update to use typed sensitive marks
This commit is contained in:
James Bardin
parent
2c493e38c7
commit
d9dfd451ea
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
||||||
viewsjson "github.com/hashicorp/terraform/internal/command/views/json"
|
viewsjson "github.com/hashicorp/terraform/internal/command/views/json"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
)
|
)
|
||||||
|
|
@ -123,7 +124,7 @@ func TestDiagnostic(t *testing.T) {
|
||||||
EvalContext: &hcl.EvalContext{
|
EvalContext: &hcl.EvalContext{
|
||||||
Variables: map[string]cty.Value{
|
Variables: map[string]cty.Value{
|
||||||
"boop": cty.ObjectVal(map[string]cty.Value{
|
"boop": cty.ObjectVal(map[string]cty.Value{
|
||||||
"beep": cty.StringVal("blah").Mark("sensitive"),
|
"beep": cty.StringVal("blah").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -336,7 +337,7 @@ Whatever shall we do?
|
||||||
EvalContext: &hcl.EvalContext{
|
EvalContext: &hcl.EvalContext{
|
||||||
Variables: map[string]cty.Value{
|
Variables: map[string]cty.Value{
|
||||||
"boop": cty.ObjectVal(map[string]cty.Value{
|
"boop": cty.ObjectVal(map[string]cty.Value{
|
||||||
"beep": cty.StringVal("blah").Mark("sensitive"),
|
"beep": cty.StringVal("blah").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/mitchellh/colorstring"
|
"github.com/mitchellh/colorstring"
|
||||||
|
|
@ -3193,28 +3194,28 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(1)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(1)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// Nested blocks/sets will mark the whole set/block as sensitive
|
// Nested blocks/sets will mark the whole set/block as sensitive
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_list"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_list"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
|
@ -3338,35 +3339,35 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(2)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(2)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
|
@ -3485,23 +3486,23 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "tags"}, cty.IndexStep{Key: cty.StringVal("address")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "tags"}, cty.IndexStep{Key: cty.StringVal("address")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_single"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_single"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
|
@ -3598,45 +3599,45 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_map"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_map"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(0)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_map"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_map"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
|
@ -3745,35 +3746,35 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(2)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(2)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
|
@ -3885,27 +3886,27 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(1)}},
|
Path: cty.Path{cty.GetAttrStep{Name: "list_field"}, cty.IndexStep{Key: cty.NumberIntVal(1)}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_key"}, cty.IndexStep{Key: cty.StringVal("dinner")}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "map_whole"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "nested_block_set"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RequiredReplace: cty.NewPathSet(),
|
RequiredReplace: cty.NewPathSet(),
|
||||||
|
|
@ -3974,21 +3975,21 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
|
||||||
BeforeValMarks: []cty.PathValueMarks{
|
BeforeValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("ami"),
|
Path: cty.GetAttrPath("ami"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("nested_block_set"),
|
Path: cty.GetAttrPath("nested_block_set"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("ami"),
|
Path: cty.GetAttrPath("ami"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("nested_block_set"),
|
Path: cty.GetAttrPath("nested_block_set"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Schema: &configschema.Block{
|
Schema: &configschema.Block{
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ import (
|
||||||
ctyjson "github.com/zclconf/go-cty/cty/json"
|
ctyjson "github.com/zclconf/go-cty/cty/json"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/states/statefile"
|
"github.com/hashicorp/terraform/internal/states/statefile"
|
||||||
"github.com/hashicorp/terraform/internal/terraform"
|
"github.com/hashicorp/terraform/internal/terraform"
|
||||||
|
|
@ -404,7 +405,7 @@ func marshalResources(resources map[string]*states.Resource, module addrs.Module
|
||||||
}
|
}
|
||||||
|
|
||||||
func SensitiveAsBool(val cty.Value) cty.Value {
|
func SensitiveAsBool(val cty.Value) cty.Value {
|
||||||
if val.HasMark("sensitive") {
|
if val.HasMark(marks.Sensitive) {
|
||||||
return cty.True
|
return cty.True
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/terraform"
|
"github.com/hashicorp/terraform/internal/terraform"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
@ -122,7 +123,7 @@ func TestMarshalAttributeValues(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
"baz": cty.ListVal([]cty.Value{
|
"baz": cty.ListVal([]cty.Value{
|
||||||
cty.StringVal("goodnight"),
|
cty.StringVal("goodnight"),
|
||||||
cty.StringVal("moon").Mark("sensitive"),
|
cty.StringVal("moon").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
attributeValues{
|
attributeValues{
|
||||||
|
|
@ -660,7 +661,6 @@ func testSchemas() *terraform.Schemas {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSensitiveAsBool(t *testing.T) {
|
func TestSensitiveAsBool(t *testing.T) {
|
||||||
sensitive := "sensitive"
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
Input cty.Value
|
Input cty.Value
|
||||||
Want cty.Value
|
Want cty.Value
|
||||||
|
|
@ -674,16 +674,16 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.False,
|
cty.False,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.StringVal("hello").Mark(sensitive),
|
cty.StringVal("hello").Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.NullVal(cty.String).Mark(sensitive),
|
cty.NullVal(cty.String).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
cty.NullVal(cty.DynamicPseudoType).Mark(sensitive),
|
cty.NullVal(cty.DynamicPseudoType).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -691,7 +691,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.False,
|
cty.False,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.NullVal(cty.Object(map[string]cty.Type{"test": cty.String})).Mark(sensitive),
|
cty.NullVal(cty.Object(map[string]cty.Type{"test": cty.String})).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -699,7 +699,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.False,
|
cty.False,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.DynamicVal.Mark(sensitive),
|
cty.DynamicVal.Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
@ -708,13 +708,13 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.EmptyTupleVal,
|
cty.EmptyTupleVal,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.ListValEmpty(cty.String).Mark(sensitive),
|
cty.ListValEmpty(cty.String).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.ListVal([]cty.Value{
|
cty.ListVal([]cty.Value{
|
||||||
cty.StringVal("hello"),
|
cty.StringVal("hello"),
|
||||||
cty.StringVal("friend").Mark(sensitive),
|
cty.StringVal("friend").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.TupleVal([]cty.Value{
|
cty.TupleVal([]cty.Value{
|
||||||
cty.False,
|
cty.False,
|
||||||
|
|
@ -726,7 +726,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.EmptyTupleVal,
|
cty.EmptyTupleVal,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.SetValEmpty(cty.String).Mark(sensitive),
|
cty.SetValEmpty(cty.String).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -734,17 +734,17 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.TupleVal([]cty.Value{cty.False}),
|
cty.TupleVal([]cty.Value{cty.False}),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.SetVal([]cty.Value{cty.StringVal("hello").Mark(sensitive)}),
|
cty.SetVal([]cty.Value{cty.StringVal("hello").Mark(marks.Sensitive)}),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.EmptyTupleVal.Mark(sensitive),
|
cty.EmptyTupleVal.Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.TupleVal([]cty.Value{
