14336ae6f8
In order to avoid updating every one of our existing functions with explicit support for sensitive values, there's a default rule in the functions system which makes the result of a function sensitive if any of its arguments contain sensitive values. We were applying that default to the various type conversion functions, like tomap and tolist, which meant that converting a complex-typed value with a sensitive value anywhere inside it would result in a wholly-sensitive result. That's unnecessarily conservative because the cty conversion layer (which these functions are wrapping) already knows how to handle sensitivity in a more precise way. Therefore we can opt in to handling marked values (which Terraform uses for sensitivity) here and the only special thing we need to do is handle errors related to sensitive values differently, so we won't print their values out literally in case of an error (and so that the attempt to print them out literally won't panic trying to extract the marked values). |
||
|---|---|---|
| .. | ||
| blocktoattr | ||
| funcs | ||
| testdata/functions-test | ||
| data.go | ||
| data_test.go | ||
| doc.go | ||
| eval.go | ||
| eval_test.go | ||
| functions.go | ||
| functions_test.go | ||
| references.go | ||
| scope.go | ||