Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of fix: don't reveal nested attributes with sensitive schema into v1.3 #32150

Merged
merged 2 commits into from Nov 3, 2022
Merged

Backport of fix: don't reveal nested attributes with sensitive schema into v1.3 #32150

merged 2 commits into from Nov 3, 2022

Conversation

teamterraform
Copy link
Contributor

Backport

This PR is auto-generated from #32004 to be assessed for backporting due to the inclusion of the label 1.3-backport.

The below text is copied from the body of the original PR.

Description

Fixes several bugs in the plan diff rendering of nested attributes

  • When a schema attribute is sensitive, but also contains nested attributes, terraform reveals the nested attributes. The renderer checks for sensitive values at this nesting level, but ignores sensitive schema.
  • There is a mixture of "(sensitive)" and "(sensitive value)" output in the plan diff and I changed them all to "(sensitive value)"
  • Certain nested attribute modes don't output consistent new values for delete plans or unknown values

I also added a lot more test coverage for single nested attribute mode and sensitive schema nested attributes

Sample Config 
terraform {
  required_providers {
    nested = {
      source = "alisdair/nested"
    }
  }
}

resource "nested_single" "example" {
  name = "my_nested_single"

  sensitive_value = {
    string = "secret"
  }
}

resource "nested_list" "example" {
  name = "my_nested_list"

  sensitive_values = [{
    string = "secret"
  }]
}

resource "nested_blocks" "example" {
  name = "my_nested_list"

  list {
    sensitive_value = {
      string = "secret"
    }
  }
}

Before:

Screen Shot 2022-10-12 at 3 02 10 PM

After:

Screen Shot 2022-10-21 at 9 40 56 AM

Target Release

1.4.0, 1.3.5

Draft CHANGELOG entry

BUG FIXES

When rendering a diff of nested attributes, Terraform now hides the entire nested object if it is marked sensitive by the provider schema

@teamterraform teamterraform force-pushed the backport/brandonc/nested_attr_sensitive/repeatedly-tidy-doe branch from e91f99a to 49013ed Compare November 2, 2022 22:18
@brandonc brandonc merged commit 65703eb into v1.3 Nov 3, 2022
@github-actions
Copy link

github-actions bot commented Nov 3, 2022

Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch.

@brandonc brandonc deleted the backport/brandonc/nested_attr_sensitive/repeatedly-tidy-doe branch November 3, 2022 15:22
@github-actions
Copy link

github-actions bot commented Dec 5, 2022

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 5, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@brandonc brandonc Awaiting requested review from brandonc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@teamterraform @brandonc