|
cty.TupleVal([]cty.Value{
|
||||||
cty.StringVal("hello"),
|
cty.StringVal("hello"),
|
||||||
cty.StringVal("friend").Mark(sensitive),
|
cty.StringVal("friend").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.TupleVal([]cty.Value{
|
cty.TupleVal([]cty.Value{
|
||||||
cty.False,
|
cty.False,
|
||||||
|
|
@ -756,7 +756,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.EmptyObjectVal,
|
cty.EmptyObjectVal,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.MapValEmpty(cty.String).Mark(sensitive),
|
cty.MapValEmpty(cty.String).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -769,7 +769,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
{
|
{
|
||||||
cty.MapVal(map[string]cty.Value{
|
cty.MapVal(map[string]cty.Value{
|
||||||
"greeting": cty.StringVal("hello"),
|
"greeting": cty.StringVal("hello"),
|
||||||
"animal": cty.StringVal("horse").Mark(sensitive),
|
"animal": cty.StringVal("horse").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"animal": cty.True,
|
"animal": cty.True,
|
||||||
|
|
@ -778,8 +778,8 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
{
|
{
|
||||||
cty.MapVal(map[string]cty.Value{
|
cty.MapVal(map[string]cty.Value{
|
||||||
"greeting": cty.StringVal("hello"),
|
"greeting": cty.StringVal("hello"),
|
||||||
"animal": cty.StringVal("horse").Mark(sensitive),
|
"animal": cty.StringVal("horse").Mark(marks.Sensitive),
|
||||||
}).Mark(sensitive),
|
}).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -796,7 +796,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
{
|
{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"greeting": cty.StringVal("hello"),
|
"greeting": cty.StringVal("hello"),
|
||||||
"animal": cty.StringVal("horse").Mark(sensitive),
|
"animal": cty.StringVal("horse").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"animal": cty.True,
|
"animal": cty.True,
|
||||||
|
|
@ -805,8 +805,8 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
{
|
{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"greeting": cty.StringVal("hello"),
|
"greeting": cty.StringVal("hello"),
|
||||||
"animal": cty.StringVal("horse").Mark(sensitive),
|
"animal": cty.StringVal("horse").Mark(marks.Sensitive),
|
||||||
}).Mark(sensitive),
|
}).Mark(marks.Sensitive),
|
||||||
cty.True,
|
cty.True,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -815,7 +815,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
"a": cty.UnknownVal(cty.String),
|
"a": cty.UnknownVal(cty.String),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"a": cty.StringVal("known").Mark(sensitive),
|
"a": cty.StringVal("known").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
cty.TupleVal([]cty.Value{
|
cty.TupleVal([]cty.Value{
|
||||||
|
|
@ -829,7 +829,7 @@ func TestSensitiveAsBool(t *testing.T) {
|
||||||
cty.ListVal([]cty.Value{
|
cty.ListVal([]cty.Value{
|
||||||
cty.MapValEmpty(cty.String),
|
cty.MapValEmpty(cty.String),
|
||||||
cty.MapVal(map[string]cty.Value{
|
cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.StringVal("known").Mark(sensitive),
|
"a": cty.StringVal("known").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.MapVal(map[string]cty.Value{
|
cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.UnknownVal(cty.String),
|
"a": cty.UnknownVal(cty.String),
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/terminal"
|
"github.com/hashicorp/terraform/internal/terminal"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
@ -412,7 +413,7 @@ root_block_device {
|
||||||
val := cty.ObjectVal(map[string]cty.Value{
|
val := cty.ObjectVal(map[string]cty.Value{
|
||||||
"root_block_device": cty.ListVal([]cty.Value{
|
"root_block_device": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("foo").Mark("sensitive"),
|
"volume_type": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
|
|
@ -500,7 +501,7 @@ root_block_device {
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingSet)
|
schema := addTestSchema(configschema.NestingSet)
|
||||||
var buf strings.Builder
|
var buf strings.Builder
|
||||||
|
|
@ -549,7 +550,7 @@ root_block_device "2" {
|
||||||
val := cty.ObjectVal(map[string]cty.Value{
|
val := cty.ObjectVal(map[string]cty.Value{
|
||||||
"root_block_device": cty.MapVal(map[string]cty.Value{
|
"root_block_device": cty.MapVal(map[string]cty.Value{
|
||||||
"1": cty.ObjectVal(map[string]cty.Value{
|
"1": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("foo").Mark("sensitive"),
|
"volume_type": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
"2": cty.ObjectVal(map[string]cty.Value{
|
"2": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
|
|
@ -583,7 +584,7 @@ root_block_device "2" {
|
||||||
"2": cty.ObjectVal(map[string]cty.Value{
|
"2": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingMap)
|
schema := addTestSchema(configschema.NestingMap)
|
||||||
var buf strings.Builder
|
var buf strings.Builder
|
||||||
|
|
@ -606,7 +607,7 @@ root_block_device "2" {
|
||||||
}),
|
}),
|
||||||
"2": cty.ObjectVal(map[string]cty.Value{
|
"2": cty.ObjectVal(map[string]cty.Value{
|
||||||
"volume_type": cty.StringVal("bar"),
|
"volume_type": cty.StringVal("bar"),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingMap)
|
schema := addTestSchema(configschema.NestingMap)
|
||||||
|
|
@ -825,7 +826,7 @@ func TestAdd_WriteConfigNestedTypeAttributeFromExisting(t *testing.T) {
|
||||||
"size": cty.StringVal("250GB"),
|
"size": cty.StringVal("250GB"),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive")
|
}).Mark(marks.Sensitive)
|
||||||
|
|
||||||
schema := addTestSchema(configschema.NestingList)
|
schema := addTestSchema(configschema.NestingList)
|
||||||
var buf strings.Builder
|
var buf strings.Builder
|
||||||
|
|
@ -880,12 +881,12 @@ func TestAdd_WriteConfigNestedTypeAttributeFromExisting(t *testing.T) {
|
||||||
"disks": cty.MapVal(map[string]cty.Value{
|
"disks": cty.MapVal(map[string]cty.Value{
|
||||||
"foo": cty.ObjectVal(map[string]cty.Value{
|
"foo": cty.ObjectVal(map[string]cty.Value{
|
||||||
"mount_point": cty.StringVal("/mnt/foo"),
|
"mount_point": cty.StringVal("/mnt/foo"),
|
||||||
"size": cty.StringVal("50GB").Mark("sensitive"),
|
"size": cty.StringVal("50GB").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
"bar": cty.ObjectVal(map[string]cty.Value{
|
"bar": cty.ObjectVal(map[string]cty.Value{
|
||||||
"mount_point": cty.StringVal("/mnt/bar"),
|
"mount_point": cty.StringVal("/mnt/bar"),
|
||||||
"size": cty.StringVal("250GB"),
|
"size": cty.StringVal("250GB"),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
})
|
})
|
||||||
schema := addTestSchema(configschema.NestingMap)
|
schema := addTestSchema(configschema.NestingMap)
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/command/arguments"
|
"github.com/hashicorp/terraform/internal/command/arguments"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/terminal"
|
"github.com/hashicorp/terraform/internal/terminal"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
@ -228,7 +229,7 @@ func TestApplyJSON_outputs(t *testing.T) {
|
||||||
|
|
||||||
v.Outputs(map[string]*states.OutputValue{
|
v.Outputs(map[string]*states.OutputValue{
|
||||||
"boop_count": {Value: cty.NumberIntVal(92)},
|
"boop_count": {Value: cty.NumberIntVal(92)},
|
||||||
"password": {Value: cty.StringVal("horse-battery").Mark("sensitive"), Sensitive: true},
|
"password": {Value: cty.StringVal("horse-battery").Mark(marks.Sensitive), Sensitive: true},
|
||||||
})
|
})
|
||||||
|
|
||||||
want := []map[string]interface{}{
|
want := []map[string]interface{}{
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@ import (
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hcltest"
|
"github.com/hashicorp/hcl/v2/hcltest"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
@ -360,7 +361,7 @@ func TestNewDiagnostic(t *testing.T) {
|
||||||
Variables: map[string]cty.Value{
|
Variables: map[string]cty.Value{
|
||||||
"var": cty.ObjectVal(map[string]cty.Value{
|
"var": cty.ObjectVal(map[string]cty.Value{
|
||||||
"boop": cty.MapVal(map[string]cty.Value{
|
"boop": cty.MapVal(map[string]cty.Value{
|
||||||
"hello!": cty.StringVal("bleurgh").Mark("sensitive"),
|
"hello!": cty.StringVal("bleurgh").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
|
|
@ -416,7 +417,7 @@ func TestNewDiagnostic(t *testing.T) {
|
||||||
Variables: map[string]cty.Value{
|
Variables: map[string]cty.Value{
