diff --git a/terraform/evaluate.go b/terraform/evaluate.go index c8ee603049..add559cbcc 100644 --- a/terraform/evaluate.go +++ b/terraform/evaluate.go @@ -956,7 +956,10 @@ func getValMarks(schema *configschema.Block, val cty.Value, path cty.Path) []cty var pvm []cty.PathValueMarks for name, attrS := range schema.Attributes { if attrS.Sensitive { - attrPath := append(path, cty.GetAttrStep{Name: name}) + // Create a copy of the path, with this step added, to add to our PathValueMarks slice + attrPath := make(cty.Path, len(path), len(path)+1) + copy(attrPath, path) + attrPath = append(path, cty.GetAttrStep{Name: name}) pvm = append(pvm, cty.PathValueMarks{ Path: attrPath, Marks: cty.NewValueMarks("sensitive"), @@ -969,8 +972,12 @@ func getValMarks(schema *configschema.Block, val cty.Value, path cty.Path) []cty if !blockS.Block.ContainsSensitive() { continue } + // Create a copy of the path, with this step added, to add to our PathValueMarks slice + blockPath := make(cty.Path, len(path), len(path)+1) + copy(blockPath, path) + blockPath = append(path, cty.GetAttrStep{Name: name}) + blockV := val.GetAttr(name) - blockPath := append(path, cty.GetAttrStep{Name: name}) switch blockS.Nesting { case configschema.NestingSingle, configschema.NestingGroup: pvm = append(pvm, getValMarks(&blockS.Block, blockV, blockPath)...) diff --git a/terraform/evaluate_test.go b/terraform/evaluate_test.go index 3f32c5ffa6..eb07af314f 100644 --- a/terraform/evaluate_test.go +++ b/terraform/evaluate_test.go @@ -135,7 +135,7 @@ func TestEvaluatorGetResource(t *testing.T) { }.Instance(addrs.NoKey).Absolute(addrs.RootModuleInstance), &states.ResourceInstanceObjectSrc{ Status: states.ObjectReady, - AttrsJSON: []byte(`{"id":"foo", "nesting_list": [{"sensitive_value":"abc"}], "nesting_map": {"foo":{"foo":"x"}}, "nesting_set": [{"baz":"abc"}], "nesting_single": {"boop":"abc"}, "value":"hello"}`), + AttrsJSON: []byte(`{"id":"foo", "nesting_list": [{"sensitive_value":"abc"}], "nesting_map": {"foo":{"foo":"x"}}, "nesting_set": [{"baz":"abc"}], "nesting_single": {"boop":"abc"}, "nesting_nesting": {"nesting_list":[{"sensitive_value":"abc"}]}, "value":"hello"}`), }, addrs.AbsProviderConfig{ Provider: addrs.NewDefaultProvider("test"), @@ -222,6 +222,22 @@ func TestEvaluatorGetResource(t *testing.T) { }, Nesting: configschema.NestingSingle, }, + "nesting_nesting": { + Block: configschema.Block{ + BlockTypes: map[string]*configschema.NestedBlock{ + "nesting_list": { + Block: configschema.Block{ + Attributes: map[string]*configschema.Attribute{ + "value": {Type: cty.String, Optional: true}, + "sensitive_value": {Type: cty.String, Optional: true, Sensitive: true}, + }, + }, + Nesting: configschema.NestingList, + }, + }, + }, + Nesting: configschema.NestingSingle, + }, }, }, }, @@ -246,6 +262,14 @@ func TestEvaluatorGetResource(t *testing.T) { "nesting_map": cty.MapVal(map[string]cty.Value{ "foo": cty.ObjectVal(map[string]cty.Value{"foo": cty.StringVal("x").Mark("sensitive")}), }), + "nesting_nesting": cty.ObjectVal(map[string]cty.Value{ + "nesting_list": cty.ListVal([]cty.Value{ + cty.ObjectVal(map[string]cty.Value{ + "sensitive_value": cty.StringVal("abc").Mark("sensitive"), + "value": cty.NullVal(cty.String), + }), + }), + }), "nesting_set": cty.SetVal([]cty.Value{ cty.ObjectVal(map[string]cty.Value{ "baz": cty.StringVal("abc").Mark("sensitive"), @@ -269,7 +293,7 @@ func TestEvaluatorGetResource(t *testing.T) { } if !got.RawEquals(want) { - t.Errorf("wrong result %#v; want %#v", got, want) + t.Errorf("wrong result:\ngot: %#v\nwant: %#v", got, want) } }