From 6a04e988d6a343a4e255e9b838d28c496050dfca Mon Sep 17 00:00:00 2001 From: Liam Cervante Date: Mon, 14 Aug 2023 12:19:07 +0200 Subject: [PATCH] Add support for sensitive values in test assertions --- internal/terraform/test_context.go | 4 ++ internal/terraform/test_context_test.go | 87 +++++++++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/internal/terraform/test_context.go b/internal/terraform/test_context.go index 909b906f2f..8fe1c19eb9 100644 --- a/internal/terraform/test_context.go +++ b/internal/terraform/test_context.go @@ -159,6 +159,10 @@ func (ctx *TestContext) evaluate(state *states.SyncState, changes *plans.Changes continue } + // If the runVal refers to any sensitive values, then we'll have a + // sensitive mark on the resulting value. + runVal, _ = runVal.Unmark() + if runVal.False() { run.Status = run.Status.Merge(moduletest.Fail) run.Diagnostics = run.Diagnostics.Append(&hcl.Diagnostic{ diff --git a/internal/terraform/test_context_test.go b/internal/terraform/test_context_test.go index 4b06cf1654..20ad2dd4f1 100644 --- a/internal/terraform/test_context_test.go +++ b/internal/terraform/test_context_test.go @@ -282,7 +282,94 @@ run "test_case" { }, }, }, + "sensitive_variables": { + configs: map[string]string{ + "main.tf": ` +variable "input" { + type = string + sensitive = true +} +`, + "main.tftest.hcl": ` +run "test" { + variables { + input = "Hello, world!" + } + + assert { + condition = var.input == "Hello, world!" + error_message = "bad" + } +} +`, + }, + plan: &plans.Plan{ + Changes: plans.NewChanges(), + }, + state: states.NewState(), + variables: InputValues{ + "input": &InputValue{ + Value: cty.StringVal("Hello, world!"), + SourceType: ValueFromConfig, + SourceRange: tfdiags.SourceRange{ + Filename: "main.tftest.hcl", + Start: tfdiags.SourcePos{Line: 3, Column: 13, Byte: 12}, + End: tfdiags.SourcePos{Line: 3, Column: 28, Byte: 27}, + }, + }, + }, + provider: &MockProvider{}, + expectedStatus: moduletest.Pass, + expectedDiags: []tfdiags.Description{}, + }, + "sensitive_variables_fail": { + configs: map[string]string{ + "main.tf": ` +variable "input" { + type = string + sensitive = true +} +`, + "main.tftest.hcl": ` +run "test" { + variables { + input = "Hello, world!" + } + assert { + condition = var.input == "Hello, universe!" + error_message = "bad ${var.input}" + } +} +`, + }, + plan: &plans.Plan{ + Changes: plans.NewChanges(), + }, + state: states.NewState(), + variables: InputValues{ + "input": &InputValue{ + Value: cty.StringVal("Hello, world!"), + SourceType: ValueFromConfig, + SourceRange: tfdiags.SourceRange{ + Filename: "main.tftest.hcl", + Start: tfdiags.SourcePos{Line: 3, Column: 13, Byte: 12}, + End: tfdiags.SourcePos{Line: 3, Column: 28, Byte: 27}, + }, + }, + }, + provider: &MockProvider{}, + expectedStatus: moduletest.Fail, + expectedDiags: []tfdiags.Description{ + { + Summary: "Error message refers to sensitive values", + Detail: "The error expression used to explain this condition refers to sensitive values, so Terraform will not display the resulting message.\n\nYou can correct this by removing references to sensitive values, or by carefully using the nonsensitive() function if the expression will not reveal the sensitive data.", + }, + { + Summary: "Test assertion failed", + }, + }, + }, "basic_passing_with_plan": { configs: map[string]string{ "main.tf": `