|
||||||
"var": cty.ObjectVal(map[string]cty.Value{
|
"var": cty.ObjectVal(map[string]cty.Value{
|
||||||
"boop": cty.MapVal(map[string]cty.Value{
|
"boop": cty.MapVal(map[string]cty.Value{
|
||||||
"hello!": cty.StringVal("bleurgh").Mark("sensitive"),
|
"hello!": cty.StringVal("bleurgh").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
|
|
@ -597,7 +598,7 @@ func TestNewDiagnostic(t *testing.T) {
|
||||||
"a": cty.True,
|
"a": cty.True,
|
||||||
"b": cty.NumberFloatVal(123.45),
|
"b": cty.NumberFloatVal(123.45),
|
||||||
"c": cty.NullVal(cty.String),
|
"c": cty.NullVal(cty.String),
|
||||||
"d": cty.StringVal("secret").Mark("sensitive"),
|
"d": cty.StringVal("secret").Mark(marks.Sensitive),
|
||||||
"e": cty.False,
|
"e": cty.False,
|
||||||
"f": cty.ListValEmpty(cty.String),
|
"f": cty.ListValEmpty(cty.String),
|
||||||
"g": cty.MapVal(map[string]cty.Value{
|
"g": cty.MapVal(map[string]cty.Value{
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/google/go-cmp/cmp"
|
"github.com/google/go-cmp/cmp"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
@ -17,7 +18,7 @@ func TestOutputsFromMap(t *testing.T) {
|
||||||
},
|
},
|
||||||
// Sensitive string output
|
// Sensitive string output
|
||||||
"beep": {
|
"beep": {
|
||||||
Value: cty.StringVal("horse-battery").Mark("sensitive"),
|
Value: cty.StringVal("horse-battery").Mark(marks.Sensitive),
|
||||||
Sensitive: true,
|
Sensitive: true,
|
||||||
},
|
},
|
||||||
// Sensitive object output which is marked at the leaf
|
// Sensitive object output which is marked at the leaf
|
||||||
|
|
@ -25,7 +26,7 @@ func TestOutputsFromMap(t *testing.T) {
|
||||||
Value: cty.ObjectVal(map[string]cty.Value{
|
Value: cty.ObjectVal(map[string]cty.Value{
|
||||||
"a": cty.ObjectVal(map[string]cty.Value{
|
"a": cty.ObjectVal(map[string]cty.Value{
|
||||||
"b": cty.ObjectVal(map[string]cty.Value{
|
"b": cty.ObjectVal(map[string]cty.Value{
|
||||||
"c": cty.StringVal("oh, hi").Mark("sensitive"),
|
"c": cty.StringVal("oh, hi").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/command/arguments"
|
"github.com/hashicorp/terraform/internal/command/arguments"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/terminal"
|
"github.com/hashicorp/terraform/internal/terminal"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
@ -80,7 +81,7 @@ func TestRefreshJSON_outputs(t *testing.T) {
|
||||||
|
|
||||||
v.Outputs(map[string]*states.OutputValue{
|
v.Outputs(map[string]*states.OutputValue{
|
||||||
"boop_count": {Value: cty.NumberIntVal(92)},
|
"boop_count": {Value: cty.NumberIntVal(92)},
|
||||||
"password": {Value: cty.StringVal("horse-battery").Mark("sensitive"), Sensitive: true},
|
"password": {Value: cty.StringVal("horse-battery").Mark(marks.Sensitive), Sensitive: true},
|
||||||
})
|
})
|
||||||
|
|
||||||
want := []map[string]interface{}{
|
want := []map[string]interface{}{
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ package configschema
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -19,7 +20,7 @@ func (b *Block) ValueMarks(val cty.Value, path cty.Path) []cty.PathValueMarks {
|
||||||
attrPath = append(path, cty.GetAttrStep{Name: name})
|
attrPath = append(path, cty.GetAttrStep{Name: name})
|
||||||
pvm = append(pvm, cty.PathValueMarks{
|
pvm = append(pvm, cty.PathValueMarks{
|
||||||
Path: attrPath,
|
Path: attrPath,
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -58,7 +59,7 @@ func TestBlockValueMarks(t *testing.T) {
|
||||||
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
|
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive": cty.UnknownVal(cty.String).Mark("sensitive"),
|
"sensitive": cty.UnknownVal(cty.String).Mark(marks.Sensitive),
|
||||||
"unsensitive": cty.UnknownVal(cty.String),
|
"unsensitive": cty.UnknownVal(cty.String),
|
||||||
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
|
"list": cty.UnknownVal(schema.BlockTypes["list"].ImpliedType()),
|
||||||
}),
|
}),
|
||||||
|
|
@ -79,15 +80,15 @@ func TestBlockValueMarks(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive": cty.NullVal(cty.String).Mark("sensitive"),
|
"sensitive": cty.NullVal(cty.String).Mark(marks.Sensitive),
|
||||||
"unsensitive": cty.UnknownVal(cty.String),
|
"unsensitive": cty.UnknownVal(cty.String),
|
||||||
"list": cty.ListVal([]cty.Value{
|
"list": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive": cty.UnknownVal(cty.String).Mark("sensitive"),
|
"sensitive": cty.UnknownVal(cty.String).Mark(marks.Sensitive),
|
||||||
"unsensitive": cty.UnknownVal(cty.String),
|
"unsensitive": cty.UnknownVal(cty.String),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive": cty.NullVal(cty.String).Mark("sensitive"),
|
"sensitive": cty.NullVal(cty.String).Mark(marks.Sensitive),
|
||||||
"unsensitive": cty.NullVal(cty.String),
|
"unsensitive": cty.NullVal(cty.String),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -38,7 +39,7 @@ func TestSensitive(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// A value already marked is allowed and stays marked
|
// A value already marked is allowed and stays marked
|
||||||
cty.NumberIntVal(1).Mark("sensitive"),
|
cty.NumberIntVal(1).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -52,7 +53,7 @@ func TestSensitive(t *testing.T) {
|
||||||
{
|
{
|
||||||
// A value deep already marked is allowed and stays marked,
|
// A value deep already marked is allowed and stays marked,
|
||||||
// _and_ we'll also mark the outer collection as sensitive.
|
// _and_ we'll also mark the outer collection as sensitive.
|
||||||
cty.ListVal([]cty.Value{cty.NumberIntVal(1).Mark("sensitive")}),
|
cty.ListVal([]cty.Value{cty.NumberIntVal(1).Mark(marks.Sensitive)}),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
@ -73,7 +74,7 @@ func TestSensitive(t *testing.T) {
|
||||||
t.Fatalf("unexpected error: %s", err)
|
t.Fatalf("unexpected error: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !got.HasMark("sensitive") {
|
if !got.HasMark(marks.Sensitive) {
|
||||||
t.Errorf("result is not marked sensitive")
|
t.Errorf("result is not marked sensitive")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -105,24 +106,24 @@ func TestNonsensitive(t *testing.T) {
|
||||||
WantErr string
|
WantErr string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
cty.NumberIntVal(1).Mark("sensitive"),
|
cty.NumberIntVal(1).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.DynamicVal.Mark("sensitive"),
|
cty.DynamicVal.Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.UnknownVal(cty.String).Mark("sensitive"),
|
cty.UnknownVal(cty.String).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.NullVal(cty.EmptyObject).Mark("sensitive"),
|
cty.NullVal(cty.EmptyObject).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// The inner sensitive remains afterwards
|
// The inner sensitive remains afterwards
|
||||||
cty.ListVal([]cty.Value{cty.NumberIntVal(1).Mark("sensitive")}).Mark("sensitive"),
|
cty.ListVal([]cty.Value{cty.NumberIntVal(1).Mark(marks.Sensitive)}).Mark(marks.Sensitive),
|
||||||
``,
|
``,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
@ -166,7 +167,7 @@ func TestNonsensitive(t *testing.T) {
|
||||||
t.Fatalf("unexpected error: %s", err)
|
t.Fatalf("unexpected error: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if got.HasMark("sensitive") {
|
if got.HasMark(marks.Sensitive) {
|
||||||
t.Errorf("result is still marked sensitive")
|
t.Errorf("result is still marked sensitive")
|
||||||
}
|
}
|
||||||
wantRaw, _ := test.Input.Unmark()
|
wantRaw, _ := test.Input.Unmark()
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hclsyntax"
|
"github.com/hashicorp/hcl/v2/hclsyntax"
|
||||||
"github.com/hashicorp/terraform/internal/experiments"
|
"github.com/hashicorp/terraform/internal/experiments"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
homedir "github.com/mitchellh/go-homedir"
|
homedir "github.com/mitchellh/go-homedir"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
@ -715,7 +716,7 @@ func TestFunctions(t *testing.T) {
|
||||||
"sensitive": {
|
"sensitive": {
|
||||||
{
|
{
|
||||||
`sensitive(1)`,
|
`sensitive(1)`,
|
||||||
cty.NumberIntVal(1).Mark("sensitive"),
|
cty.NumberIntVal(1).Mark(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,10 +4,15 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// valueMarks allow creating strictly typed values for use as cty.Value marks.
