Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: Loosen output value sensitivity requirement #28472

Merged
merged 1 commit into from Apr 21, 2021
Merged

core: Loosen output value sensitivity requirement #28472

merged 1 commit into from Apr 21, 2021

Conversation

alisdair
Copy link
Member

Non-root module outputs no longer strip sensitivity marks from their values, allowing dynamically sensitive values to propagate through the configuration. We also remove the requirement for non-root module outputs to be defined as sensitive if the value is marked as sensitive.

This avoids a static/dynamic clash when using shared modules that might unknowingly receive sensitive values via input variables.

Fixes #28431.

@alisdair alisdair added core 0.15-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged labels Apr 21, 2021
@alisdair alisdair requested a review from a team April 21, 2021 17:18
@alisdair alisdair self-assigned this Apr 21, 2021
@codecov
Copy link

codecov bot commented Apr 21, 2021
edited

Codecov Report

Merging #28472 (43bf383) into main (d15f739) will increase coverage by 0.00%.
The diff coverage is 100.00%.

Impacted Files Coverage Δ
terraform/evaluate.go 53.18% <100.00%> (ø)
terraform/node_output.go 76.64% <100.00%> (+0.36%) ⬆️

apparentlymart
apparentlymart approved these changes Apr 21, 2021
View reviewed changes
Copy link
Member

@apparentlymart apparentlymart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks reasonable to me! Thanks for digging in to this.

I left some unimportant cosmetic notes inline. Feel free to ignore or adjust them if you disagree; it's all subjective anyway.

terraform/node_output.go Outdated Show resolved Hide resolved
terraform/node_output.go Show resolved Hide resolved
@alisdair @apparentlymart
core: Loosen output value sensitivity requirement
43bf383 
Non-root module outputs no longer strip sensitivity marks from their
values, allowing dynamically sensitive values to propagate through the
configuration. We also remove the requirement for non-root module
outputs to be defined as sensitive if the value is marked as sensitive.

This avoids a static/dynamic clash when using shared modules that might
unknowingly receive sensitive values via input variables.

Co-authored-by: Martin Atkins <mart@degeneration.co.uk>
@alisdair alisdair force-pushed the alisdair/submodule-outputs-inferred-sensitive branch from c1e51dc to 43bf383 Compare April 21, 2021 18:27
@alisdair alisdair merged commit 389415a into main Apr 21, 2021
@alisdair alisdair deleted the alisdair/submodule-outputs-inferred-sensitive branch April 21, 2021 18:40
@teamterraform teamterraform mentioned this pull request Apr 21, 2021
Merged
@apparentlymart apparentlymart mentioned this pull request Apr 21, 2021
Closed
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 23, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@apparentlymart apparentlymart apparentlymart approved these changes

Assignees

@alisdair alisdair

Labels
0.15-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged core
Projects
None yet
Milestone
No milestone
2 participants
@alisdair @apparentlymart