aherman
/
terraform
mirror of https://github.com/hashicorp/terraform
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #34393 from hashicorp/radditude/sensitive-state-roundtrip

Browse Source 
stackstate: sensitive values are preserved when deserializing stack state
pull/34400/head
CJ Horton 2 years ago committed by GitHub
parent e26ec58c63 89aea31bbd
commit 00eeaec64d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File

12
internal/plans/planfile/tfplan.go
Unescape View File

@ -906,6 +906,18 @@ func pathValueMarksToTfplan(pvm []cty.PathValueMarks) ([]*planproto.Path, error)
return ret, nil
}
// PathFromProto decodes a path to a nested attribute into a cty.Path for
// use in tracking marked values.
//
// This is used by the stackstate package, which uses planproto.Path messages
// while using a different overall container.
func PathFromProto(path *planproto.Path) (cty.Path, error) {
if path == nil {
return nil, nil
}
return pathFromTfplan(path)
}
func pathFromTfplan(path *planproto.Path) (cty.Path, error) {
ret := make([]cty.PathStep, 0, len(path.Steps))
for _, step := range path.Steps {

17
internal/stacks/stackstate/from_proto.go
Unescape View File

@ -7,10 +7,13 @@ import (
"fmt"
"github.com/hashicorp/terraform/internal/addrs"
"github.com/hashicorp/terraform/internal/lang/marks"
"github.com/hashicorp/terraform/internal/plans/planfile"
"github.com/hashicorp/terraform/internal/stacks/stackaddrs"
"github.com/hashicorp/terraform/internal/stacks/stackstate/statekeys"
"github.com/hashicorp/terraform/internal/stacks/tfstackdata1"
"github.com/hashicorp/terraform/internal/states"
"github.com/zclconf/go-cty/cty"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/reflect/protoreflect"
"google.golang.org/protobuf/types/known/anypb"
@ -217,7 +220,19 @@ func DecodeProtoResourceInstanceObject(protoObj *tfstackdata1.StateResourceInsta
return nil, fmt.Errorf("unsupported status %s", protoObj.Status.String())
}
// TODO: Deal with sensitive paths in protoObj.SensitivePaths
paths := make([]cty.PathValueMarks, 0, len(protoObj.SensitivePaths))
marks := cty.NewValueMarks(marks.Sensitive)
for _, p := range protoObj.SensitivePaths {
path, err := planfile.PathFromProto(p)
if err != nil {
return nil, err
}
paths = append(paths, cty.PathValueMarks{
Path: path,
Marks: marks,
})
}
objSrc.AttrSensitivePaths = paths
if len(protoObj.Dependencies) != 0 {
objSrc.Dependencies = make([]addrs.ConfigResource, len(protoObj.Dependencies))

Write Preview
Loading…
Cancel
Save