sanitize: allow for the sanitization of sensitive values #34
Conversation
vancluever
force-pushed
the
sensitive-values
branch
from
ef1eaa7
to
b4ee84f
Compare
|
Converting to draft while we wait on dependent PRs (mitchellh/reflectwalk#25 and mitchellh/copystructure#36). |
There was a problem hiding this comment.
Aside from some minor in-line comments, I looked at the public API overall https://pkg.go.dev/github.com/hashicorp/terraform-json@v0.10.1-0.20210503192259-b4ee84fc1086/sanitize and it made me wonder what's the use case for accepting replaceWith as an argument to some functions, as opposed to having a single instance of Sanitizer hold the "magic token" that would be then used in all methods internally?
Wouldn't that make the API simpler?
Do you anticipate the need for values to be replaced differently in each function call in Sentinel?
Yeah, this is exactly it. I want to leave it open-ended to possibly add things like a first-class sensitive value in the future.
The package does not present its functionality as an object. There's not really any state that I can think of that would be necessary here, and I think it should stay that way, unless you can think of any reason why there should be state? |
vancluever
force-pushed
the
sensitive-values
branch
4 times, most recently
from
1a30f72
to
1f5f42f
Compare
I didn't see a strong reason aside from a simpler API where number of arguments is reduced, but as you said that likely wouldn't play well with how you plan to use it, so never mind! 😄 |
This adds a new package and functions for sanitization of values marked as sensitive in the plan, where we can get particular data to do it. This data is derived in a number of ways, also documented in the top-level SanitizePlan function: * ResourceChanges are sanitized based on BeforeSensitive and AfterSensitive fields. * Variables are sanitized based on variable config data found in the root module of the Config. * PlannedValues are sanitized based on the values found in AfterSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output. * PriorState is sanitized based on the values found in BeforeSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output. * OutputChanges are sanitized based on the values found in BeforeSensitive and AfterSensitive. This generally means that any sensitive output will have OutputChange fully obfuscated as the BeforeSensitive and AfterSensitive in outputs are opaquely the same.
vancluever
force-pushed
the
sensitive-values
branch
from
1f5f42f
to
70b0331
Compare
|
@radeksimko should be good for a full review now. 🙂 |
|
Thank you 🙂 |
This adds a new package and functions for sanitization of values marked
as sensitive in the plan, where we can get particular data to do it.
This data is derived in a number of ways, also documented in the
top-level SanitizePlan function:
ResourceChanges are sanitized based on BeforeSensitive and
AfterSensitive fields.
Variables are sanitized based on variable config data found in the
root module of the Config.
PlannedValues are sanitized based on the values found in
AfterSensitive in ResourceChanges. Outputs are sanitized according to
the appropriate sensitivity flags provided for the output.
PriorState is sanitized based on the values found in BeforeSensitive
in ResourceChanges. Outputs are sanitized according to the appropriate
sensitivity flags provided for the output.
OutputChanges are sanitized based on the values found in
BeforeSensitive and AfterSensitive. This generally means that any
sensitive output will have OutputChange fully obfuscated as the
BeforeSensitive and AfterSensitive in outputs are opaquely the same.