Skip to content

Commit

Permalink
backport of commit bd744ad
Browse files Browse the repository at this point in the history
  • Loading branch information
@brandonc
brandonc committed Oct 24, 2022
1 parent 195efa2 commit 49013ed
Show file tree
Hide file tree
Showing 11 changed files with 67 additions and 63 deletions.
4 changes: 2 additions & 2 deletions internal/command/console_test.go
View file
Expand Up @@ -172,8 +172,8 @@ func TestConsole_variables(t *testing.T) {
commands := map[string]string{
"var.foo\n": "\"bar\"\n",
"var.snack\n": "\"popcorn\"\n",
"var.secret_snack\n": "(sensitive)\n",
"local.snack_bar\n": "[\n \"popcorn\",\n (sensitive),\n]\n",
"var.secret_snack\n": "(sensitive value)\n",
"local.snack_bar\n": "[\n \"popcorn\",\n (sensitive value),\n]\n",
}

args := []string{}
Expand Down
20 changes: 12 additions & 8 deletions internal/command/format/diff.go
View file
Expand Up @@ -274,7 +274,10 @@ type blockBodyDiffResult struct {
skippedBlocks int
}

const forcesNewResourceCaption = " [red]# forces replacement[reset]"
const (
forcesNewResourceCaption = " [red]# forces replacement[reset]"
sensitiveCaption = "(sensitive value)"
)

// writeBlockBodyDiff writes attribute or block differences
// and returns true if any differences were found and written
Expand Down Expand Up @@ -416,7 +419,7 @@ func (p *blockBodyDiffPrinter) writeAttrDiff(name string, attrS *configschema.At
p.buf.WriteString(" = ")

if attrS.Sensitive {
p.buf.WriteString("(sensitive)")
p.buf.WriteString(sensitiveCaption)
if p.pathForcesNewResource(path) {
p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
}
Expand Down Expand Up @@ -459,7 +462,8 @@ func (p *blockBodyDiffPrinter) writeNestedAttrDiff(
// Then schema of the attribute itself can be marked sensitive, or the values assigned
sensitive := attrWithNestedS.Sensitive || old.HasMark(marks.Sensitive) || new.HasMark(marks.Sensitive)
if sensitive {
p.buf.WriteString(" = (sensitive)")
p.buf.WriteString(" = ")
p.buf.WriteString(sensitiveCaption)

if p.pathForcesNewResource(path) {
p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
Expand Down Expand Up @@ -742,7 +746,7 @@ func (p *blockBodyDiffPrinter) writeNestedBlockDiffs(name string, blockS *config

// If either the old or the new value is marked,
// Display a special diff because it is irrelevant
// to list all obfuscated attributes as (sensitive)
// to list all obfuscated attributes as (sensitive value)
if old.HasMark(marks.Sensitive) || new.HasMark(marks.Sensitive) {
p.writeSensitiveNestedBlockDiff(name, old, new, indent, blankBefore, path)
return 0
Expand Down Expand Up @@ -1025,7 +1029,7 @@ func (p *blockBodyDiffPrinter) writeNestedBlockDiff(name string, label *string,
func (p *blockBodyDiffPrinter) writeValue(val cty.Value, action plans.Action, indent int) {
// Could check specifically for the sensitivity marker
if val.HasMark(marks.Sensitive) {
p.buf.WriteString("(sensitive)")
p.buf.WriteString(sensitiveCaption)
return
}