|
||||||
|
// The variable name for new values should be the title-cased format of the
|
||||||
|
// value to better match the GoString output for debugging.
|
||||||
type valueMark string
|
type valueMark string
|
||||||
|
|
||||||
func (m valueMark) GoString() string {
|
func (m valueMark) GoString() string {
|
||||||
return "marks." + strings.Title(string(m))
|
return "marks." + strings.Title(string(m))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Sensitive indicates that this value is marked as sensitive in the context of
|
||||||
|
// Terraform.
|
||||||
var Sensitive = valueMark("sensitive")
|
var Sensitive = valueMark("sensitive")
|
||||||
|
|
|
||||||
|
|
@ -4,13 +4,14 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestChangeEncodeSensitive(t *testing.T) {
|
func TestChangeEncodeSensitive(t *testing.T) {
|
||||||
testVals := []cty.Value{
|
testVals := []cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"ding": cty.StringVal("dong").Mark("sensitive"),
|
"ding": cty.StringVal("dong").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.StringVal("bleep").Mark("bloop"),
|
cty.StringVal("bleep").Mark("bloop"),
|
||||||
cty.ListVal([]cty.Value{cty.UnknownVal(cty.String).Mark("sup?")}),
|
cty.ListVal([]cty.Value{cty.UnknownVal(cty.String).Mark("sup?")}),
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty/convert"
|
"github.com/zclconf/go-cty/cty/convert"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AssertObjectCompatible checks whether the given "actual" value is a valid
|
// AssertObjectCompatible checks whether the given "actual" value is a valid
|
||||||
|
|
@ -57,11 +58,11 @@ func assertObjectCompatible(schema *configschema.Block, planned, actual cty.Valu
|
||||||
// exposing a value through errors
|
// exposing a value through errors
|
||||||
unmarkedActualV, marksA := actualV.UnmarkDeep()
|
unmarkedActualV, marksA := actualV.UnmarkDeep()
|
||||||
unmarkedPlannedV, marksP := plannedV.UnmarkDeep()
|
unmarkedPlannedV, marksP := plannedV.UnmarkDeep()
|
||||||
_, isMarkedActual := marksA["sensitive"]
|
_, isSensitiveActual := marksA[marks.Sensitive]
|
||||||
_, isMarkedPlanned := marksP["sensitive"]
|
_, isSensitivePlanned := marksP[marks.Sensitive]
|
||||||
|
|
||||||
moreErrs := assertValueCompatible(unmarkedPlannedV, unmarkedActualV, path)
|
moreErrs := assertValueCompatible(unmarkedPlannedV, unmarkedActualV, path)
|
||||||
if attrS.Sensitive || isMarkedActual || isMarkedPlanned {
|
if attrS.Sensitive || isSensitiveActual || isSensitivePlanned {
|
||||||
if len(moreErrs) > 0 {
|
if len(moreErrs) > 0 {
|
||||||
// Use a vague placeholder message instead, to avoid disclosing
|
// Use a vague placeholder message instead, to avoid disclosing
|
||||||
// sensitive information.
|
// sensitive information.
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -155,7 +156,7 @@ func TestAssertObjectCompatible(t *testing.T) {
|
||||||
},
|
},
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.UnknownVal(cty.String),
|
"id": cty.UnknownVal(cty.String),
|
||||||
"name": cty.StringVal("wotsit").Mark("sensitive"),
|
"name": cty.StringVal("wotsit").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.UnknownVal(cty.String),
|
"id": cty.UnknownVal(cty.String),
|
||||||
|
|
@ -184,7 +185,7 @@ func TestAssertObjectCompatible(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.UnknownVal(cty.String),
|
"id": cty.UnknownVal(cty.String),
|
||||||
"name": cty.StringVal("thingy").Mark("sensitive"),
|
"name": cty.StringVal("thingy").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
[]string{
|
[]string{
|
||||||
`.name: inconsistent values for sensitive attribute`,
|
`.name: inconsistent values for sensitive attribute`,
|
||||||
|
|
@ -216,7 +217,7 @@ func TestAssertObjectCompatible(t *testing.T) {
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"foo": cty.StringVal("secret"),
|
"foo": cty.StringVal("secret"),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
|
|
@ -227,7 +228,7 @@ func TestAssertObjectCompatible(t *testing.T) {
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"foo": cty.StringVal("secret"),
|
"foo": cty.StringVal("secret"),
|
||||||
}),
|
}),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -89,16 +90,16 @@ func TestLongestCommonSubsequence(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.Value{
|
[]cty.Value{
|
||||||
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark("sensitive")}),
|
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark(marks.Sensitive)}),
|
||||||
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
||||||
},
|
},
|
||||||
[]cty.Value{
|
[]cty.Value{
|
||||||
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark("sensitive")}),
|
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark(marks.Sensitive)}),
|
||||||
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
||||||
cty.MapVal(map[string]cty.Value{"c": cty.StringVal("z")}),
|
cty.MapVal(map[string]cty.Value{"c": cty.StringVal("z")}),
|
||||||
},
|
},
|
||||||
[]cty.Value{
|
[]cty.Value{
|
||||||
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark("sensitive")}),
|
cty.MapVal(map[string]cty.Value{"a": cty.StringVal("x").Mark(marks.Sensitive)}),
|
||||||
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
cty.MapVal(map[string]cty.Value{"b": cty.StringVal("y")}),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"google.golang.org/protobuf/proto"
|
"google.golang.org/protobuf/proto"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/plans/internal/planproto"
|
"github.com/hashicorp/terraform/internal/plans/internal/planproto"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
|
|
@ -315,7 +316,7 @@ func changeFromTfplan(rawChange *planproto.Change) (*plans.ChangeSrc, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sensitive := cty.NewValueMarks("sensitive")
|
sensitive := cty.NewValueMarks(marks.Sensitive)
|
||||||
beforeValMarks, err := pathValueMarksFromTfplan(rawChange.BeforeSensitivePaths, sensitive)
|
beforeValMarks, err := pathValueMarksFromTfplan(rawChange.BeforeSensitivePaths, sensitive)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to decode before sensitive paths: %s", err)
|
return nil, fmt.Errorf("failed to decode before sensitive paths: %s", err)
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -78,7 +79,7 @@ func TestTFPlanRoundTrip(t *testing.T) {
|
||||||
AfterValMarks: []cty.PathValueMarks{
|
AfterValMarks: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("boop").IndexInt(1),
|
Path: cty.GetAttrPath("boop").IndexInt(1),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -20,7 +21,7 @@ func FormatValue(v cty.Value, indent int) string {
|
||||||
raw, _ := v.Unmark()
|
raw, _ := v.Unmark()
|
||||||
return raw.AsString()
|
return raw.AsString()
|
||||||
}
|
}
|
||||||
if v.HasMark("sensitive") {
|
if v.HasMark(marks.Sensitive) {
|
||||||
return "(sensitive)"
|
return "(sensitive)"
|
||||||
}
|
}
|
||||||
if v.IsNull() {
|
if v.IsNull() {
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -170,7 +171,7 @@ EOT_`,
|
||||||
`toset([])`,
|
`toset([])`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
cty.StringVal("sensitive value").Mark("sensitive"),
|
cty.StringVal("sensitive value").Mark(marks.Sensitive),
|
||||||
"(sensitive)",
|
"(sensitive)",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestState(t *testing.T) {
|
func TestState(t *testing.T) {
|
||||||
|
|
@ -262,7 +263,7 @@ func TestStateDeepCopy(t *testing.T) {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "woozles"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "woozles"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Private: []byte("private data"),
|
Private: []byte("private data"),
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ import (
|
||||||
ctyjson "github.com/zclconf/go-cty/cty/json"
|
ctyjson "github.com/zclconf/go-cty/cty/json"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
)
|
)
