From bc57c20d10f96e2b0bffd187fe06b65a2a402f94 Mon Sep 17 00:00:00 2001
From: Pam Selle <pam@hashicorp.com>
Date: Thu, 8 Oct 2020 11:14:50 -0400
Subject: [PATCH] Remove sensitive_variables experiment

Ahead of the beta, remove the sensitive_variable experiment
and update tests accordingly
---
 command/testdata/variables/main.tf               |  4 ----
 configs/experiments.go                           | 13 +------------
 configs/module_merge_test.go                     |  7 ++-----
 .../invalid-files/variable-bad-sensitive.tf      |  4 ----
 configs/testdata/valid-files/variables.tf        |  8 ++++++++
 .../override-variable-sensitive}/a_override.tf   |  0
 .../override-variable-sensitive}/b_override.tf   |  0
 .../override-variable-sensitive}/primary.tf      |  4 ----
 .../warning-files/variables-sensitive.tf         |  7 -------
 experiments/experiment.go                        |  2 --
 terraform/context_apply_test.go                  | 16 ----------------
 .../plan-variable-sensitivity-module/main.tf     |  4 ----
 .../testdata/plan-variable-sensitivity/main.tf   |  4 ----
 13 files changed, 11 insertions(+), 62 deletions(-)
 rename configs/testdata/{warning-modules/override-variable => valid-modules/override-variable-sensitive}/a_override.tf (100%)
 rename configs/testdata/{warning-modules/override-variable => valid-modules/override-variable-sensitive}/b_override.tf (100%)
 rename configs/testdata/{warning-modules/override-variable => valid-modules/override-variable-sensitive}/primary.tf (84%)
 delete mode 100644 configs/testdata/warning-files/variables-sensitive.tf

diff --git a/command/testdata/variables/main.tf b/command/testdata/variables/main.tf
index 9760efdc5..84a3f9ad9 100644
--- a/command/testdata/variables/main.tf
+++ b/command/testdata/variables/main.tf
@@ -1,7 +1,3 @@
-terraform {
-    experiments = [sensitive_variables]
-}
-
 variable "foo" {
     default = "bar"
 }
diff --git a/configs/experiments.go b/configs/experiments.go
index aacca8e61..8af1e951f 100644
--- a/configs/experiments.go
+++ b/configs/experiments.go
@@ -138,17 +138,6 @@ func checkModuleExperiments(m *Module) hcl.Diagnostics {
 			}
 		}
 	*/
-	if !m.ActiveExperiments.Has(experiments.SensitiveVariables) {
-		for _, v := range m.Variables {
-			if v.Sensitive {
-				diags = diags.Append(&hcl.Diagnostic{
-					Severity: hcl.DiagError,
-					Summary:  "Variable sensitivity is experimental",
-					Detail:   "This feature is currently an opt-in experiment, subject to change in future releases based on feedback.\n\nActivate the feature for this module by adding sensitive_variables to the list of active experiments.",
-					Subject:  v.DeclRange.Ptr(),
-				})
-			}
-		}
-	}
+
 	return diags
 }
diff --git a/configs/module_merge_test.go b/configs/module_merge_test.go
index b9a4e456c..77ed2d87d 100644
--- a/configs/module_merge_test.go
+++ b/configs/module_merge_test.go
@@ -260,12 +260,9 @@ func TestModuleOverrideSensitiveVariable(t *testing.T) {
 		},
 	}
 
-	// TODO: When variable sensitivity is no longer experimental,
-	// move this test folder to "valid-modules" (it currently has a warning)
-	// and activate the diags assertion
-	mod, _ := testModuleFromDir("testdata/warning-modules/override-variable")
+	mod, diags := testModuleFromDir("testdata/valid-modules/override-variable-sensitive")
 
-	// assertNoDiagnostics(t, diags)
+	assertNoDiagnostics(t, diags)
 
