From 2c493e38c717a0be6d01c37eacf15db2e4b17304 Mon Sep 17 00:00:00 2001 From: James Bardin Date: Wed, 23 Jun 2021 16:24:58 -0400 Subject: [PATCH] marks package marks.Sensitive --- internal/lang/funcs/sensitive.go | 11 ++++++----- internal/lang/marks/marks.go | 13 +++++++++++++ internal/terraform/evaluate.go | 17 +++++++++-------- internal/terraform/node_output.go | 4 ++-- 4 files changed, 30 insertions(+), 15 deletions(-) create mode 100644 internal/lang/marks/marks.go diff --git a/internal/lang/funcs/sensitive.go b/internal/lang/funcs/sensitive.go index 2fc505e73f..1ce0774a33 100644 --- a/internal/lang/funcs/sensitive.go +++ b/internal/lang/funcs/sensitive.go @@ -1,6 +1,7 @@ package funcs import ( + "github.com/hashicorp/terraform/internal/lang/marks" "github.com/zclconf/go-cty/cty" "github.com/zclconf/go-cty/cty/function" ) @@ -25,7 +26,7 @@ var SensitiveFunc = function.New(&function.Spec{ }, Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) { val, _ := args[0].Unmark() - return val.Mark("sensitive"), nil + return val.Mark(marks.Sensitive), nil }, }) @@ -48,12 +49,12 @@ var NonsensitiveFunc = function.New(&function.Spec{ return args[0].Type(), nil }, Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) { - if args[0].IsKnown() && !args[0].HasMark("sensitive") { + if args[0].IsKnown() && !args[0].HasMark(marks.Sensitive) { return cty.DynamicVal, function.NewArgErrorf(0, "the given value is not sensitive, so this call is redundant") } - v, marks := args[0].Unmark() - delete(marks, "sensitive") // remove the sensitive marking - return v.WithMarks(marks), nil + v, m := args[0].Unmark() + delete(m, marks.Sensitive) // remove the sensitive marking + return v.WithMarks(m), nil }, }) diff --git a/internal/lang/marks/marks.go b/internal/lang/marks/marks.go new file mode 100644 index 0000000000..00962c562c --- /dev/null +++ b/internal/lang/marks/marks.go @@ -0,0 +1,13 @@ +package marks + +import ( + "strings" +) + +type valueMark string + +func (m valueMark) GoString() string { + return "marks." + strings.Title(string(m)) +} + +var Sensitive = valueMark("sensitive") diff --git a/internal/terraform/evaluate.go b/internal/terraform/evaluate.go index 1ca406becd..98a0a4b4b8 100644 --- a/internal/terraform/evaluate.go +++ b/internal/terraform/evaluate.go @@ -17,6 +17,7 @@ import ( "github.com/hashicorp/terraform/internal/configs/configschema" "github.com/hashicorp/terraform/internal/instances" "github.com/hashicorp/terraform/internal/lang" + "github.com/hashicorp/terraform/internal/lang/marks" "github.com/hashicorp/terraform/internal/plans" "github.com/hashicorp/terraform/internal/states" "github.com/hashicorp/terraform/internal/tfdiags" @@ -261,7 +262,7 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd if d.Operation == walkValidate { // Ensure variable sensitivity is captured in the validate walk if config.Sensitive { - return cty.UnknownVal(wantType).Mark("sensitive"), diags + return marks.Sensitive(cty.UnknownVal(wantType)), diags } return cty.UnknownVal(wantType), diags } @@ -296,9 +297,9 @@ func (d *evaluationStateData) GetInputVariable(addr addrs.InputVariable, rng tfd val = cty.UnknownVal(wantType) } - // Mark if sensitive, and avoid double-marking if this has already been marked - if config.Sensitive && !val.HasMark("sensitive") { - val = val.Mark("sensitive") + // Mark if sensitive + if config.Sensitive { + val = marks.Sensitive(val) } return val, diags @@ -432,8 +433,8 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc instance[cfg.Name] = outputState - if cfg.Sensitive && !outputState.HasMark("sensitive") { - instance[cfg.Name] = outputState.Mark("sensitive") + if cfg.Sensitive { + instance[cfg.Name] = marks.Sensitive(outputState) } } @@ -461,8 +462,8 @@ func (d *evaluationStateData) GetModule(addr addrs.ModuleCall, rng tfdiags.Sourc instance[cfg.Name] = change.After - if change.Sensitive && !change.After.HasMark("sensitive") { - instance[cfg.Name] = change.After.Mark("sensitive") + if change.Sensitive { + instance[cfg.Name] = marks.Sensitive(change.After) } } } diff --git a/internal/terraform/node_output.go b/internal/terraform/node_output.go index 70c1f6266b..eaea07490b 100644 --- a/internal/terraform/node_output.go +++ b/internal/terraform/node_output.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/terraform/internal/configs" "github.com/hashicorp/terraform/internal/dag" "github.com/hashicorp/terraform/internal/lang" + "github.com/hashicorp/terraform/internal/lang/marks" "github.com/hashicorp/terraform/internal/plans" "github.com/hashicorp/terraform/internal/states" "github.com/hashicorp/terraform/internal/tfdiags" @@ -281,8 +282,7 @@ func (n *NodeApplyableOutput) Execute(ctx EvalContext, op walkOperation) (diags // statically declared as sensitive in order to dynamically return // a sensitive result, to help avoid accidental exposure in the state // of a sensitive value that the user doesn't want to include there. - _, marks := val.UnmarkDeep() - _, hasSensitive := marks["sensitive"] + hasSensitive := marks.HasSensitive(val) if n.Addr.Module.IsRoot() { if !n.Config.Sensitive && hasSensitive { diags = diags.Append(&hcl.Diagnostic{