Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform plan and show output sensitive schema elements if they are not top level #7238

Closed
ghost opened this issue Jun 5, 2020 · 2 comments
Closed

Terraform plan and show output sensitive schema elements if they are not top level #7238

ghost opened this issue Jun 5, 2020 · 2 comments
Labels
bug service/kubernetes-cluster upstream/terraform This issue is blocked on an upstream issue within Terraform (Terraform Core/CLI, The Plugin SDK etc)

Comments

@ghost
Copy link

ghost commented Jun 5, 2020

This issue was originally opened by @derek-burdick as hashicorp/terraform#25070. It was migrated here as a result of the provider split. The original body of the issue is below.

Terraform Version

Terraform v0.12.25
+ provider.azuread v0.8.0
+ provider.azurerm v2.9.0
+ provider.helm v1.2.1
+ provider.kubernetes v1.11.2
+ provider.null v2.1.2
+ provider.random v2.2.1

Terraform Configuration Files

terraform plan and show output:
  # module.aks.azurerm_kubernetes_cluster.aks will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "aks" {
        api_server_authorized_ip_ranges = []
        dns_prefix                      = <redacted>
        enable_pod_security_policy      = false
        fqdn                            = <redacted>
        id                              = <redacted>
        kube_admin_config               = [
            {
                client_certificate     = <redacted>
                client_key             = <redacted>
                cluster_ca_certificate = <redacted>
                host                   = <redacted>
                password               = "1f143904<partially-redacted>"
                username               = <redacted>
            },
        ]
        kube_admin_config_raw           = (sensitive value)
        kube_config                     = [
            {
                client_certificate     = ""
                client_key             = ""
                cluster_ca_certificate = <redacted>
                host                   = <redacted>
                password               = ""
                username               = <redacted>
            },
        ]
        kube_config_raw                 = (sensitive value)
        kubelet_identity                = []
      ~ kubernetes_version              = "1.16.7" -> "1.16.9"
        location                        = <redacted>
        name                            = <redacted>
        node_resource_group             = <redacted>
        private_cluster_enabled         = true
        private_link_enabled            = true
        resource_group_name             = <redacted>
    }

source terraform-provider-azurerm/azurerm/internal/services/containers

			"kube_admin_config": {
				Type:     schema.TypeList,
				Computed: true,
				Elem: &schema.Resource{
					Schema: map[string]*schema.Schema{
						"host": {
							Type:     schema.TypeString,
							Computed: true,
						},
						"username": {
							Type:     schema.TypeString,
							Computed: true,
						},
						"password": {
							Type:      schema.TypeString,
							Computed:  true,
							Sensitive: true,
						},
						"client_certificate": {
							Type:      schema.TypeString,
							Computed:  true,
							Sensitive: true,
						},
						"client_key": {
							Type:      schema.TypeString,
							Computed:  true,
							Sensitive: true,
						},
						"cluster_ca_certificate": {
							Type:      schema.TypeString,
							Computed:  true,
							Sensitive: true,
						},
					},
				},
			},

			"kube_admin_config_raw": {
				Type:      schema.TypeString,
				Computed:  true,
				Sensitive: true,
			},

Debug Output

Crash Output

Expected Behavior

kube_admin_config.password should show "(sensitive value)" in terraform plan and terraform show

Actual Behavior

kube_admin_config.password showed the actual information which is sensitive

Steps to Reproduce

Create terraform file with resource azurerm_kubernetes_cluster

terraform init
terraform plan

Additional Context

References
@ghost ghost mentioned this issue Jun 5, 2020
Closed
@tombuildsstuff tombuildsstuff added upstream/terraform This issue is blocked on an upstream issue within Terraform (Terraform Core/CLI, The Plugin SDK etc) bug labels Jun 8, 2020
@tombuildsstuff
Copy link
Member

hi @sebader

Thanks for opening this issue.

Taking a look into this, the root cause of this appears to be this bug in the Terraform Plugin SDK - since this would be fixed there (rather than here) I'm going to close this issue for the moment - would you mind subscribing to that issue for updates? When the fix becomes available we'll pull it in and that should fix this.

Thanks!

@pwiens pwiens mentioned this issue Jun 25, 2020
Closed
@ghost
Copy link
Author

ghost commented Jul 8, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators Jul 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug service/kubernetes-cluster upstream/terraform This issue is blocked on an upstream issue within Terraform (Terraform Core/CLI, The Plugin SDK etc)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tombuildsstuff @mybayern1974