Disallow sensitive values as for_each arguments
This commit is contained in:
parent
61c78fd3b9
commit
b03d5df9dc
|
@ -48,6 +48,14 @@ func evaluateForEachExpressionValue(expr hcl.Expression, ctx EvalContext) (cty.V
|
|||
|
||||
forEachVal, forEachDiags := ctx.EvaluateExpr(expr, cty.DynamicPseudoType, nil)
|
||||
diags = diags.Append(forEachDiags)
|
||||
if forEachVal.ContainsMarked() {
|
||||
diags = diags.Append(&hcl.Diagnostic{
|
||||
Severity: hcl.DiagError,
|
||||
Summary: "Invalid for_each argument",
|
||||
Detail: "Sensitive variable, or values derived from sensitive variables, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
||||
Subject: expr.Range().Ptr(),
|
||||
})
|
||||
}
|
||||
if diags.HasErrors() {
|
||||
return nullMap, diags
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue