IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

Rewrite outdated doc of function call with sensitive data (#1486)

Browse Source 
Signed-off-by: Zejun Chen <tibazq@gmail.com>
This commit is contained in:
chenzj 2024-04-30 18:24:48 +08:00 committed by GitHub
parent aea329deed
commit 267fbb17a0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
website/docs/language/expressions/function-calls.mdx
View File

@ -51,11 +51,11 @@ The expansion symbol is three periods (`...`), not a Unicode ellipsis character
When using sensitive data, such as [an input variable](../../language/values/variables.mdx#suppressing-values-in-cli-output)
or [an output defined](../../language/values/outputs.mdx#sensitive-suppressing-values-in-cli-output) as sensitive
as function arguments, the result of the function call will be marked as sensitive.
as function arguments, the sensitive information in the arguments will be tracked during the function call.
This is a conservative behavior that is true irrespective of the function being
called. For example, passing an object containing a sensitive input variable to
the `keys()` function will result in a list that is sensitive:
For example, passing an object containing a sensitive input variable to the `keys()` function
will return a list with all keys we expected, but the `values()` function will result in
a list with first item as sensitive, because the value of key "a" is sensitive.
```shell
> local.baz
@ -64,7 +64,15 @@ the `keys()` function will result in a list that is sensitive:
"b" = "dog"
}
> keys(local.baz)
(sensitive value)
[
"a",
"b",
]
> values(local.baz)
[
(sensitive value),
"dog",
]
```
## When OpenTofu Calls Functions