IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

Sensitive diffs for primitive types

Browse Source 
When showing primitive type diffs, hide possibly
sensitive values
This commit is contained in:
Pam Selle 2020-09-24 13:27:15 -04:00
parent 20921dbfb8
commit 531728f6e9
2 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
command/format/diff.go
View File

@ -790,6 +790,11 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
unmarkedNew, _ = new.UnmarkDeep() unmarkedNew, _ = new.UnmarkDeep()
} }
switch { switch {
case ty == cty.Bool || ty == cty.Number:
if old.ContainsMarked() || new.ContainsMarked() {
p.buf.WriteString("(sensitive)")
return
}
case ty == cty.String: case ty == cty.String:
// We have special behavior for both multi-line strings in general // We have special behavior for both multi-line strings in general
// and for strings that can parse as JSON. For the JSON handling // and for strings that can parse as JSON. For the JSON handling

41
command/format/diff_test.go
View File

@ -3652,36 +3652,57 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
} }
`, `,
}, },
"in-place update - before sensitive": { "in-place update - before sensitive, primitive types": {
Action: plans.Update, Action: plans.Update,
Mode: addrs.ManagedResourceMode, Mode: addrs.ManagedResourceMode,
Before: cty.ObjectVal(map[string]cty.Value{ Before: cty.ObjectVal(map[string]cty.Value{
"id": cty.StringVal("i-02ae66f368e8518a9"), "id": cty.StringVal("i-02ae66f368e8518a9"),
"ami": cty.StringVal("ami-BEFORE"), "ami": cty.StringVal("ami-BEFORE"),
"special": cty.BoolVal(true),
"some_number": cty.NumberIntVal(1),
}), }),
After: cty.ObjectVal(map[string]cty.Value{ After: cty.ObjectVal(map[string]cty.Value{
"id": cty.StringVal("i-02ae66f368e8518a9"), "id": cty.StringVal("i-02ae66f368e8518a9"),
"ami": cty.StringVal("ami-AFTER"), "ami": cty.StringVal("ami-AFTER"),
"special": cty.BoolVal(false),
"some_number": cty.NumberIntVal(2),
}), }),
BeforeValMarks: []cty.PathValueMarks{ BeforeValMarks: []cty.PathValueMarks{
{ {
Path: cty.Path{cty.GetAttrStep{Name: "ami"}}, Path: cty.Path{cty.GetAttrStep{Name: "ami"}},
Marks: cty.NewValueMarks("sensitive"), Marks: cty.NewValueMarks("sensitive"),
}}, },
{
Path: cty.Path{cty.GetAttrStep{Name: "special"}},
Marks: cty.NewValueMarks("sensitive"),
},
{
Path: cty.Path{cty.GetAttrStep{Name: "some_number"}},
Marks: cty.NewValueMarks("sensitive"),
},
},
RequiredReplace: cty.NewPathSet(), RequiredReplace: cty.NewPathSet(),
Tainted: false, Tainted: false,
Schema: &configschema.Block{ Schema: &configschema.Block{
Attributes: map[string]*configschema.Attribute{ Attributes: map[string]*configschema.Attribute{
"id": {Type: cty.String, Optional: true, Computed: true}, "id": {Type: cty.String, Optional: true, Computed: true},
"ami": {Type: cty.String, Optional: true}, "ami": {Type: cty.String, Optional: true},
"special": {Type: cty.Bool, Optional: true},
"some_number": {Type: cty.Number, Optional: true},
}, },
}, },
ExpectedOutput: ` # test_instance.example will be updated in-place ExpectedOutput: ` # test_instance.example will be updated in-place
~ resource "test_instance" "example" { ~ resource "test_instance" "example" {
# Warning: this attribute value will no longer be marked as sensitive # Warning: this attribute value will no longer be marked as sensitive
# after applying this change # after applying this change
~ ami = (sensitive) ~ ami = (sensitive)
id = "i-02ae66f368e8518a9" id = "i-02ae66f368e8518a9"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change
~ some_number = (sensitive)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change
~ special = (sensitive)
} }
`, `,
}, },