IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

Create experiment for sensitive attribute

Browse Source
This commit is contained in:
Pam Selle 2020-09-10 10:08:04 -04:00
parent 843ed8911b
commit 02c1bddfe1
4 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
configs/experiments.go
View File

@ -138,6 +138,17 @@ func checkModuleExperiments(m *Module) hcl.Diagnostics {
} }
} }
*/ */
if !m.ActiveExperiments.Has(experiments.SensitiveVariables) {
for _, v := range m.Variables {
if v.Sensitive {
diags = diags.Append(&hcl.Diagnostic{
Severity: hcl.DiagError,
Summary: "Variable sensitivity is experimental",
Detail: "This feature is currently an opt-in experiment, subject to change in future releases based on feedback.\n\nActivate the feature for this module by adding sensitive_variables to the list of active experiments.",
Subject: v.DeclRange.Ptr(),
})
}
}
}
return diags return diags
} }

4
configs/testdata/valid-files/variables.tf vendored
View File

@ -22,7 +22,3 @@ variable "cheeze_pizza" {
variable "π" { variable "π" {
default = 3.14159265359 default = 3.14159265359
} }
variable "sensitive-value" {
sensitive = true
}

7
configs/testdata/warning-files/variables-sensitive.tf vendored Normal file
View File

@ -0,0 +1,7 @@
terraform {
experiments = [sensitive_variables] # WARNING: Experimental feature "sensitive_variables" is active
}
variable "sensitive-value" {
sensitive = true
}

2
experiments/experiment.go
View File

@ -14,12 +14,14 @@ type Experiment string
// identifier so that it can be specified in configuration. // identifier so that it can be specified in configuration.
const ( const (
VariableValidation = Experiment("variable_validation") VariableValidation = Experiment("variable_validation")
SensitiveVariables = Experiment("sensitive_variables")
) )
func init() { func init() {
// Each experiment constant defined above must be registered here as either // Each experiment constant defined above must be registered here as either
// a current or a concluded experiment. // a current or a concluded experiment.
registerConcludedExperiment(VariableValidation, "Custom variable validation can now be used by default, without enabling an experiment.") registerConcludedExperiment(VariableValidation, "Custom variable validation can now be used by default, without enabling an experiment.")
registerCurrentExperiment(SensitiveVariables)
} }
// GetCurrent takes an experiment name and returns the experiment value // GetCurrent takes an experiment name and returns the experiment value