|
||||||
|
|
@ -164,7 +165,7 @@ func prepareStateV4(sV4 *stateV4) (*File, tfdiags.Diagnostics) {
|
||||||
for _, path := range paths {
|
for _, path := range paths {
|
||||||
pvm = append(pvm, cty.PathValueMarks{
|
pvm = append(pvm, cty.PathValueMarks{
|
||||||
Path: path,
|
Path: path,
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
obj.AttrSensitivePaths = pvm
|
obj.AttrSensitivePaths = pvm
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
|
|
@ -420,7 +421,7 @@ resource "test_resource" "b" {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("sensitive_attr"),
|
Path: cty.GetAttrPath("sensitive_attr"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Status: states.ObjectReady,
|
Status: states.ObjectReady,
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
"github.com/hashicorp/terraform/internal/configs/hcl2shim"
|
"github.com/hashicorp/terraform/internal/configs/hcl2shim"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/provisioners"
|
"github.com/hashicorp/terraform/internal/provisioners"
|
||||||
|
|
@ -11949,7 +11950,7 @@ resource "test_resource" "foo" {
|
||||||
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("value"); !gotPath.Equals(wantPath) {
|
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("value"); !gotPath.Equals(wantPath) {
|
||||||
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
||||||
}
|
}
|
||||||
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks("sensitive"); !gotMarks.Equal(wantMarks) {
|
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks(marks.Sensitive); !gotMarks.Equal(wantMarks) {
|
||||||
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -12013,7 +12014,7 @@ resource "test_resource" "baz" {
|
||||||
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("value"); !gotPath.Equals(wantPath) {
|
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("value"); !gotPath.Equals(wantPath) {
|
||||||
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
||||||
}
|
}
|
||||||
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks("sensitive"); !gotMarks.Equal(wantMarks) {
|
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks(marks.Sensitive); !gotMarks.Equal(wantMarks) {
|
||||||
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -12098,7 +12099,7 @@ resource "test_resource" "foo" {
|
||||||
got := fooState.Current.AttrSensitivePaths[0]
|
got := fooState.Current.AttrSensitivePaths[0]
|
||||||
want := cty.PathValueMarks{
|
want := cty.PathValueMarks{
|
||||||
Path: cty.GetAttrPath("value"),
|
Path: cty.GetAttrPath("value"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
}
|
}
|
||||||
|
|
||||||
if !got.Equal(want) {
|
if !got.Equal(want) {
|
||||||
|
|
@ -12399,7 +12400,7 @@ func TestContext2Apply_dataSensitive(t *testing.T) {
|
||||||
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("foo"); !gotPath.Equals(wantPath) {
|
if gotPath, wantPath := pvm.Path, cty.GetAttrPath("foo"); !gotPath.Equals(wantPath) {
|
||||||
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
t.Errorf("wrong path\n got: %#v\nwant: %#v", gotPath, wantPath)
|
||||||
}
|
}
|
||||||
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks("sensitive"); !gotMarks.Equal(wantMarks) {
|
if gotMarks, wantMarks := pvm.Marks, cty.NewValueMarks(marks.Sensitive); !gotMarks.Equal(wantMarks) {
|
||||||
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
t.Errorf("wrong marks\n got: %#v\nwant: %#v", gotMarks, wantMarks)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"github.com/davecgh/go-spew/spew"
|
"github.com/davecgh/go-spew/spew"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
|
|
@ -175,7 +176,7 @@ data "test_data_source" "foo" {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("foo"),
|
Path: cty.GetAttrPath("foo"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -1092,7 +1093,7 @@ data "test_data_source" "foo" {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("foo"),
|
Path: cty.GetAttrPath("foo"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -1106,7 +1107,7 @@ data "test_data_source" "foo" {
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{
|
{
|
||||||
Path: cty.GetAttrPath("sensitive"),
|
Path: cty.GetAttrPath("sensitive"),
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
"github.com/hashicorp/terraform/internal/configs/hcl2shim"
|
"github.com/hashicorp/terraform/internal/configs/hcl2shim"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/provisioners"
|
"github.com/hashicorp/terraform/internal/provisioners"
|
||||||
|
|
@ -4793,7 +4794,7 @@ func TestContext2Plan_ignoreChangesSensitive(t *testing.T) {
|
||||||
|
|
||||||
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
||||||
"id": cty.StringVal("bar"),
|
"id": cty.StringVal("bar"),
|
||||||
"ami": cty.StringVal("ami-abcd1234").Mark("sensitive"),
|
"ami": cty.StringVal("ami-abcd1234").Mark(marks.Sensitive),
|
||||||
"type": cty.StringVal("aws_instance"),
|
"type": cty.StringVal("aws_instance"),
|
||||||
}), ric.After)
|
}), ric.After)
|
||||||
}
|
}
|
||||||
|
|
@ -5627,7 +5628,7 @@ func TestContext2Plan_variableSensitivity(t *testing.T) {
|
||||||
switch i := ric.Addr.String(); i {
|
switch i := ric.Addr.String(); i {
|
||||||
case "aws_instance.foo":
|
case "aws_instance.foo":
|
||||||
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
||||||
"foo": cty.StringVal("foo").Mark("sensitive"),
|
"foo": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
}), ric.After)
|
}), ric.After)
|
||||||
if len(res.ChangeSrc.BeforeValMarks) != 0 {
|
if len(res.ChangeSrc.BeforeValMarks) != 0 {
|
||||||
t.Errorf("unexpected BeforeValMarks: %#v", res.ChangeSrc.BeforeValMarks)
|
t.Errorf("unexpected BeforeValMarks: %#v", res.ChangeSrc.BeforeValMarks)
|
||||||
|
|
@ -5640,7 +5641,7 @@ func TestContext2Plan_variableSensitivity(t *testing.T) {
|
||||||
if got, want := pvm.Path, cty.GetAttrPath("foo"); !got.Equals(want) {
|
if got, want := pvm.Path, cty.GetAttrPath("foo"); !got.Equals(want) {
|
||||||
t.Errorf("unexpected path for mark\n got: %#v\nwant: %#v", got, want)
|
t.Errorf("unexpected path for mark\n got: %#v\nwant: %#v", got, want)
|
||||||
}
|
}
|
||||||
if got, want := pvm.Marks, cty.NewValueMarks("sensitive"); !got.Equal(want) {
|
if got, want := pvm.Marks, cty.NewValueMarks(marks.Sensitive); !got.Equal(want) {
|
||||||
t.Errorf("unexpected value for mark\n got: %#v\nwant: %#v", got, want)
|
t.Errorf("unexpected value for mark\n got: %#v\nwant: %#v", got, want)
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
|
|
@ -5694,8 +5695,8 @@ func TestContext2Plan_variableSensitivityModule(t *testing.T) {
|
||||||
switch i := ric.Addr.String(); i {
|
switch i := ric.Addr.String(); i {
|
||||||
case "module.child.aws_instance.foo":
|
case "module.child.aws_instance.foo":
|
||||||
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
checkVals(t, objectVal(t, schema, map[string]cty.Value{
|
||||||
"foo": cty.StringVal("foo").Mark("sensitive"),
|
"foo": cty.StringVal("foo").Mark(marks.Sensitive),
|
||||||
"value": cty.StringVal("boop").Mark("sensitive"),
|
"value": cty.StringVal("boop").Mark(marks.Sensitive),
|
||||||
}), ric.After)
|
}), ric.After)
|
||||||
if len(res.ChangeSrc.BeforeValMarks) != 0 {
|
if len(res.ChangeSrc.BeforeValMarks) != 0 {
|
||||||
t.Errorf("unexpected BeforeValMarks: %#v", res.ChangeSrc.BeforeValMarks)
|
t.Errorf("unexpected BeforeValMarks: %#v", res.ChangeSrc.BeforeValMarks)
|
||||||
|
|
@ -5708,7 +5709,7 @@ func TestContext2Plan_variableSensitivityModule(t *testing.T) {
|
||||||
contains := func(pvmSlice []cty.PathValueMarks, stepName string) bool {
|
contains := func(pvmSlice []cty.PathValueMarks, stepName string) bool {
|
||||||
for _, pvm := range pvmSlice {
|
for _, pvm := range pvmSlice {
|
||||||
if pvm.Path.Equals(cty.GetAttrPath(stepName)) {
|
if pvm.Path.Equals(cty.GetAttrPath(stepName)) {
|
||||||
if pvm.Marks.Equal(cty.NewValueMarks("sensitive")) {
|
