mirror of
https://github.com/opentofu/opentofu.git
synced 2024-12-25 08:21:07 -06:00
config/configschema: Sensitive flag for attributes
We don't currently have any need for this information, but we're propagating it out of helper/schema here pre-emptively so that once we later have a use for it we will not need to rebuild the providers to gain access to it. The long-term expected use-case for this is to have Terraform Core use static analysis techniques to trace the path of sensitive data through interpolations so that intermediate results can be flagged as sensitive too, but we have a lot more work to do before such a thing would actually be possible.
This commit is contained in:
parent
69650b0bbc
commit
b91bd62747
@ -40,6 +40,15 @@ type Attribute struct {
|
||||
// provider rather than from configuration. If combined with Optional,
|
||||
// then the config may optionally provide an overridden value.
|
||||
Computed bool
|
||||
|
||||
// Sensitive, if set to true, indicates that an attribute may contain
|
||||
// sensitive information.
|
||||
//
|
||||
// At present nothing is done with this information, but callers are
|
||||
// encouraged to set it where appropriate so that it may be used in the
|
||||
// future to help Terraform mask sensitive information. (Terraform
|
||||
// currently achieves this in a limited sense via other mechanisms.)
|
||||
Sensitive bool
|
||||
}
|
||||
|
||||
// NestedBlock represents the embedding of one block within another.
|
||||
|
@ -56,10 +56,11 @@ func (m schemaMap) CoreConfigSchema() *configschema.Block {
|
||||
// whose elem is a whole resource.
|
||||
func (s *Schema) coreConfigSchemaAttribute() *configschema.Attribute {
|
||||
return &configschema.Attribute{
|
||||
Type: s.coreConfigSchemaType(),
|
||||
Optional: s.Optional,
|
||||
Required: s.Required,
|
||||
Computed: s.Computed,
|
||||
Type: s.coreConfigSchemaType(),
|
||||
Optional: s.Optional,
|
||||
Required: s.Required,
|
||||
Computed: s.Computed,
|
||||
Sensitive: s.Sensitive,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -215,6 +215,25 @@ func TestSchemaMapCoreConfigSchema(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
"sensitive": {
|
||||
map[string]*Schema{
|
||||
"string": {
|
||||
Type: TypeString,
|
||||
Optional: true,
|
||||
Sensitive: true,
|
||||
},
|
||||
},
|
||||
&configschema.Block{
|
||||
Attributes: map[string]*configschema.Attribute{
|
||||
"string": {
|
||||
Type: cty.String,
|
||||
Optional: true,
|
||||
Sensitive: true,
|
||||
},
|
||||
},
|
||||
BlockTypes: map[string]*configschema.NestedBlock{},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, test := range tests {
|
||||
|
Loading…
Reference in New Issue
Block a user