terraform/states
Pam Selle 0a02e7040f
Store sensitive attribute paths in state (#26338)
* Add creation test and simplify in-place test

* Add deletion test

* Start adding marking from state

Start storing paths that should be marked
when pulled out of state. Implements deep
copy for attr paths. This commit also includes some
comment noise from investigations, and fixing the diff test

* Fix apply stripping marks

* Expand diff tests

* Basic apply test

* Update comments on equality checks to clarify current understanding

* Add JSON serialization for sensitive paths

We need to serialize a slice of cty.Path values to be used to re-mark
the sensitive values of a resource instance when loading the state file.
Paths consist of a list of steps, each of which may be either getting an
attribute value by name, or indexing into a collection by string or
number.

To serialize these without building a complex parser for a compact
string form, we render a nested array of small objects, like so:

[
  [
    { type: "get_attr", value: "foo" },
    { type: "index", value: { "type": "number", "value": 2 } }
  ]
]

The above example is equivalent to a path `foo[2]`.

* Format diffs with map types

Comparisons need unmarked values to operate on,
so create unmarked values for those operations. Additionally,
change diff to cover map types

* Remove debugging printing

* Fix bug with marking non-sensitive values

When pulling a sensitive value from state,
we were previously using those marks to remark
the planned new value, but that new value
might *not* be sensitive, so let's not do that

* Fix apply test

Apply was not passing the second state
through to the third pass at apply

* Consistency in checking for length of paths vs inspecting into value

* In apply, don't mark with before paths

* AttrPaths test coverage for DeepCopy

* Revert format changes

Reverts format changes in format/diff for this
branch so those changes can be discussed on a separate PR

* Refactor name of AttrPaths to AttrSensitivePaths

* Rename AttributePaths/attributePaths for naming consistency

Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
2020-09-24 12:40:17 -04:00
..
remote Fix bug for force push for backends besides the remote backend 2020-09-10 09:13:57 -04:00
statefile Store sensitive attribute paths in state (#26338) 2020-09-24 12:40:17 -04:00
statemgr remove mod=vendor in statemgr test 2020-09-24 08:44:49 -04:00
doc.go
instance_generation.go
instance_object.go Store sensitive attribute paths in state (#26338) 2020-09-24 12:40:17 -04:00
instance_object_src.go Store sensitive attribute paths in state (#26338) 2020-09-24 12:40:17 -04:00
module.go remove EachMode from resource state 2020-04-30 09:22:14 -04:00
objectstatus_string.go stringer: Regenerate files with latest version 2019-05-13 15:34:27 +01:00
output_value.go add AbsOutputAddrs to state outputs 2020-04-13 16:37:59 -04:00
resource.go remove EachMode from resource state 2020-04-30 09:22:14 -04:00
resource_test.go states: Fix TestResourceInstanceDeposeCurrentObject 2018-10-16 19:14:11 -07:00
state.go Add ModuleOutputs method to states 2020-04-13 17:59:09 -04:00
state_deepcopy.go Store sensitive attribute paths in state (#26338) 2020-09-24 12:40:17 -04:00
state_equal.go
state_string.go remove extra brackets in state string output 2020-04-09 15:36:16 -04:00
state_test.go Store sensitive attribute paths in state (#26338) 2020-09-24 12:40:17 -04:00
sync.go remove EachMode from resource state 2020-04-30 09:22:14 -04:00