if pvm.Marks.Equal(cty.NewValueMarks(marks.Sensitive)) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -6753,8 +6754,8 @@ resource "test_resource" "foo" {
|
||||||
Status: states.ObjectReady,
|
Status: states.ObjectReady,
|
||||||
AttrsJSON: []byte(`{"id":"foo", "value":"hello", "sensitive_value":"hello"}`),
|
AttrsJSON: []byte(`{"id":"foo", "value":"hello", "sensitive_value":"hello"}`),
|
||||||
AttrSensitivePaths: []cty.PathValueMarks{
|
AttrSensitivePaths: []cty.PathValueMarks{
|
||||||
{Path: cty.Path{cty.GetAttrStep{Name: "value"}}, Marks: cty.NewValueMarks("sensitive")},
|
{Path: cty.Path{cty.GetAttrStep{Name: "value"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
{Path: cty.Path{cty.GetAttrStep{Name: "sensitive_value"}}, Marks: cty.NewValueMarks("sensitive")},
|
{Path: cty.Path{cty.GetAttrStep{Name: "sensitive_value"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
addrs.AbsProviderConfig{
|
addrs.AbsProviderConfig{
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"github.com/davecgh/go-spew/spew"
|
"github.com/davecgh/go-spew/spew"
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hcltest"
|
"github.com/hashicorp/hcl/v2/hcltest"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -20,7 +21,7 @@ func TestEvaluateCountExpression(t *testing.T) {
|
||||||
0,
|
0,
|
||||||
},
|
},
|
||||||
"expression with marked value": {
|
"expression with marked value": {
|
||||||
hcltest.MockExprLiteral(cty.NumberIntVal(8).Mark("sensitive")),
|
hcltest.MockExprLiteral(cty.NumberIntVal(8).Mark(marks.Sensitive)),
|
||||||
8,
|
8,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/davecgh/go-spew/spew"
|
"github.com/davecgh/go-spew/spew"
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/hcltest"
|
"github.com/hashicorp/hcl/v2/hcltest"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
@ -54,11 +55,11 @@ func TestEvaluateForEachExpression_valid(t *testing.T) {
|
||||||
},
|
},
|
||||||
"map containing sensitive values, but strings are literal": {
|
"map containing sensitive values, but strings are literal": {
|
||||||
hcltest.MockExprLiteral(cty.MapVal(map[string]cty.Value{
|
hcltest.MockExprLiteral(cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.BoolVal(true).Mark("sensitive"),
|
"a": cty.BoolVal(true).Mark(marks.Sensitive),
|
||||||
"b": cty.BoolVal(false),
|
"b": cty.BoolVal(false),
|
||||||
})),
|
})),
|
||||||
map[string]cty.Value{
|
map[string]cty.Value{
|
||||||
"a": cty.BoolVal(true).Mark("sensitive"),
|
"a": cty.BoolVal(true).Mark(marks.Sensitive),
|
||||||
"b": cty.BoolVal(false),
|
"b": cty.BoolVal(false),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -124,7 +125,7 @@ func TestEvaluateForEachExpression_errors(t *testing.T) {
|
||||||
hcltest.MockExprLiteral(cty.MapVal(map[string]cty.Value{
|
hcltest.MockExprLiteral(cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.BoolVal(true),
|
"a": cty.BoolVal(true),
|
||||||
"b": cty.BoolVal(false),
|
"b": cty.BoolVal(false),
|
||||||
}).Mark("sensitive")),
|
}).Mark(marks.Sensitive)),
|
||||||
"Invalid for_each argument",
|
"Invalid for_each argument",
|
||||||
"Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
"Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
||||||
},
|
},
|
||||||
|
|
@ -149,7 +150,7 @@ func TestEvaluateForEachExpression_errors(t *testing.T) {
|
||||||
"depends on resource attributes that cannot be determined until apply",
|
"depends on resource attributes that cannot be determined until apply",
|
||||||
},
|
},
|
||||||
"set containing marked values": {
|
"set containing marked values": {
|
||||||
hcltest.MockExprLiteral(cty.SetVal([]cty.Value{cty.StringVal("beep").Mark("sensitive"), cty.StringVal("boop")})),
|
hcltest.MockExprLiteral(cty.SetVal([]cty.Value{cty.StringVal("beep").Mark(marks.Sensitive), cty.StringVal("boop")})),
|
||||||
"Invalid for_each argument",
|
"Invalid for_each argument",
|
||||||
"Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
"Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.",
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -262,7 +262,7 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd
|
||||||
if d.Operation == walkValidate {
|
if d.Operation == walkValidate {
|
||||||
// Ensure variable sensitivity is captured in the validate walk
|
// Ensure variable sensitivity is captured in the validate walk
|
||||||
if config.Sensitive {
|
if config.Sensitive {
|
||||||
return marks.Sensitive(cty.UnknownVal(wantType)), diags
|
return cty.UnknownVal(wantType).Mark(marks.Sensitive), diags
|
||||||
}
|
}
|
||||||
return cty.UnknownVal(wantType), diags
|
return cty.UnknownVal(wantType), diags
|
||||||
}
|
}
|
||||||
|
|
@ -299,7 +299,7 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd
|
||||||
|
|
||||||
// Mark if sensitive
|
// Mark if sensitive
|
||||||
if config.Sensitive {
|
if config.Sensitive {
|
||||||
val = marks.Sensitive(val)
|
val = val.Mark(marks.Sensitive)
|
||||||
}
|
}
|
||||||
|
|
||||||
return val, diags
|
return val, diags
|
||||||
|
|
@ -434,7 +434,7 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc
|
||||||
instance[cfg.Name] = outputState
|
instance[cfg.Name] = outputState
|
||||||
|
|
||||||
if cfg.Sensitive {
|
if cfg.Sensitive {
|
||||||
instance[cfg.Name] = marks.Sensitive(outputState)
|
instance[cfg.Name] = outputState.Mark(marks.Sensitive)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -463,7 +463,7 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc
|
||||||
instance[cfg.Name] = change.After
|
instance[cfg.Name] = change.After
|
||||||
|
|
||||||
if change.Sensitive {
|
if change.Sensitive {
|
||||||
instance[cfg.Name] = marks.Sensitive(change.After)
|
instance[cfg.Name] = change.After.Mark(marks.Sensitive)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/plans"
|
"github.com/hashicorp/terraform/internal/plans"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
|
|
@ -110,7 +111,7 @@ func TestEvaluatorGetInputVariable(t *testing.T) {
|
||||||
VariableValues: map[string]map[string]cty.Value{
|
VariableValues: map[string]map[string]cty.Value{
|
||||||
"": {
|
"": {
|
||||||
"some_var": cty.StringVal("bar"),
|
"some_var": cty.StringVal("bar"),
|
||||||
"some_other_var": cty.StringVal("boop").Mark("sensitive"),
|
"some_other_var": cty.StringVal("boop").Mark(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
VariableValuesLock: &sync.Mutex{},
|
VariableValuesLock: &sync.Mutex{},
|
||||||
|
|
@ -121,7 +122,7 @@ func TestEvaluatorGetInputVariable(t *testing.T) {
|
||||||
}
|
}
|
||||||
scope := evaluator.Scope(data, nil)
|
scope := evaluator.Scope(data, nil)
|
||||||
|
|
||||||
want := cty.StringVal("bar").Mark("sensitive")
|
want := cty.StringVal("bar").Mark(marks.Sensitive)
|
||||||
got, diags := scope.Data.GetInputVariable(addrs.InputVariable{
|
got, diags := scope.Data.GetInputVariable(addrs.InputVariable{
|
||||||
Name: "some_var",
|
Name: "some_var",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
|
@ -133,7 +134,7 @@ func TestEvaluatorGetInputVariable(t *testing.T) {
|
||||||
t.Errorf("wrong result %#v; want %#v", got, want)
|
t.Errorf("wrong result %#v; want %#v", got, want)
|
||||||
}
|
}
|
||||||
|
|
||||||
want = cty.StringVal("boop").Mark("sensitive")
|
want = cty.StringVal("boop").Mark(marks.Sensitive)
|
||||||
got, diags = scope.Data.GetInputVariable(addrs.InputVariable{
|
got, diags = scope.Data.GetInputVariable(addrs.InputVariable{
|
||||||
Name: "some_other_var",
|
Name: "some_other_var",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
|
@ -276,30 +277,30 @@ func TestEvaluatorGetResource(t *testing.T) {
|
||||||
"id": cty.StringVal("foo"),
|
"id": cty.StringVal("foo"),
|
||||||
"nesting_list": cty.ListVal([]cty.Value{
|
"nesting_list": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive_value": cty.StringVal("abc").Mark("sensitive"),
|
"sensitive_value": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
"value": cty.NullVal(cty.String),
|
"value": cty.NullVal(cty.String),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
