Merge pull request #28245 from hashicorp/alisdair/fix-sensitive-value-sensitive-attribute-conflict

core: Fix sensitive value/attribute conflict
2021-03-31 09:29:53 -04:00 · 2021-03-31 09:29:53 -04:00 · d37c3c597a
parent 7ab4f1fb7d c54c18680e
commit d37c3c597a
2 changed files with 15 additions and 3 deletions
--- a/terraform/evaluate.go
+++ b/terraform/evaluate.go
@ -758,11 +758,12 @@ func (d *evaluationStateData) GetResource(addr addrs.Resource, rng tfdiags.Sourc
 			}
 			// If our provider schema contains sensitive values, mark those as sensitive
 			afterMarks := change.AfterValMarks
 			if schema.ContainsSensitive() {
-				val = markProviderSensitiveAttributes(schema, val)
+				afterMarks = append(afterMarks, getValMarks(schema, val, nil)...)
 			}
-			instances[key] = val.MarkWithPaths(change.AfterValMarks)
+			instances[key] = val.MarkWithPaths(afterMarks)
 			continue
 		}
--- a/terraform/evaluate_test.go
+++ b/terraform/evaluate_test.go
@ -357,6 +357,9 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
 				"id":              cty.StringVal("foo"),
 				"to_mark_val":     cty.StringVal("pizza").Mark("sensitive"),
 				"sensitive_value": cty.StringVal("abc"),
 				"sensitive_collection": cty.MapVal(map[string]cty.Value{
 					"boop": cty.StringVal("beep"),
 				}),
 			}),
 		},
 	}
@ -382,6 +385,11 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
 								Computed:  true,
 								Sensitive: true,
 							},
 							"sensitive_collection": {
 								Type:      cty.Map(cty.String),
 								Computed:  true,
 								Sensitive: true,
 							},
 						},
 					},
 				},
@ -408,7 +416,7 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
 		Config: &configs.Config{
 			Module: &configs.Module{
 				ManagedResources: map[string]*configs.Resource{
-					"test_resource.foo": &configs.Resource{
+					"test_resource.foo": {
 						Mode: addrs.ManagedResourceMode,
 						Type: "test_resource",
 						Name: "foo",
@ -434,6 +442,9 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
 		"id":              cty.StringVal("foo"),
 		"to_mark_val":     cty.StringVal("pizza").Mark("sensitive"),
 		"sensitive_value": cty.StringVal("abc").Mark("sensitive"),
 		"sensitive_collection": cty.MapVal(map[string]cty.Value{
 			"boop": cty.StringVal("beep"),
 		}).Mark("sensitive"),
 	})
 	got, diags := scope.Data.GetResource(addr, tfdiags.SourceRange{})