Expand Down Expand Up @@ -1193,7 +1197,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
// values are known and non-null.
if old.IsKnown() && new.IsKnown() && !old.IsNull() && !new.IsNull() && typesEqual {
if old.HasMark(marks.Sensitive) || new.HasMark(marks.Sensitive) {
p.buf.WriteString("(sensitive)")
p.buf.WriteString(sensitiveCaption)
if p.pathForcesNewResource(path) {
p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
}
Expand Down Expand Up @@ -1564,7 +1568,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
case plans.Create, plans.NoOp:
v := new.Index(kV)
if v.HasMark(marks.Sensitive) {
p.buf.WriteString("(sensitive)")
p.buf.WriteString(sensitiveCaption)
} else {
p.writeValue(v, action, indent+4)
}
Expand All @@ -1574,7 +1578,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
p.writeValueDiff(oldV, newV, indent+4, path)
default:
if oldV.HasMark(marks.Sensitive) || newV.HasMark(marks.Sensitive) {
p.buf.WriteString("(sensitive)")
p.buf.WriteString(sensitiveCaption)
} else {
p.writeValueDiff(oldV, newV, indent+4, path)
}
Expand Down
74 changes: 37 additions & 37 deletions internal/command/format/diff_test.go
View file
Expand Up @@ -411,11 +411,11 @@ new line
ExpectedOutput: ` # test_instance.example will be created
+ resource "test_instance" "example" {
+ conn_info = {
+ password = (sensitive)
+ password = (sensitive value)
+ user = "not-secret"
}
+ id = (known after apply)
+ password = (sensitive)
+ password = (sensitive value)
}
`,
},
Expand Down Expand Up @@ -3048,7 +3048,7 @@ func TestResourceChange_nestedSet(t *testing.T) {
ExpectedOutput: ` # test_instance.example will be created
+ resource "test_instance" "example" {
+ ami = "ami-AFTER"
+ disks = (sensitive)
+ disks = (sensitive value)
+ id = "i-02ae66f368e8518a9"
+ root_block_device {
Expand Down Expand Up @@ -3146,7 +3146,7 @@ func TestResourceChange_nestedSet(t *testing.T) {
~ ami = "ami-BEFORE" -> "ami-AFTER"
# Warning: this attribute value will be marked as sensitive and will not
# display in UI output after applying this change.
~ disks = (sensitive)
~ disks = (sensitive value)
id = "i-02ae66f368e8518a9"
+ root_block_device {
Expand Down Expand Up @@ -3197,7 +3197,7 @@ func TestResourceChange_nestedSet(t *testing.T) {
~ ami = "ami-BEFORE" -> "ami-AFTER"
# Warning: this attribute value will be marked as sensitive and will not
# display in UI output after applying this change. The value is unchanged.
~ disks = (sensitive)
~ disks = (sensitive value)
id = "i-02ae66f368e8518a9"
}
`,
Expand Down Expand Up @@ -3965,7 +3965,7 @@ func TestResourceChange_nestedMap(t *testing.T) {
~ ami = "ami-BEFORE" -> "ami-AFTER"
~ disks = {
+ "disk_a" = {
+ mount_point = (sensitive)
+ mount_point = (sensitive value)
+ size = "50GB"
},
}
Expand Down Expand Up @@ -5728,18 +5728,18 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
},
ExpectedOutput: ` # test_instance.example will be created
+ resource "test_instance" "example" {
+ ami = (sensitive)
+ ami = (sensitive value)
+ id = "i-02ae66f368e8518a9"
+ list_field = [
+ "hello",
+ (sensitive),
+ (sensitive value),
+ "!",
]
+ map_key = {
+ "breakfast" = 800
+ "dinner" = (sensitive)
+ "dinner" = (sensitive value)
}
+ map_whole = (sensitive)
+ map_whole = (sensitive value)
+ nested_block_list {
# At least one attribute in this block is (or was) sensitive,
Expand Down Expand Up @@ -5882,29 +5882,29 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
~ resource "test_instance" "example" {
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change.
~ ami = (sensitive)
~ ami = (sensitive value)
id = "i-02ae66f368e8518a9"
~ list_field = [
# (1 unchanged element hidden)
"friends",
- (sensitive),
- (sensitive value),
+ ".",
]
~ map_key = {
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change.
~ "dinner" = (sensitive)
~ "dinner" = (sensitive value)
# (1 unchanged element hidden)
}
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change.
~ map_whole = (sensitive)
~ map_whole = (sensitive value)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change.
~ some_number = (sensitive)
~ some_number = (sensitive value)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change.
~ special = (sensitive)
~ special = (sensitive value)
# Warning: this block will no longer be marked as sensitive
# after applying this change.
Expand Down Expand Up @@ -6007,18 +6007,18 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
id = "i-02ae66f368e8518a9"
~ list_field = [
- "hello",
+ (sensitive),
+ (sensitive value),
"friends",
]
~ map_key = {
~ "breakfast" = 800 -> 700
# Warning: this attribute value will be marked as sensitive and will not
# display in UI output after applying this change.
~ "dinner" = (sensitive)
~ "dinner" = (sensitive value)
}
# Warning: this attribute value will be marked as sensitive and will not
# display in UI output after applying this change.
~ map_whole = (sensitive)
~ map_whole = (sensitive value)
# Warning: this block will be marked as sensitive and will not
# display in UI output after applying this change.
Expand Down Expand Up @@ -6143,15 +6143,15 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
~ ami = (sensitive value)
id = "i-02ae66f368e8518a9"
~ list_field = [
- (sensitive),
+ (sensitive),
- (sensitive value),
+ (sensitive value),
"friends",
]
~ map_key = {
~ "dinner" = (sensitive)
~ "dinner" = (sensitive value)
# (1 unchanged element hidden)
}
~ map_whole = (sensitive)
~ map_whole = (sensitive value)
~ nested_block_map {
# At least one attribute in this block is (or was) sensitive,
Expand Down Expand Up @@ -6289,29 +6289,29 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
~ resource "test_instance" "example" {
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ ami = (sensitive)
~ ami = (sensitive value)
id = "i-02ae66f368e8518a9"
~ list_field = [
# (1 unchanged element hidden)
"friends",
- (sensitive),
- (sensitive value),
+ "!",
]
~ map_key = {
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ "dinner" = (sensitive)
~ "dinner" = (sensitive value)
# (1 unchanged element hidden)
}
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ map_whole = (sensitive)
~ map_whole = (sensitive value)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ some_number = (sensitive)
~ some_number = (sensitive value)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ special = (sensitive)
~ special = (sensitive value)
# Warning: this block will no longer be marked as sensitive
# after applying this change.
Expand Down Expand Up @@ -6410,17 +6410,17 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
},
ExpectedOutput: ` # test_instance.example will be destroyed
- resource "test_instance" "example" {
- ami = (sensitive) -> null
- ami = (sensitive value) -> null
- id = "i-02ae66f368e8518a9" -> null
- list_field = [
- "hello",
- (sensitive),
- (sensitive value),
] -> null
- map_key = {
- "breakfast" = 800
- "dinner" = (sensitive)
- "dinner" = (sensitive value)
} -> null
- map_whole = (sensitive) -> null
- map_whole = (sensitive value) -> null
- nested_block_set {
# At least one attribute in this block is (or was) sensitive,
Expand Down Expand Up @@ -6492,7 +6492,7 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
),
ExpectedOutput: ` # test_instance.example must be replaced
-/+ resource "test_instance" "example" {
~ ami = (sensitive) # forces replacement
~ ami = (sensitive value) # forces replacement
id = "i-02ae66f368e8518a9"
~ nested_block_set { # forces replacement
Expand Down Expand Up @@ -6524,7 +6524,7 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
),
ExpectedOutput: ` # test_instance.example must be replaced
-/+ resource "test_instance" "example" {
~ ami = (sensitive) # forces replacement
~ ami = (sensitive value) # forces replacement
id = "i-02ae66f368e8518a9"
}
`,
Expand Down Expand Up @@ -6567,7 +6567,7 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
ExpectedOutput: ` # test_instance.example must be replaced
-/+ resource "test_instance" "example" {
~ conn_info = { # forces replacement
~ password = (sensitive)
~ password = (sensitive value)
# (1 unchanged attribute hidden)
}
id = "i-02ae66f368e8518a9"
Expand Down Expand Up @@ -6824,7 +6824,7 @@ func TestOutputChanges(t *testing.T) {
},
`
~ a = 1 -> 2
~ b = (sensitive)
~ b = (sensitive value)
~ c = false -> true`,
},
}
Expand Down
2 changes: 1 addition & 1 deletion internal/repl/format.go
View file
Expand Up @@ -18,7 +18,7 @@ func FormatValue(v cty.Value, indent int) string {
return "(known after apply)"
}
if v.HasMark(marks.Sensitive) {
return "(sensitive)"
return "(sensitive value)"
}
if v.IsNull() {
ty := v.Type()
Expand Down
4 changes: 2 additions & 2 deletions internal/repl/format_test.go
View file
Expand Up @@ -171,8 +171,8 @@ EOT_`,
`toset([])`,
},
{
cty.StringVal("sensitive value").Mark(marks.Sensitive),
"(sensitive)",
cty.StringVal("a sensitive value").Mark(marks.Sensitive),
"(sensitive value)",
},
}

Expand Down
4 changes: 2 additions & 2 deletions website/docs/language/expressions/function-calls.mdx
View file
Expand Up @@ -63,11 +63,11 @@ the `keys()` function will result in a list that is sensitive:
```shell
> local.baz
{
"a" = (sensitive)
"a" = (sensitive value)
"b" = "dog"
}
> keys(local.baz)
(sensitive)
(sensitive value)
```

## When Terraform Calls Functions
Expand Down
2 changes: 1 addition & 1 deletion website/docs/language/expressions/references.mdx
View file
Expand Up @@ -292,7 +292,7 @@ Note that unlike `count`, splat expressions are _not_ directly applicable to res

When defining the schema for a resource type, a provider developer can mark
certain attributes as _sensitive_, in which case Terraform will show a
placeholder marker `(sensitive)` instead of the actual value when rendering
placeholder marker `(sensitive value)` instead of the actual value when rendering
a plan involving that attribute.

A provider attribute marked as sensitive behaves similarly to an
Expand Down
6 changes: 3 additions & 3 deletions website/docs/language/functions/nonsensitive.mdx
View file
Expand Up @@ -91,11 +91,11 @@ the local value `mixed_content`, with a valid JSON string assigned to

```
> var.mixed_content_json
(sensitive)
(sensitive value)
> local.mixed_content
(sensitive)
(sensitive value)
> local.mixed_content["password"]
(sensitive)
(sensitive value)
> nonsensitive(local.mixed_content["username"])
"zqb"
> nonsensitive("clear")
Expand Down

0 comments on commit 49013ed

Please sign in to comment.