 	if mod == nil {
 		t.Fatalf("module is nil")
diff --git a/configs/testdata/invalid-files/variable-bad-sensitive.tf b/configs/testdata/invalid-files/variable-bad-sensitive.tf
index 0a0e25650..11156b307 100644
--- a/configs/testdata/invalid-files/variable-bad-sensitive.tf
+++ b/configs/testdata/invalid-files/variable-bad-sensitive.tf
@@ -1,7 +1,3 @@
-terraform {
-  experiments = [sensitive_variables]
-}
-
 variable "sensitive-value" {
   sensitive = "123" # must be boolean
 }
diff --git a/configs/testdata/valid-files/variables.tf b/configs/testdata/valid-files/variables.tf
index 817649307..d641966b5 100644
--- a/configs/testdata/valid-files/variables.tf
+++ b/configs/testdata/valid-files/variables.tf
@@ -22,3 +22,11 @@ variable "cheeze_pizza" {
 variable "π" {
   default = 3.14159265359
 }
+
+variable "sensitive_value" {
+  default = {
+    "a" = 1,
+    "b" = 2
+  }
+  sensitive = true
+}
diff --git a/configs/testdata/warning-modules/override-variable/a_override.tf b/configs/testdata/valid-modules/override-variable-sensitive/a_override.tf
similarity index 100%
rename from configs/testdata/warning-modules/override-variable/a_override.tf
rename to configs/testdata/valid-modules/override-variable-sensitive/a_override.tf
diff --git a/configs/testdata/warning-modules/override-variable/b_override.tf b/configs/testdata/valid-modules/override-variable-sensitive/b_override.tf
similarity index 100%
rename from configs/testdata/warning-modules/override-variable/b_override.tf
rename to configs/testdata/valid-modules/override-variable-sensitive/b_override.tf
diff --git a/configs/testdata/warning-modules/override-variable/primary.tf b/configs/testdata/valid-modules/override-variable-sensitive/primary.tf
similarity index 84%
rename from configs/testdata/warning-modules/override-variable/primary.tf
rename to configs/testdata/valid-modules/override-variable-sensitive/primary.tf
index 54c73a386..eb79a6ecc 100644
--- a/configs/testdata/warning-modules/override-variable/primary.tf
+++ b/configs/testdata/valid-modules/override-variable-sensitive/primary.tf
@@ -1,7 +1,3 @@
-terraform {
-  experiments = [sensitive_variables]
-}
-
 variable "false_true" {
   sensitive = false
 }
diff --git a/configs/testdata/warning-files/variables-sensitive.tf b/configs/testdata/warning-files/variables-sensitive.tf
deleted file mode 100644
index 5fedc3986..000000000
--- a/configs/testdata/warning-files/variables-sensitive.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-terraform {
-  experiments = [sensitive_variables] # WARNING: Experimental feature "sensitive_variables" is active
-}
-
-variable "sensitive-value" {
-  sensitive = true
-}
\ No newline at end of file
diff --git a/experiments/experiment.go b/experiments/experiment.go
index f4ca707df..cac7d54fc 100644
--- a/experiments/experiment.go
+++ b/experiments/experiment.go
@@ -14,14 +14,12 @@ type Experiment string
 // identifier so that it can be specified in configuration.
 const (
 	VariableValidation = Experiment("variable_validation")
-	SensitiveVariables = Experiment("sensitive_variables")
 )
 
 func init() {
 	// Each experiment constant defined above must be registered here as either
 	// a current or a concluded experiment.
 	registerConcludedExperiment(VariableValidation, "Custom variable validation can now be used by default, without enabling an experiment.")
-	registerCurrentExperiment(SensitiveVariables)
 }
 
 // GetCurrent takes an experiment name and returns the experiment value
diff --git a/terraform/context_apply_test.go b/terraform/context_apply_test.go
index 2b96af22d..a6c0cc868 100644
--- a/terraform/context_apply_test.go
+++ b/terraform/context_apply_test.go
@@ -11941,10 +11941,6 @@ resource "test_resource" "c" {
 func TestContext2Apply_variableSensitivity(t *testing.T) {
 	m := testModuleInline(t, map[string]string{
 		"main.tf": `
-terraform {
-	experiments = [sensitive_variables]
-}
-
 variable "sensitive_var" {
 	default = "foo"
 	sensitive = true
@@ -12029,10 +12025,6 @@ resource "test_resource" "foo" {
 func TestContext2Apply_variableSensitivityPropagation(t *testing.T) {
 	m := testModuleInline(t, map[string]string{
 		"main.tf": `
-terraform {
-	experiments = [sensitive_variables]
-}
-
 variable "sensitive_map" {
 	type = map(string)
 	default = {
@@ -12092,10 +12084,6 @@ resource "test_resource" "foo" {
 func TestContext2Apply_variableSensitivityChange(t *testing.T) {
 	m := testModuleInline(t, map[string]string{
 		"main.tf": `
-terraform {
-	experiments = [sensitive_variables]
-}
-
 variable "sensitive_var" {
 	default = "hello"
 	sensitive = true
@@ -12157,10 +12145,6 @@ resource "test_resource" "foo" {
 
 	m2 := testModuleInline(t, map[string]string{
 		"main.tf": `
-terraform {
-	experiments = [sensitive_variables]
-}
-
 variable "sensitive_var" {
 	default = "hello"
 	sensitive = false
diff --git a/terraform/testdata/plan-variable-sensitivity-module/main.tf b/terraform/testdata/plan-variable-sensitivity-module/main.tf
index 4673fb05b..28ac1dfb9 100644
--- a/terraform/testdata/plan-variable-sensitivity-module/main.tf
+++ b/terraform/testdata/plan-variable-sensitivity-module/main.tf
@@ -1,7 +1,3 @@
-terraform {
-  experiments = [sensitive_variables]
-}
-
 variable "sensitive_var" {
   default   = "foo"
   sensitive = true
diff --git a/terraform/testdata/plan-variable-sensitivity/main.tf b/terraform/testdata/plan-variable-sensitivity/main.tf
index e8b02a77c..00a4b1ef9 100644
--- a/terraform/testdata/plan-variable-sensitivity/main.tf
+++ b/terraform/testdata/plan-variable-sensitivity/main.tf
@@ -1,7 +1,3 @@
-terraform {
-    experiments = [sensitive_variables]
-}
-
 variable "sensitive_var" {
     default = "foo"
     sensitive = true