"nesting_map": cty.MapVal(map[string]cty.Value{
|
"nesting_map": cty.MapVal(map[string]cty.Value{
|
||||||
"foo": cty.ObjectVal(map[string]cty.Value{"foo": cty.StringVal("x").Mark("sensitive")}),
|
"foo": cty.ObjectVal(map[string]cty.Value{"foo": cty.StringVal("x").Mark(marks.Sensitive)}),
|
||||||
}),
|
}),
|
||||||
"nesting_nesting": cty.ObjectVal(map[string]cty.Value{
|
"nesting_nesting": cty.ObjectVal(map[string]cty.Value{
|
||||||
"nesting_list": cty.ListVal([]cty.Value{
|
"nesting_list": cty.ListVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"sensitive_value": cty.StringVal("abc").Mark("sensitive"),
|
"sensitive_value": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
"value": cty.NullVal(cty.String),
|
"value": cty.NullVal(cty.String),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
"nesting_set": cty.SetVal([]cty.Value{
|
"nesting_set": cty.SetVal([]cty.Value{
|
||||||
cty.ObjectVal(map[string]cty.Value{
|
cty.ObjectVal(map[string]cty.Value{
|
||||||
"baz": cty.StringVal("abc").Mark("sensitive"),
|
"baz": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}),
|
}),
|
||||||
"nesting_single": cty.ObjectVal(map[string]cty.Value{
|
"nesting_single": cty.ObjectVal(map[string]cty.Value{
|
||||||
"boop": cty.StringVal("abc").Mark("sensitive"),
|
"boop": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
"value": cty.StringVal("hello").Mark("sensitive"),
|
"value": cty.StringVal("hello").Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
|
|
||||||
addr := addrs.Resource{
|
addr := addrs.Resource{
|
||||||
|
|
@ -354,7 +355,7 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
|
||||||
// Provide an After value that contains a marked value
|
// Provide an After value that contains a marked value
|
||||||
After: cty.ObjectVal(map[string]cty.Value{
|
After: cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.StringVal("foo"),
|
"id": cty.StringVal("foo"),
|
||||||
"to_mark_val": cty.StringVal("pizza").Mark("sensitive"),
|
"to_mark_val": cty.StringVal("pizza").Mark(marks.Sensitive),
|
||||||
"sensitive_value": cty.StringVal("abc"),
|
"sensitive_value": cty.StringVal("abc"),
|
||||||
"sensitive_collection": cty.MapVal(map[string]cty.Value{
|
"sensitive_collection": cty.MapVal(map[string]cty.Value{
|
||||||
"boop": cty.StringVal("beep"),
|
"boop": cty.StringVal("beep"),
|
||||||
|
|
@ -439,11 +440,11 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
|
||||||
|
|
||||||
want := cty.ObjectVal(map[string]cty.Value{
|
want := cty.ObjectVal(map[string]cty.Value{
|
||||||
"id": cty.StringVal("foo"),
|
"id": cty.StringVal("foo"),
|
||||||
"to_mark_val": cty.StringVal("pizza").Mark("sensitive"),
|
"to_mark_val": cty.StringVal("pizza").Mark(marks.Sensitive),
|
||||||
"sensitive_value": cty.StringVal("abc").Mark("sensitive"),
|
"sensitive_value": cty.StringVal("abc").Mark(marks.Sensitive),
|
||||||
"sensitive_collection": cty.MapVal(map[string]cty.Value{
|
"sensitive_collection": cty.MapVal(map[string]cty.Value{
|
||||||
"boop": cty.StringVal("beep"),
|
"boop": cty.StringVal("beep"),
|
||||||
}).Mark("sensitive"),
|
}).Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
|
|
||||||
got, diags := scope.Data.GetResource(addr, tfdiags.SourceRange{})
|
got, diags := scope.Data.GetResource(addr, tfdiags.SourceRange{})
|
||||||
|
|
@ -471,7 +472,7 @@ func TestEvaluatorGetModule(t *testing.T) {
|
||||||
Evaluator: evaluator,
|
Evaluator: evaluator,
|
||||||
}
|
}
|
||||||
scope := evaluator.Scope(data, nil)
|
scope := evaluator.Scope(data, nil)
|
||||||
want := cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("bar").Mark("sensitive")})
|
want := cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("bar").Mark(marks.Sensitive)})
|
||||||
got, diags := scope.Data.GetModule(addrs.ModuleCall{
|
got, diags := scope.Data.GetModule(addrs.ModuleCall{
|
||||||
Name: "mod",
|
Name: "mod",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
|
@ -499,7 +500,7 @@ func TestEvaluatorGetModule(t *testing.T) {
|
||||||
Evaluator: evaluator,
|
Evaluator: evaluator,
|
||||||
}
|
}
|
||||||
scope = evaluator.Scope(data, nil)
|
scope = evaluator.Scope(data, nil)
|
||||||
want = cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("baz").Mark("sensitive")})
|
want = cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("baz").Mark(marks.Sensitive)})
|
||||||
got, diags = scope.Data.GetModule(addrs.ModuleCall{
|
got, diags = scope.Data.GetModule(addrs.ModuleCall{
|
||||||
Name: "mod",
|
Name: "mod",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
|
@ -517,7 +518,7 @@ func TestEvaluatorGetModule(t *testing.T) {
|
||||||
Evaluator: evaluator,
|
Evaluator: evaluator,
|
||||||
}
|
}
|
||||||
scope = evaluator.Scope(data, nil)
|
scope = evaluator.Scope(data, nil)
|
||||||
want = cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("baz").Mark("sensitive")})
|
want = cty.ObjectVal(map[string]cty.Value{"out": cty.StringVal("baz").Mark(marks.Sensitive)})
|
||||||
got, diags = scope.Data.GetModule(addrs.ModuleCall{
|
got, diags = scope.Data.GetModule(addrs.ModuleCall{
|
||||||
Name: "mod",
|
Name: "mod",
|
||||||
}, tfdiags.SourceRange{})
|
}, tfdiags.SourceRange{})
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -14,32 +15,32 @@ func TestMarksEqual(t *testing.T) {
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "A"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "A"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
false,
|
false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "c"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "c"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "c"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "c"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
|
|
@ -47,31 +48,31 @@ func TestMarksEqual(t *testing.T) {
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{
|
cty.PathValueMarks{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "b"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "b"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
cty.PathValueMarks{
|
cty.PathValueMarks{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "c"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "c"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{
|
cty.PathValueMarks{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "c"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "c"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
cty.PathValueMarks{
|
cty.PathValueMarks{
|
||||||
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "b"}},
|
Path: cty.Path{cty.GetAttrStep{Name: "a"}, cty.GetAttrStep{Name: "b"}},
|
||||||
Marks: cty.NewValueMarks("sensitive"),
|
Marks: cty.NewValueMarks(marks.Sensitive),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "b"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
false,
|
false,
|
||||||
},
|
},
|
||||||
|
|
@ -82,7 +83,7 @@ func TestMarksEqual(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
nil,
|
nil,
|
||||||
false,
|
false,
|
||||||
|
|
@ -90,7 +91,7 @@ func TestMarksEqual(t *testing.T) {
|
||||||
{
|
{
|
||||||
nil,
|
nil,
|
||||||
[]cty.PathValueMarks{
|
[]cty.PathValueMarks{
|
||||||
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks("sensitive")},
|
cty.PathValueMarks{Path: cty.Path{cty.GetAttrStep{Name: "a"}}, Marks: cty.NewValueMarks(marks.Sensitive)},
|
||||||
},
|
},
|
||||||
false,
|
false,
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -282,8 +282,9 @@ func (n *NodeApplyableOutput) Execute(ctx EvalContext, op walkOperation) (diags
|
||||||
// statically declared as sensitive in order to dynamically return
|
// statically declared as sensitive in order to dynamically return
|
||||||
// a sensitive result, to help avoid accidental exposure in the state
|
// a sensitive result, to help avoid accidental exposure in the state
|
||||||
// of a sensitive value that the user doesn't want to include there.
|
// of a sensitive value that the user doesn't want to include there.
|
||||||
hasSensitive := marks.HasSensitive(val)
|
|
||||||
if n.Addr.Module.IsRoot() {
|
if n.Addr.Module.IsRoot() {
|
||||||
|
_, m := val.UnmarkDeep()
|
||||||
|
_, hasSensitive := m[marks.Sensitive]
|
||||||
if !n.Config.Sensitive && hasSensitive {
|
if !n.Config.Sensitive && hasSensitive {
|
||||||
diags = diags.Append(&hcl.Diagnostic{
|
diags = diags.Append(&hcl.Diagnostic{
|
||||||
Severity: hcl.DiagError,
|
Severity: hcl.DiagError,
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/states"
|
"github.com/hashicorp/terraform/internal/states"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
)
|
)
|
||||||
|
|
@ -98,7 +99,7 @@ func TestNodeApplyableOutputExecute_sensitiveValueNotOutput(t *testing.T) {
|
||||||
addr := addrs.OutputValue{Name: config.Name}.Absolute(addrs.RootModuleInstance)
|
addr := addrs.OutputValue{Name: config.Name}.Absolute(addrs.RootModuleInstance)
|
||||||
node := &NodeApplyableOutput{Config: config, Addr: addr}
|
node := &NodeApplyableOutput{Config: config, Addr: addr}
|
||||||
val := cty.MapVal(map[string]cty.Value{
|
val := cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.StringVal("b").Mark("sensitive"),
|
"a": cty.StringVal("b").Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
ctx.EvaluateExprResult = val
|
ctx.EvaluateExprResult = val
|
||||||
|
|
||||||
|
|
@ -122,7 +123,7 @@ func TestNodeApplyableOutputExecute_sensitiveValueAndOutput(t *testing.T) {
|
||||||
addr := addrs.OutputValue{Name: config.Name}.Absolute(addrs.RootModuleInstance)
|
addr := addrs.OutputValue{Name: config.Name}.Absolute(addrs.RootModuleInstance)
|
||||||
node := &NodeApplyableOutput{Config: config, Addr: addr}
|
node := &NodeApplyableOutput{Config: config, Addr: addr}
|
||||||
val := cty.MapVal(map[string]cty.Value{
|
val := cty.MapVal(map[string]cty.Value{
|
||||||
"a": cty.StringVal("b").Mark("sensitive"),
|
"a": cty.StringVal("b").Mark(marks.Sensitive),
|
||||||
})
|
})
|
||||||
ctx.EvaluateExprResult = val
|
ctx.EvaluateExprResult = val
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
"github.com/zclconf/go-cty/cty"
|
"github.com/zclconf/go-cty/cty"
|
||||||
|
|
@ -126,7 +127,7 @@ func TestNodeApplyableProviderExecute_sensitive(t *testing.T) {
|
||||||
config := &configs.Provider{
|
config := &configs.Provider{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Config: configs.SynthBody("", map[string]cty.Value{
|
Config: configs.SynthBody("", map[string]cty.Value{
|
||||||
"test_string": cty.StringVal("hello").Mark("sensitive"),
|
"test_string": cty.StringVal("hello").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
provider := mockProviderWithConfigSchema(simpleTestSchema())
|
provider := mockProviderWithConfigSchema(simpleTestSchema())
|
||||||
|
|
@ -163,7 +164,7 @@ func TestNodeApplyableProviderExecute_sensitiveValidate(t *testing.T) {
|
||||||
config := &configs.Provider{
|
config := &configs.Provider{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Config: configs.SynthBody("", map[string]cty.Value{
|
Config: configs.SynthBody("", map[string]cty.Value{
|
||||||
"test_string": cty.StringVal("hello").Mark("sensitive"),
|
"test_string": cty.StringVal("hello").Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
provider := mockProviderWithConfigSchema(simpleTestSchema())
|
provider := mockProviderWithConfigSchema(simpleTestSchema())
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hashicorp/terraform/internal/addrs"
|
"github.com/hashicorp/terraform/internal/addrs"
|
||||||
"github.com/hashicorp/terraform/internal/configs"
|
"github.com/hashicorp/terraform/internal/configs"
|
||||||
"github.com/hashicorp/terraform/internal/configs/configschema"
|
"github.com/hashicorp/terraform/internal/configs/configschema"
|
||||||
|
"github.com/hashicorp/terraform/internal/lang/marks"
|
||||||
"github.com/hashicorp/terraform/internal/providers"
|
"github.com/hashicorp/terraform/internal/providers"
|
||||||
"github.com/hashicorp/terraform/internal/provisioners"
|
"github.com/hashicorp/terraform/internal/provisioners"
|
||||||
"github.com/hashicorp/terraform/internal/tfdiags"
|
"github.com/hashicorp/terraform/internal/tfdiags"
|
||||||
|
|
@ -176,7 +177,7 @@ func TestNodeValidatableResource_ValidateResource_managedResource(t *testing.T)
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Config: configs.SynthBody("", map[string]cty.Value{
|
Config: configs.SynthBody("", map[string]cty.Value{
|
||||||
"test_string": cty.StringVal("bar"),
|
"test_string": cty.StringVal("bar"),
|
||||||
"test_number": cty.NumberIntVal(2).Mark("sensitive"),
|
"test_number": cty.NumberIntVal(2).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
node := NodeValidatableResource{
|
node := NodeValidatableResource{
|
||||||
|
|
@ -289,7 +290,7 @@ func TestNodeValidatableResource_ValidateResource_dataSource(t *testing.T) {
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Config: configs.SynthBody("", map[string]cty.Value{
|
Config: configs.SynthBody("", map[string]cty.Value{
|
||||||
"test_string": cty.StringVal("bar"),
|
"test_string": cty.StringVal("bar"),
|
||||||
"test_number": cty.NumberIntVal(2).Mark("sensitive"),
|
"test_number": cty.NumberIntVal(2).Mark(marks.Sensitive),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
package terraform
|
package terraform
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
|
@ -163,5 +162,4 @@ func TestGraphNodeImportStateSubExecuteNull(t *testing.T) {
|
||||||
if !diags.HasErrors() {
|
if !diags.HasErrors() {
|
||||||
t.Fatal("expected error for non-existent resource")
|
t.Fatal("expected error for non-existent resource")
|
||||||
}
|
}
|
||||||
fmt.Println(diags.ErrWithWarnings())
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue