|
||||||
"unsensitive": cty.UnknownVal(cty.String),
|
"unsensitive": cty.UnknownVal(cty.String),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive": cty.NullVal(cty.String).Mark("sensitive"),
|
"sensitive": cty.NullVal(cty.String).Mark(marks.Sensitive),
|
||||||
"unsensitive": cty.NullVal(cty.String),
|
"unsensitive": cty.NullVal(cty.String),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
"github.com/zclconf/go-cty/cty/convert"
|
"github.com/zclconf/go-cty/cty/convert"
|
||||||
"github.com/zclconf/go-cty/cty/function"
|
"github.com/zclconf/go-cty/cty/function"
|
||||||
|
@ -62,28 +63,29 @@ func MakeToFunc(wantTy cty.Type) function.Function {
|
||||||
// to be known here but may still be null.
|
// to be known here but may still be null.
|
||||||
ret, err := convert.Convert(args[0], retType)
|
ret, err := convert.Convert(args[0], retType)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
val, _ := args[0].UnmarkDeep()
|
||||||
// Because we used GetConversionUnsafe above, conversion can
|
// Because we used GetConversionUnsafe above, conversion can
|
||||||
// still potentially fail in here. For example, if the user
|
// still potentially fail in here. For example, if the user
|
||||||
// asks to convert the string "a" to bool then we'll
|
// asks to convert the string "a" to bool then we'll
|
||||||
// optimistically permit it during type checking but fail here
|
// optimistically permit it during type checking but fail here
|
||||||
// once we note that the value isn't either "true" or "false".
|
// once we note that the value isn't either "true" or "false".
|
||||||
gotTy := args[0].Type()
|
gotTy := val.Type()
|
||||||
switch {
|
switch {
|
||||||
case args[0].ContainsMarked():
|
case marks.Contains(args[0], marks.Sensitive):
|
||||||
// Generic message so we won't inadvertently disclose
|
// Generic message so we won't inadvertently disclose
|
||||||
// information about sensitive values.
|
// information about sensitive values.
|
||||||
return cty.NilVal, function.NewArgErrorf(0, "cannot convert this sensitive %s to %s", gotTy.FriendlyName(), wantTy.FriendlyNameForConstraint())
|
return cty.NilVal, function.NewArgErrorf(0, "cannot convert this sensitive %s to %s", gotTy.FriendlyName(), wantTy.FriendlyNameForConstraint())
|
||||||
|
|
||||||
case gotTy == cty.String && wantTy == cty.Bool:
|
case gotTy == cty.String && wantTy == cty.Bool:
|
||||||
what := "string"
|
what := "string"
|
||||||
if !args[0].IsNull() {
|
if !val.IsNull() {
|
||||||
what = strconv.Quote(args[0].AsString())
|
what = strconv.Quote(val.AsString())
|
||||||
}
|
}
|
||||||
return cty.NilVal, function.NewArgErrorf(0, `cannot convert %s to bool; only the strings "true" or "false" are allowed`, what)
|
return cty.NilVal, function.NewArgErrorf(0, `cannot convert %s to bool; only the strings "true" or "false" are allowed`, what)
|
||||||
case gotTy == cty.String && wantTy == cty.Number:
|
case gotTy == cty.String && wantTy == cty.Number:
|
||||||
what := "string"
|
what := "string"
|
||||||
if !args[0].IsNull() {
|
if !val.IsNull() {
|
||||||
what = strconv.Quote(args[0].AsString())
|
what = strconv.Quote(val.AsString())
|
||||||
}
|
}
|
||||||
return cty.NilVal, function.NewArgErrorf(0, `cannot convert %s to number; given string must be a decimal representation of a number`, what)
|
return cty.NilVal, function.NewArgErrorf(0, `cannot convert %s to number; given string must be a decimal representation of a number`, what)
|
||||||
default:
|
default:
|
||||||
|
@ -107,7 +109,7 @@ var TypeFunc = function.New(&function.Spec{
|
||||||
},
|
},
|
||||||
Type: function.StaticReturnType(cty.String),
|
Type: function.StaticReturnType(cty.String),
|
||||||
Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) {
|
Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) {
|
||||||
return cty.StringVal(TypeString(args[0].Type())).Mark("raw"), nil
|
return cty.StringVal(TypeString(args[0].Type())).Mark(marks.Raw), nil
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -61,6 +62,12 @@ func TestTo(t *testing.T) {
|
||||||
cty.StringVal("a").Mark("boop"),
|
cty.StringVal("a").Mark("boop"),
|
||||||
cty.Bool,
|
cty.Bool,
|
||||||
cty.DynamicVal,
|
cty.DynamicVal,
|
||||||
|
`cannot convert "a" to bool; only the strings "true" or "false" are allowed`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
cty.StringVal("a").Mark(marks.Sensitive),
|
||||||
|
cty.Bool,
|
||||||
|
cty.DynamicVal,
|
||||||
`cannot convert this sensitive string to bool`,
|
`cannot convert this sensitive string to bool`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -73,6 +80,12 @@ func TestTo(t *testing.T) {
|
||||||
cty.StringVal("a").Mark("boop"),
|
cty.StringVal("a").Mark("boop"),
|
||||||
cty.Number,
|
cty.Number,
|
||||||
cty.DynamicVal,
|
cty.DynamicVal,
|
||||||
|
`cannot convert "a" to number; given string must be a decimal representation of a number`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
cty.StringVal("a").Mark(marks.Sensitive),
|
||||||
|
cty.Number,
|
||||||
|
cty.DynamicVal,
|
||||||
`cannot convert this sensitive string to number`,
|
`cannot convert this sensitive string to number`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package funcs
|
package funcs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
"github.com/zclconf/go-cty/cty/function"
|
"github.com/zclconf/go-cty/cty/function"
|
||||||
)
|
)
|
||||||
|
@ -25,7 +26,7 @@ var SensitiveFunc = function.New(&function.Spec{
|
||||||
},
|
},
|
||||||
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
||||||
val, _ := args[0].Unmark()
|
val, _ := args[0].Unmark()
|
||||||
return val.Mark("sensitive"), nil
|
return val.Mark(marks.Sensitive), nil
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -48,12 +49,12 @@ var NonsensitiveFunc = function.New(&function.Spec{
|
||||||
return args[0].Type(), nil
|
return args[0].Type(), nil
|
||||||
},
|
},
|
||||||
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
||||||
if args[0].IsKnown() && !args[0].HasMark("sensitive") {
|
if args[0].IsKnown() && !args[0].HasMark(marks.Sensitive) {
|
||||||
return cty.DynamicVal, function.NewArgErrorf(0, "the given value is not sensitive, so this call is redundant")
|
return cty.DynamicVal, function.NewArgErrorf(0, "the given value is not sensitive, so this call is redundant")
|
||||||
}
|
}
|
||||||
v, marks := args[0].Unmark()
|
v, m := args[0].Unmark()
|
||||||
delete(marks, "sensitive") // remove the sensitive marking
|
delete(m, marks.Sensitive) // remove the sensitive marking
|
||||||
return v.WithMarks(marks), nil
|
return v.WithMarks(m), nil
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -38,7 +39,7 @@ func TestSensitive(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// A value already marked is allowed and stays marked
|
// A value already marked is allowed and stays marked
|
||||||
cty.NumberIntVal(1).Mark("sensitive"),
|
cty.NumberIntVal(1).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -52,7 +53,7 @@ func TestSensitive(t *testing.T) {
|
||||||
{
|
{
|
||||||
// A value deep already marked is allowed and stays marked,
|
// A value deep already marked is allowed and stays marked,
|
||||||
// _and_ we'll also mark the outer collection as sensitive.
|
// _and_ we'll also mark the outer collection as sensitive.
|
||||||
cty.ListVal([]cty.Value{cty.NumberIntVal(1).Mark("sensitive")}),
|
cty.ListVal([]cty.Value{cty.NumberIntVal(1).Mark(marks.Sensitive)}),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -73,7 +74,7 @@ func TestSensitive(t *testing.T) {
|
||||||
t.Fatalf("unexpected error: %s", err)
|
t.Fatalf("unexpected error: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !got.HasMark("sensitive") {
|
if !got.HasMark(marks.Sensitive) {
|
||||||
t.Errorf("result is not marked sensitive")
|
t.Errorf("result is not marked sensitive")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -105,24 +106,24 @@ func TestNonsensitive(t *testing.T) {
|
||||||
WantErr string
|
WantErr string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
cty.NumberIntVal(1).Mark("sensitive"),
|
cty.NumberIntVal(1).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.DynamicVal.Mark("sensitive"),
|
cty.DynamicVal.Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.UnknownVal(cty.String).Mark("sensitive"),
|
cty.UnknownVal(cty.String).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.NullVal(cty.EmptyObject).Mark("sensitive"),
|
cty.NullVal(cty.EmptyObject).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// The inner sensitive remains afterwards
|
// The inner sensitive remains afterwards
|
||||||
cty.ListVal([]cty.Value{cty.NumberIntVal(1).Mark("sensitive")}).Mark("sensitive"),
|
cty.ListVal([]cty.Value{cty.NumberIntVal(1).Mark(marks.Sensitive)}).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -166,7 +167,7 @@ func TestNonsensitive(t *testing.T) {
|
||||||
t.Fatalf("unexpected error: %s", err)
|
t.Fatalf("unexpected error: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if got.HasMark("sensitive") {
|
if got.HasMark(marks.Sensitive) {
|
||||||
t.Errorf("result is still marked sensitive")
|
t.Errorf("result is still marked sensitive")
|
||||||
}
|
}
|
||||||
wantRaw, _ := test.Input.Unmark()
|
wantRaw, _ := test.Input.Unmark()
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hclsyntax"
|
"github.com/hashicorp/hcl/v2/hclsyntax"
|
||||||
"github.com/hashicorp/terraform/internal/experiments"
|
"github.com/hashicorp/terraform/internal/experiments"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
homedir "github.com/mitchellh/go-homedir"
|
homedir "github.com/mitchellh/go-homedir"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -715,7 +716,7 @@ func TestFunctions(t *testing.T) {
|
||||||
"sensitive": {
|
"sensitive": {
|
||||||
{
|
{
|
||||||
`sensitive(1)`,
|
`sensitive(1)`,
|
||||||
cty.NumberIntVal(1).Mark("sensitive"),
|
cty.NumberIntVal(1).Mark(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,43 @@
|
||||||
|
package marks
|
||||||
|
|
||||||
|
import (
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
)
|
||||||
|
|
||||||
|
// valueMarks allow creating strictly typed values for use as cty.Value marks.
|
||||||
|
// The variable name for new values should be the title-cased format of the
|
||||||
|
// value to better match the GoString output for debugging.
|
||||||
|
type valueMark string
|
||||||
|
|
||||||
|
func (m valueMark) GoString() string {
|
||||||
|
return "marks." + strings.Title(string(m))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Has returns true if and only if the cty.Value has the given mark.
|
||||||
|
func Has(val cty.Value, mark valueMark) bool {
|
||||||
|
return val.HasMark(mark)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Contains returns true if the cty.Value or any any value within it contains
|
||||||
|
// the given mark.
|
||||||
|
func Contains(val cty.Value, mark valueMark) bool {
|
||||||
|
ret := false
|
||||||
|
cty.Walk(val, func(_ cty.Path, v cty.Value) (bool, error) {
|
||||||
|
if v.HasMark(mark) {
|
||||||
|
ret = true
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
return true, nil
|
||||||
|
})
|
||||||
|
return ret
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sensitive indicates that this value is marked as sensitive in the context of
|
||||||
|
// Terraform.
|
||||||
|
var Sensitive = valueMark("sensitive")
|
||||||
|
|
||||||
|
// Raw is used to indicate to the repl that the value should be written without
|
||||||
|
// any formatting.
|
||||||
|
var Raw = valueMark("raw")
|
|
@ -4,13 +4,14 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestChangeEncodeSensitive(t *testing.T) {
|
func TestChangeEncodeSensitive(t *testing.T) {
|
||||||
testVals := []cty.Value{
|
testVals := []cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"ding": cty.StringVal("dong").Mark("sensitive"),
|
"ding": cty.StringVal("dong").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.StringVal("bleep").Mark("bloop"),
|
cty.StringVal("bleep").Mark("bloop"),
|
||||||
cty.ListVal([]cty.Value{cty.UnknownVal(cty.String).Mark("sup?")}),
|
cty.ListVal([]cty.Value{cty.UnknownVal(cty.String).Mark("sup?")}),
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty/convert"
|
"github.com/zclconf/go-cty/cty/convert"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AssertObjectCompatible checks whether the given "actual" value is a valid
|
// AssertObjectCompatible checks whether the given "actual" value is a valid
|
||||||
|
@ -57,11 +58,11 @@ func assertObjectCompatible(schema *configschema.Block, planned, actual cty.Valu
|
||||||
// exposing a value through errors
|
// exposing a value through errors
|
||||||
unmarkedActualV, marksA := actualV.UnmarkDeep()
|
unmarkedActualV, marksA := actualV.UnmarkDeep()
|
||||||
unmarkedPlannedV, marksP := plannedV.UnmarkDeep()
|
unmarkedPlannedV, marksP := plannedV.UnmarkDeep()
|
||||||
_, isMarkedActual := marksA["sensitive"]
|
_, isSensitiveActual := marksA[marks.Sensitive]
|
||||||
_, isMarkedPlanned := marksP["sensitive"]
|
_, isSensitivePlanned := marksP[marks.Sensitive]
|
||||||
|
|
||||||
moreErrs := assertValueCompatible(unmarkedPlannedV, unmarkedActualV, path)
|
moreErrs := assertValueCompatible(unmarkedPlannedV, unmarkedActualV, path)
|
||||||
if attrS.Sensitive || isMarkedActual || isMarkedPlanned {
|
if attrS.Sensitive || isSensitiveActual || isSensitivePlanned {
|
||||||
if len(moreErrs) > 0 {
|
if len(moreErrs) > 0 {
|
||||||
// Use a vague placeholder message instead, to avoid disclosing
|
// Use a vague placeholder message instead, to avoid disclosing
|
||||||
// sensitive information.
|
// sensitive information.
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -155,7 +156,7 @@ func TestAssertObjectCompatible(t *testing.T) {
|
||||||
},
|
},
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.UnknownVal(cty.String),
|
"id": cty.UnknownVal(cty.String),
|
||||||
"name": cty.StringVal("wotsit").Mark("sensitive"),
|
"name": cty.StringVal("wotsit").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.UnknownVal(cty.String),
|
"id": cty.UnknownVal(cty.String),
|
||||||
|
@ -184,7 +185,7 @@ func TestAssertObjectCompatible(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.UnknownVal(cty.String),
|
"id": cty.UnknownVal(cty.String),
|
||||||
"name": cty.StringVal("thingy").Mark("sensitive"),
|
"name": cty.StringVal("thingy").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
[]string{
|
[]string{
|
||||||
`.name: inconsistent values for sensitive attribute`,
|
`.name: inconsistent values for sensitive attribute`,
|
||||||
|
@ -216,7 +217,7 @@ func TestAssertObjectCompatible(t *testing.T) {
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"foo": cty.StringVal("secret"),
|
"foo": cty.StringVal("secret"),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
|
@ -227,7 +228,7 @@ func TestAssertObjectCompatible(t *testing.T) {
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"foo": cty.StringVal("secret"),
|
"foo": cty.StringVal("secret"),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -89,16 +90,16 @@ func TestLongestCommonSubsequence(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.Value{
|
[]cty.Value{
|
||||||
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark("sensitive")}),
|
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark(marks.Sensitive)}),
|
||||||
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
||||||
},
|
},
|
||||||
[]cty.Value{
|
[]cty.Value{
|
||||||
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark("sensitive")}),
|
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark(marks.Sensitive)}),
|
||||||
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
||||||
cty.MapVal(map[string]cty.Value{"c": cty.StringVal("z")}),
|
cty.MapVal(map[string]cty.Value{"c": cty.StringVal("z")}),
|
||||||
},
|
},
|
||||||
[]cty.Value{
|
[]cty.Value{
|
||||||
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark("sensitive")}),
|
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark(marks.Sensitive)}),
|
||||||
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"google.golang.org/protobuf/proto"
|
"google.golang.org/protobuf/proto"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/plans/internal/planproto"
|
"github.com/hashicorp/terraform/internal/plans/internal/planproto"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
|
@ -315,7 +316,7 @@ func changeFromTfplan(rawChange *planproto.Change) (*plans.ChangeSrc, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sensitive := cty.NewValueMarks("sensitive")
|
sensitive := cty.NewValueMarks(marks.Sensitive)
|
||||||
beforeValMarks, err := pathValueMarksFromTfplan(rawChange.BeforeSensitivePaths, sensitive)
|
beforeValMarks, err := pathValueMarksFromTfplan(rawChange.BeforeSensitivePaths, sensitive)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to decode before sensitive paths: %s", err)
|
return nil, fmt.Errorf("failed to decode before sensitive paths: %s", err)
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -78,7 +79,7 @@ func TestTFPlanRoundTrip(t *testing.T) {
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("boop").IndexInt(1),
|
Path: cty.GetAttrPath("boop").IndexInt(1),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -16,11 +17,11 @@ func FormatValue(v cty.Value, indent int) string {
|
||||||
if !v.IsKnown() {
|
if !v.IsKnown() {
|
||||||
return "(known after apply)"
|
return "(known after apply)"
|
||||||
}
|
}
|
||||||
if v.Type().Equals(cty.String) && v.HasMark("raw") {
|
if v.Type().Equals(cty.String) && v.HasMark(marks.Raw) {
|
||||||
raw, _ := v.Unmark()
|
raw, _ := v.Unmark()
|
||||||
return raw.AsString()
|
return raw.AsString()
|
||||||
}
|
}
|
||||||
if v.HasMark("sensitive") {
|
if v.HasMark(marks.Sensitive) {
|
||||||
return "(sensitive)"
|
return "(sensitive)"
|
||||||
}
|
}
|
||||||
if v.IsNull() {
|
if v.IsNull() {
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -170,7 +171,7 @@ EOT_`,
|
||||||
`toset([])`,
|
`toset([])`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.StringVal("sensitive value").Mark("sensitive"),
|
cty.StringVal("sensitive value").Mark(marks.Sensitive),
|
||||||
"(sensitive)",
|
"(sensitive)",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestState(t *testing.T) {
|
func TestState(t *testing.T) {
|
||||||
|
@ -262,7 +263,7 @@ func TestStateDeepCopy(t *testing.T) {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "woozles"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "woozles"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Private: []byte("private data"),
|
Private: []byte("private data"),
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
ctyjson "github.com/zclconf/go-cty/cty/json"
|
ctyjson "github.com/zclconf/go-cty/cty/json"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
)
|
)
|
||||||
|
@ -164,7 +165,7 @@ func prepareStateV4(sV4 *stateV4) (*File, tfdiags.Diagnostics) {
|
||||||
for _, path := range paths {
|
for _, path := range paths {
|
||||||
pvm = append(pvm, cty.PathValueMarks{
|
pvm = append(pvm, cty.PathValueMarks{
|
||||||
Path: path,
|
Path: path,
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
obj.AttrSensitivePaths = pvm
|
obj.AttrSensitivePaths = pvm
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
|
@ -420,7 +421,7 @@ resource "test_resource" "b" {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("sensitive_attr"),
|
Path: cty.GetAttrPath("sensitive_attr"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Status: states.ObjectReady,
|
Status: states.ObjectReady,
|
||||||
|
|
|
@ -22,6 +22,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
"github.com/hashicorp/terraform/internal/configs/hcl2shim"
|
"github.com/hashicorp/terraform/internal/configs/hcl2shim"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/provisioners"
|
"github.com/hashicorp/terraform/internal/provisioners"
|
||||||
|
@ -11949,7 +11950,7 @@ resource "test_resource" "foo" {
|
||||||
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("value"); !gotPath.Equals(wantPath) {
|
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("value"); !gotPath.Equals(wantPath) {
|
||||||
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
||||||
}
|
}
|
||||||
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks("sensitive"); !gotMarks.Equal(wantMarks) {
|
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks(marks.Sensitive); !gotMarks.Equal(wantMarks) {
|
||||||
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -12013,7 +12014,7 @@ resource "test_resource" "baz" {
|
||||||
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("value"); !gotPath.Equals(wantPath) {
|
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("value"); !gotPath.Equals(wantPath) {
|
||||||
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
||||||
}
|
}
|
||||||
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks("sensitive"); !gotMarks.Equal(wantMarks) {
|
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks(marks.Sensitive); !gotMarks.Equal(wantMarks) {
|
||||||
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -12098,7 +12099,7 @@ resource "test_resource" "foo" {
|
||||||
got := fooState.Current.AttrSensitivePaths[0]
|
got := fooState.Current.AttrSensitivePaths[0]
|
||||||
want := cty.PathValueMarks{
|
want := cty.PathValueMarks{
|
||||||
Path: cty.GetAttrPath("value"),
|
Path: cty.GetAttrPath("value"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
}
|
}
|
||||||
|
|
||||||
if !got.Equal(want) {
|
if !got.Equal(want) {
|
||||||
|
@ -12399,7 +12400,7 @@ func TestContext2Apply_dataSensitive(t *testing.T) {
|
||||||
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("foo"); !gotPath.Equals(wantPath) {
|
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("foo"); !gotPath.Equals(wantPath) {
|
||||||
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
||||||
}
|
}
|
||||||
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks("sensitive"); !gotMarks.Equal(wantMarks) {
|
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks(marks.Sensitive); !gotMarks.Equal(wantMarks) {
|
||||||
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"github.com/davecgh/go-spew/spew"
|
"github.com/davecgh/go-spew/spew"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
|
@ -175,7 +176,7 @@ data "test_data_source" "foo" {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("foo"),
|
Path: cty.GetAttrPath("foo"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1092,7 +1093,7 @@ data "test_data_source" "foo" {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("foo"),
|
Path: cty.GetAttrPath("foo"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1106,7 +1107,7 @@ data "test_data_source" "foo" {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("sensitive"),
|
Path: cty.GetAttrPath("sensitive"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -18,6 +18,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
"github.com/hashicorp/terraform/internal/configs/hcl2shim"
|
"github.com/hashicorp/terraform/internal/configs/hcl2shim"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/provisioners"
|
"github.com/hashicorp/terraform/internal/provisioners"
|
||||||
|
@ -4793,7 +4794,7 @@ func TestContext2Plan_ignoreChangesSensitive(t *testing.T) {
|
||||||
|
|
||||||
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
||||||
"id": cty.StringVal("bar"),
|
"id": cty.StringVal("bar"),
|
||||||
"ami": cty.StringVal("ami-abcd1234").Mark("sensitive"),
|
"ami": cty.StringVal("ami-abcd1234").Mark(marks.Sensitive),
|
||||||
"type": cty.StringVal("aws_instance"),
|
"type": cty.StringVal("aws_instance"),
|
||||||
}), ric.After)
|
}), ric.After)
|
||||||
}
|
}
|
||||||
|
@ -5627,7 +5628,7 @@ func TestContext2Plan_variableSensitivity(t *testing.T) {
|
||||||
switch i := ric.Addr.String(); i {
|
switch i := ric.Addr.String(); i {
|
||||||
case "aws_instance.foo":
|
case "aws_instance.foo":
|
||||||
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
||||||
"foo": cty.StringVal("foo").Mark("sensitive"),
|
"foo": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
}), ric.After)
|
}), ric.After)
|
||||||
if len(res.ChangeSrc.BeforeValMarks) != 0 {
|
if len(res.ChangeSrc.BeforeValMarks) != 0 {
|
||||||
t.Errorf("unexpected BeforeValMarks: %#v", res.ChangeSrc.BeforeValMarks)
|
t.Errorf("unexpected BeforeValMarks: %#v", res.ChangeSrc.BeforeValMarks)
|
||||||
|
@ -5640,7 +5641,7 @@ func TestContext2Plan_variableSensitivity(t *testing.T) {
|
||||||
if got, want := pvm.Path, cty.GetAttrPath("foo"); !got.Equals(want) {
|
if got, want := pvm.Path, cty.GetAttrPath("foo"); !got.Equals(want) {
|
||||||
t.Errorf("unexpected path for mark\n got: %#v\nwant: %#v", got, want)
|
t.Errorf("unexpected path for mark\n got: %#v\nwant: %#v", got, want)
|
||||||
}
|
}
|
||||||
if got, want := pvm.Marks, cty.NewValueMarks("sensitive"); !got.Equal(want) {
|
if got, want := pvm.Marks, cty.NewValueMarks(marks.Sensitive); !got.Equal(want) {
|
||||||
t.Errorf("unexpected value for mark\n got: %#v\nwant: %#v", got, want)
|
t.Errorf("unexpected value for mark\n got: %#v\nwant: %#v", got, want)
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
|
@ -5694,8 +5695,8 @@ func TestContext2Plan_variableSensitivityModule(t *testing.T) {
|
||||||
switch i := ric.Addr.String(); i {
|
switch i := ric.Addr.String(); i {
|
||||||
case "module.child.aws_instance.foo":
|
case "module.child.aws_instance.foo":
|
||||||
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
||||||
"foo": cty.StringVal("foo").Mark("sensitive"),
|
"foo": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
"value": cty.StringVal("boop").Mark("sensitive"),
|
"value": cty.StringVal("boop").Mark(marks.Sensitive),
|
||||||
}), ric.After)
|
}), ric.After)
|
||||||
if len(res.ChangeSrc.BeforeValMarks) != 0 {
|
if len(res.ChangeSrc.BeforeValMarks) != 0 {
|
||||||
t.Errorf("unexpected BeforeValMarks: %#v", res.ChangeSrc.BeforeValMarks)
|
t.Errorf("unexpected BeforeValMarks: %#v", res.ChangeSrc.BeforeValMarks)
|
||||||
|
@ -5708,7 +5709,7 @@ func TestContext2Plan_variableSensitivityModule(t *testing.T) {
|
||||||
contains := func(pvmSlice []cty.PathValueMarks, stepName string) bool {
|
contains := func(pvmSlice []cty.PathValueMarks, stepName string) bool {
|
||||||
for _, pvm := range pvmSlice {
|
for _, pvm := range pvmSlice {
|
||||||
if pvm.Path.Equals(cty.GetAttrPath(stepName)) {
|
if pvm.Path.Equals(cty.GetAttrPath(stepName)) {
|
||||||
if pvm.Marks.Equal(cty.NewValueMarks("sensitive")) {
|
if pvm.Marks.Equal(cty.NewValueMarks(marks.Sensitive)) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -6753,8 +6754,8 @@ resource "test_resource" "foo" {
|
||||||
Status: states.ObjectReady,
|
Status: states.ObjectReady,
|
||||||
AttrsJSON: []byte(`{"id":"foo", "value":"hello", "sensitive_value":"hello"}`),
|
AttrsJSON: []byte(`{"id":"foo", "value":"hello", "sensitive_value":"hello"}`),
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{Path: cty.Path{cty.GetAttrStep{Name: "value"}}, Marks: cty.NewValueMarks("sensitive")},
|
{Path: cty.Path{cty.GetAttrStep{Name: "value"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
{Path: cty.Path{cty.GetAttrStep{Name: "sensitive_value"}}, Marks: cty.NewValueMarks("sensitive")},
|
{Path: cty.Path{cty.GetAttrStep{Name: "sensitive_value"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
addrs.AbsProviderConfig{
|
addrs.AbsProviderConfig{
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"github.com/davecgh/go-spew/spew"
|
"github.com/davecgh/go-spew/spew"
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hcltest"
|
"github.com/hashicorp/hcl/v2/hcltest"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -20,7 +21,7 @@ func TestEvaluateCountExpression(t *testing.T) {
|
||||||
0,
|
0,
|
||||||
},
|
},
|
||||||
"expression with marked value": {
|
"expression with marked value": {
|
||||||
hcltest.MockExprLiteral(cty.NumberIntVal(8).Mark("sensitive")),
|
hcltest.MockExprLiteral(cty.NumberIntVal(8).Mark(marks.Sensitive)),
|
||||||
8,
|
8,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
|
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/terraform/internal/lang"
|
"github.com/hashicorp/terraform/internal/lang"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -61,7 +62,7 @@ func evaluateForEachExpressionValue(expr hcl.Expression, ctx EvalContext, allowU
|
||||||
|
|
||||||
// If a whole map is marked, or a set contains marked values (which means the set is then marked)
|
// If a whole map is marked, or a set contains marked values (which means the set is then marked)
|
||||||
// give an error diagnostic as this value cannot be used in for_each
|
// give an error diagnostic as this value cannot be used in for_each
|
||||||
if forEachVal.IsMarked() {
|
if forEachVal.HasMark(marks.Sensitive) {
|
||||||
diags = diags.Append(&hcl.Diagnostic{
|
diags = diags.Append(&hcl.Diagnostic{
|
||||||
Severity: hcl.DiagError,
|
Severity: hcl.DiagError,
|
||||||
Summary: "Invalid for_each argument",
|
Summary: "Invalid for_each argument",
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/davecgh/go-spew/spew"
|
"github.com/davecgh/go-spew/spew"
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hcltest"
|
"github.com/hashicorp/hcl/v2/hcltest"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -54,11 +55,11 @@ func TestEvaluateForEachExpression_valid(t *testing.T) {
|
||||||
},
|
},
|
||||||
"map containing sensitive values, but strings are literal": {
|
"map containing sensitive values, but strings are literal": {
|
||||||
hcltest.MockExprLiteral(cty.MapVal(map[string]cty.Value{
|
hcltest.MockExprLiteral(cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.BoolVal(true).Mark("sensitive"),
|
"a": cty.BoolVal(true).Mark(marks.Sensitive),
|
||||||
"b": cty.BoolVal(false),
|
"b": cty.BoolVal(false),
|
||||||
})),
|
})),
|
||||||
map[string]cty.Value{
|
map[string]cty.Value{
|
||||||
"a": cty.BoolVal(true).Mark("sensitive"),
|
"a": cty.BoolVal(true).Mark(marks.Sensitive),
|
||||||
"b": cty.BoolVal(false),
|
"b": cty.BoolVal(false),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -124,7 +125,7 @@ func TestEvaluateForEachExpression_errors(t *testing.T) {
|
||||||
hcltest.MockExprLiteral(cty.MapVal(map[string]cty.Value{
|
hcltest.MockExprLiteral(cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.BoolVal(true),
|
"a": cty.BoolVal(true),
|
||||||
"b": cty.BoolVal(false),
|
"b": cty.BoolVal(false),
|
||||||
}).Mark("sensitive")),
|
}).Mark(marks.Sensitive)),
|
||||||
"Invalid for_each argument",
|
"Invalid for_each argument",
|
||||||
"Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
"Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
||||||
},
|
},
|
||||||
|
@ -149,7 +150,7 @@ func TestEvaluateForEachExpression_errors(t *testing.T) {
|
||||||
"depends on resource attributes that cannot be determined until apply",
|
"depends on resource attributes that cannot be determined until apply",
|
||||||
},
|
},
|
||||||
"set containing marked values": {
|
"set containing marked values": {
|
||||||
hcltest.MockExprLiteral(cty.SetVal([]cty.Value{cty.StringVal("beep").Mark("sensitive"), cty.StringVal("boop")})),
|
hcltest.MockExprLiteral(cty.SetVal([]cty.Value{cty.StringVal("beep").Mark(marks.Sensitive), cty.StringVal("boop")})),
|
||||||
"Invalid for_each argument",
|
"Invalid for_each argument",
|
||||||
"Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
"Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
||||||
},
|
},
|
||||||
|
|
|
@ -17,6 +17,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
"github.com/hashicorp/terraform/internal/instances"
|
"github.com/hashicorp/terraform/internal/instances"
|
||||||
"github.com/hashicorp/terraform/internal/lang"
|
"github.com/hashicorp/terraform/internal/lang"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
|
@ -261,7 +262,7 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd
|
||||||
if d.Operation == walkValidate {
|
if d.Operation == walkValidate {
|
||||||
// Ensure variable sensitivity is captured in the validate walk
|
// Ensure variable sensitivity is captured in the validate walk
|
||||||
if config.Sensitive {
|
if config.Sensitive {
|
||||||
return cty.UnknownVal(wantType).Mark("sensitive"), diags
|
return cty.UnknownVal(wantType).Mark(marks.Sensitive), diags
|
||||||
}
|
}
|
||||||
return cty.UnknownVal(wantType), diags
|
return cty.UnknownVal(wantType), diags
|
||||||
}
|
}
|
||||||
|
@ -296,9 +297,9 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd
|
||||||
val = cty.UnknownVal(wantType)
|
val = cty.UnknownVal(wantType)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Mark if sensitive, and avoid double-marking if this has already been marked
|
// Mark if sensitive
|
||||||
if config.Sensitive && !val.HasMark("sensitive") {
|
if config.Sensitive {
|
||||||
val = val.Mark("sensitive")
|
val = val.Mark(marks.Sensitive)
|
||||||
}
|
}
|
||||||
|
|
||||||
return val, diags
|
return val, diags
|
||||||
|
@ -432,8 +433,8 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc
|
||||||
|
|
||||||
instance[cfg.Name] = outputState
|
instance[cfg.Name] = outputState
|
||||||
|
|
||||||
if cfg.Sensitive && !outputState.HasMark("sensitive") {
|
if cfg.Sensitive {
|
||||||
instance[cfg.Name] = outputState.Mark("sensitive")
|
instance[cfg.Name] = outputState.Mark(marks.Sensitive)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -461,8 +462,8 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc
|
||||||
|
|
||||||
instance[cfg.Name] = change.After
|
instance[cfg.Name] = change.After
|
||||||
|
|
||||||
if change.Sensitive && !change.After.HasMark("sensitive") {
|
if change.Sensitive {
|
||||||
instance[cfg.Name] = change.After.Mark("sensitive")
|
instance[cfg.Name] = change.After.Mark(marks.Sensitive)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
|
@ -110,7 +111,7 @@ func TestEvaluatorGetInputVariable(t *testing.T) {
|
||||||
VariableValues: map[string]map[string]cty.Value{
|
VariableValues: map[string]map[string]cty.Value{
|
||||||
"": {
|
"": {
|
||||||
"some_var": cty.StringVal("bar"),
|
"some_var": cty.StringVal("bar"),
|
||||||
"some_other_var": cty.StringVal("boop").Mark("sensitive"),
|
"some_other_var": cty.StringVal("boop").Mark(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
VariableValuesLock: &sync.Mutex{},
|
VariableValuesLock: &sync.Mutex{},
|
||||||
|
@ -121,7 +122,7 @@ func TestEvaluatorGetInputVariable(t *testing.T) {
|
||||||
}
|
}
|
||||||
scope := evaluator.Scope(data, nil)
|
scope := evaluator.Scope(data, nil)
|
||||||
|
|
||||||
want := cty.StringVal("bar").Mark("sensitive")
|
want := cty.StringVal("bar").Mark(marks.Sensitive)
|
||||||
got, diags := scope.Data.GetInputVariable(addrs.InputVariable{
|
got, diags := scope.Data.GetInputVariable(addrs.InputVariable{
|
||||||
Name: "some_var",
|
Name: "some_var",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
@ -133,7 +134,7 @@ func TestEvaluatorGetInputVariable(t *testing.T) {
|
||||||
t.Errorf("wrong result %#v; want %#v", got, want)
|
t.Errorf("wrong result %#v; want %#v", got, want)
|
||||||
}
|
}
|
||||||
|
|
||||||
want = cty.StringVal("boop").Mark("sensitive")
|
want = cty.StringVal("boop").Mark(marks.Sensitive)
|
||||||
got, diags = scope.Data.GetInputVariable(addrs.InputVariable{
|
got, diags = scope.Data.GetInputVariable(addrs.InputVariable{
|
||||||
Name: "some_other_var",
|
Name: "some_other_var",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
@ -276,30 +277,30 @@ func TestEvaluatorGetResource(t *testing.T) {
|
||||||
"id": cty.StringVal("foo"),
|
"id": cty.StringVal("foo"),
|
||||||
"nesting_list": cty.ListVal([]cty.Value{
|
"nesting_list": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive_value": cty.StringVal("abc").Mark("sensitive"),
|
"sensitive_value": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
"value": cty.NullVal(cty.String),
|
"value": cty.NullVal(cty.String),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
"nesting_map": cty.MapVal(map[string]cty.Value{
|
"nesting_map": cty.MapVal(map[string]cty.Value{
|
||||||
"foo": cty.ObjectVal(map[string]cty.Value{"foo": cty.StringVal("x").Mark("sensitive")}),
|
"foo": cty.ObjectVal(map[string]cty.Value{"foo": cty.StringVal("x").Mark(marks.Sensitive)}),
|
||||||
}),
|
}),
|
||||||
"nesting_nesting": cty.ObjectVal(map[string]cty.Value{
|
"nesting_nesting": cty.ObjectVal(map[string]cty.Value{
|
||||||
"nesting_list": cty.ListVal([]cty.Value{
|
"nesting_list": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive_value": cty.StringVal("abc").Mark("sensitive"),
|
"sensitive_value": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
"value": cty.NullVal(cty.String),
|
"value": cty.NullVal(cty.String),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
"nesting_set": cty.SetVal([]cty.Value{
|
"nesting_set": cty.SetVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"baz": cty.StringVal("abc").Mark("sensitive"),
|
"baz": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
"nesting_single": cty.ObjectVal(map[string]cty.Value{
|
"nesting_single": cty.ObjectVal(map[string]cty.Value{
|
||||||
"boop": cty.StringVal("abc").Mark("sensitive"),
|
"boop": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
"value": cty.StringVal("hello").Mark("sensitive"),
|
"value": cty.StringVal("hello").Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
|
|
||||||
addr := addrs.Resource{
|
addr := addrs.Resource{
|
||||||
|
@ -354,7 +355,7 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
|
||||||
// Provide an After value that contains a marked value
|
// Provide an After value that contains a marked value
|
||||||
After: cty.ObjectVal(map[string]cty.Value{
|
After: cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.StringVal("foo"),
|
"id": cty.StringVal("foo"),
|
||||||
"to_mark_val": cty.StringVal("pizza").Mark("sensitive"),
|
"to_mark_val": cty.StringVal("pizza").Mark(marks.Sensitive),
|
||||||
"sensitive_value": cty.StringVal("abc"),
|
"sensitive_value": cty.StringVal("abc"),
|
||||||
"sensitive_collection": cty.MapVal(map[string]cty.Value{
|
"sensitive_collection": cty.MapVal(map[string]cty.Value{
|
||||||
"boop": cty.StringVal("beep"),
|
"boop": cty.StringVal("beep"),
|
||||||
|
@ -439,11 +440,11 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
|
||||||
|
|
||||||
want := cty.ObjectVal(map[string]cty.Value{
|
want := cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.StringVal("foo"),
|
"id": cty.StringVal("foo"),
|
||||||
"to_mark_val": cty.StringVal("pizza").Mark("sensitive"),
|
"to_mark_val": cty.StringVal("pizza").Mark(marks.Sensitive),
|
||||||
"sensitive_value": cty.StringVal("abc").Mark("sensitive"),
|
"sensitive_value": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
"sensitive_collection": cty.MapVal(map[string]cty.Value{
|
"sensitive_collection": cty.MapVal(map[string]cty.Value{
|
||||||
"boop": cty.StringVal("beep"),
|
"boop": cty.StringVal("beep"),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
|
|
||||||
got, diags := scope.Data.GetResource(addr, tfdiags.SourceRange{})
|
got, diags := scope.Data.GetResource(addr, tfdiags.SourceRange{})
|
||||||
|
@ -471,7 +472,7 @@ func TestEvaluatorGetModule(t *testing.T) {
|
||||||
Evaluator: evaluator,
|
Evaluator: evaluator,
|
||||||
}
|
}
|
||||||
scope := evaluator.Scope(data, nil)
|
scope := evaluator.Scope(data, nil)
|
||||||
want := cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("bar").Mark("sensitive")})
|
want := cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("bar").Mark(marks.Sensitive)})
|
||||||
got, diags := scope.Data.GetModule(addrs.ModuleCall{
|
got, diags := scope.Data.GetModule(addrs.ModuleCall{
|
||||||
Name: "mod",
|
Name: "mod",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
@ -499,7 +500,7 @@ func TestEvaluatorGetModule(t *testing.T) {
|
||||||
Evaluator: evaluator,
|
Evaluator: evaluator,
|
||||||
}
|
}
|
||||||
scope = evaluator.Scope(data, nil)
|
scope = evaluator.Scope(data, nil)
|
||||||
want = cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("baz").Mark("sensitive")})
|
want = cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("baz").Mark(marks.Sensitive)})
|
||||||
got, diags = scope.Data.GetModule(addrs.ModuleCall{
|
got, diags = scope.Data.GetModule(addrs.ModuleCall{
|
||||||
Name: "mod",
|
Name: "mod",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
@ -517,7 +518,7 @@ func TestEvaluatorGetModule(t *testing.T) {
|
||||||
Evaluator: evaluator,
|
Evaluator: evaluator,
|
||||||
}
|
}
|
||||||
scope = evaluator.Scope(data, nil)
|
scope = evaluator.Scope(data, nil)
|
||||||
want = cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("baz").Mark("sensitive")})
|
want = cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("baz").Mark(marks.Sensitive)})
|
||||||
got, diags = scope.Data.GetModule(addrs.ModuleCall{
|
got, diags = scope.Data.GetModule(addrs.ModuleCall{
|
||||||
Name: "mod",
|
Name: "mod",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -14,32 +15,32 @@ func TestMarksEqual(t *testing.T) {
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "A"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "A"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
false,
|
false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "c"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "c"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "c"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "c"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
|
@ -47,31 +48,31 @@ func TestMarksEqual(t *testing.T) {
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{
|
cty.PathValueMarks{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "b"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "b"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
cty.PathValueMarks{
|
cty.PathValueMarks{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "c"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "c"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{
|
cty.PathValueMarks{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "c"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "c"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
cty.PathValueMarks{
|
cty.PathValueMarks{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "b"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "b"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
false,
|
false,
|
||||||
},
|
},
|
||||||
|
@ -82,7 +83,7 @@ func TestMarksEqual(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
nil,
|
nil,
|
||||||
false,
|
false,
|
||||||
|
@ -90,7 +91,7 @@ func TestMarksEqual(t *testing.T) {
|
||||||
{
|
{
|
||||||
nil,
|
nil,
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
false,
|
false,
|
||||||
},
|
},
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/dag"
|
"github.com/hashicorp/terraform/internal/dag"
|
||||||
"github.com/hashicorp/terraform/internal/lang"
|
"github.com/hashicorp/terraform/internal/lang"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
|
@ -281,10 +282,8 @@ func (n *NodeApplyableOutput) Execute(ctx EvalContext, op walkOperation) (diags
|
||||||
// statically declared as sensitive in order to dynamically return
|
// statically declared as sensitive in order to dynamically return
|
||||||
// a sensitive result, to help avoid accidental exposure in the state
|
// a sensitive result, to help avoid accidental exposure in the state
|
||||||
// of a sensitive value that the user doesn't want to include there.
|
// of a sensitive value that the user doesn't want to include there.
|
||||||
_, marks := val.UnmarkDeep()
|
|
||||||
_, hasSensitive := marks["sensitive"]
|
|
||||||
if n.Addr.Module.IsRoot() {
|
if n.Addr.Module.IsRoot() {
|
||||||
if !n.Config.Sensitive && hasSensitive {
|
if !n.Config.Sensitive && marks.Contains(val, marks.Sensitive) {
|
||||||
diags = diags.Append(&hcl.Diagnostic{
|
diags = diags.Append(&hcl.Diagnostic{
|
||||||
Severity: hcl.DiagError,
|
Severity: hcl.DiagError,
|
||||||
Summary: "Output refers to sensitive values",
|
Summary: "Output refers to sensitive values",
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
@ -98,7 +99,7 @@ func TestNodeApplyableOutputExecute_sensitiveValueNotOutput(t *testing.T) {
|
||||||
addr := addrs.OutputValue{Name: config.Name}.Absolute(addrs.RootModuleInstance)
|
addr := addrs.OutputValue{Name: config.Name}.Absolute(addrs.RootModuleInstance)
|
||||||
node := &NodeApplyableOutput{Config: config, Addr: addr}
|
node := &NodeApplyableOutput{Config: config, Addr: addr}
|
||||||
val := cty.MapVal(map[string]cty.Value{
|
val := cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.StringVal("b").Mark("sensitive"),
|
"a": cty.StringVal("b").Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
ctx.EvaluateExprResult = val
|
ctx.EvaluateExprResult = val
|
||||||
|
|
||||||
|
@ -122,7 +123,7 @@ func TestNodeApplyableOutputExecute_sensitiveValueAndOutput(t *testing.T) {
|
||||||
addr := addrs.OutputValue{Name: config.Name}.Absolute(addrs.RootModuleInstance)
|
addr := addrs.OutputValue{Name: config.Name}.Absolute(addrs.RootModuleInstance)
|
||||||
node := &NodeApplyableOutput{Config: config, Addr: addr}
|
node := &NodeApplyableOutput{Config: config, Addr: addr}
|
||||||
val := cty.MapVal(map[string]cty.Value{
|
val := cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.StringVal("b").Mark("sensitive"),
|
"a": cty.StringVal("b").Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
ctx.EvaluateExprResult = val
|
ctx.EvaluateExprResult = val
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
@ -150,7 +151,7 @@ func TestNodeApplyableProviderExecute_sensitive(t *testing.T) {
|
||||||
config := &configs.Provider{
|
config := &configs.Provider{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Config: configs.SynthBody("", map[string]cty.Value{
|
Config: configs.SynthBody("", map[string]cty.Value{
|
||||||
"test_string": cty.StringVal("hello").Mark("sensitive"),
|
"test_string": cty.StringVal("hello").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
provider := mockProviderWithConfigSchema(simpleTestSchema())
|
provider := mockProviderWithConfigSchema(simpleTestSchema())
|
||||||
|
@ -187,7 +188,7 @@ func TestNodeApplyableProviderExecute_sensitiveValidate(t *testing.T) {
|
||||||
config := &configs.Provider{
|
config := &configs.Provider{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Config: configs.SynthBody("", map[string]cty.Value{
|
Config: configs.SynthBody("", map[string]cty.Value{
|
||||||
"test_string": cty.StringVal("hello").Mark("sensitive"),
|
"test_string": cty.StringVal("hello").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
provider := mockProviderWithConfigSchema(simpleTestSchema())
|
provider := mockProviderWithConfigSchema(simpleTestSchema())
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/provisioners"
|
"github.com/hashicorp/terraform/internal/provisioners"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
|
@ -176,7 +177,7 @@ func TestNodeValidatableResource_ValidateResource_managedResource(t *testing.T)
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Config: configs.SynthBody("", map[string]cty.Value{
|
Config: configs.SynthBody("", map[string]cty.Value{
|
||||||
"test_string": cty.StringVal("bar"),
|
"test_string": cty.StringVal("bar"),
|
||||||
"test_number": cty.NumberIntVal(2).Mark("sensitive"),
|
"test_number": cty.NumberIntVal(2).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
node := NodeValidatableResource{
|
node := NodeValidatableResource{
|
||||||
|
@ -289,7 +290,7 @@ func TestNodeValidatableResource_ValidateResource_dataSource(t *testing.T) {
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Config: configs.SynthBody("", map[string]cty.Value{
|
Config: configs.SynthBody("", map[string]cty.Value{
|
||||||
"test_string": cty.StringVal("bar"),
|
"test_string": cty.StringVal("bar"),
|
||||||
"test_number": cty.NumberIntVal(2).Mark("sensitive"),
|
"test_number": cty.NumberIntVal(2).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
package terraform
|
package terraform
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
@ -163,5 +162,4 @@ func TestGraphNodeImportStateSubExecuteNull(t *testing.T) {
|
||||||
if !diags.HasErrors() {
|
if !diags.HasErrors() {
|
||||||
t.Fatal("expected error for non-existent resource")
|
t.Fatal("expected error for non-existent resource")
|
||||||
}
|
}
|
||||||
fmt.Println(diags.ErrWithWarnings())
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue