diff --git a/CHANGELOG.md b/CHANGELOG.md index 29eeee25f0..672b2febdc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,8 +17,9 @@ ENHANCEMENTS: * Added for-each support to providers. ([#300](https://github.com/opentofu/opentofu/issues/300)) BUG FIXES: -* Ensure that using a sensitive path for templatefile that it doesn't panic([#1801](https://github.com/opentofu/opentofu/issues/1801)) -* Fixed crash when module source is not present ([#1888](https://github.com/opentofu/opentofu/pull/1888)) +* Ensured that using a sensitive path for templatefile that it doesn't panic([#1801](https://github.com/opentofu/opentofu/issues/1801)) +* Fixed a crash when module source is not present ([#1888](https://github.com/opentofu/opentofu/pull/1888)) +* Fixed a crash when importing an empty optional sensitive string ([#1986](https://github.com/opentofu/opentofu/pull/1986)) ## Previous Releases diff --git a/internal/genconfig/generate_config.go b/internal/genconfig/generate_config.go index e6ab9052bf..a8190dda25 100644 --- a/internal/genconfig/generate_config.go +++ b/internal/genconfig/generate_config.go @@ -152,16 +152,17 @@ func writeConfigAttributesFromExisting(addr addrs.AbsResourceInstance, buf *stri } else { val = attrS.EmptyValue() } - if val.Type() == cty.String { - // SHAMELESS HACK: If we have "" for an optional value, assume - // it is actually null, due to the legacy SDK. - if !val.IsNull() && attrS.Optional && len(val.AsString()) == 0 { - val = attrS.EmptyValue() - } - } if attrS.Sensitive || val.IsMarked() { buf.WriteString("null # sensitive") } else { + if val.Type() == cty.String { + // SHAMELESS HACK: If we have "" for an optional value, assume + // it is actually null, due to the legacy SDK. + if !val.IsNull() && attrS.Optional && len(val.AsString()) == 0 { + val = attrS.EmptyValue() + } + } + tok := tryWrapAsJsonEncodeFunctionCall(val) if _, err := tok.WriteTo(buf); err != nil { diags = diags.Append(&hcl.Diagnostic{ diff --git a/internal/genconfig/generate_config_test.go b/internal/genconfig/generate_config_test.go index 5882f8d224..558671f5e9 100644 --- a/internal/genconfig/generate_config_test.go +++ b/internal/genconfig/generate_config_test.go @@ -14,6 +14,7 @@ import ( "github.com/opentofu/opentofu/internal/addrs" "github.com/opentofu/opentofu/internal/configs/configschema" + "github.com/opentofu/opentofu/internal/lang/marks" ) func TestConfigGeneration(t *testing.T) { @@ -490,6 +491,38 @@ resource "tfcoremock_simple_resource" "example" { juststr = "{a=b}" secrets = null # sensitive sensitivejsonobj = null # sensitive +}`, + }, + "optional_empty_sensitive_string": { + schema: &configschema.Block{ + Attributes: map[string]*configschema.Attribute{ + "str": { + Type: cty.String, + Optional: true, + Sensitive: true, + }, + }, + }, + addr: addrs.AbsResourceInstance{ + Module: nil, + Resource: addrs.ResourceInstance{ + Resource: addrs.Resource{ + Mode: addrs.ManagedResourceMode, + Type: "tfcoremock_simple_resource", + Name: "example", + }, + Key: nil, + }, + }, + provider: addrs.LocalProviderConfig{ + LocalName: "tfcoremock", + }, + value: cty.ObjectVal(map[string]cty.Value{ + "str": cty.StringVal("").Mark(marks.Sensitive), + }), + expected: ` +resource "tfcoremock_simple_resource" "example" { + str = null # sensitive }`, }, }