New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
terraform test: remove marks before passing variables as inputs to a plan #34190
Conversation
internal/backend/local/test.go
Outdated
@@ -1124,17 +1136,50 @@ func (runner *TestFileRunner) GetVariables(config *configs.Config, run *modulete | |||
// This function is essentially the opposite of AddVariablesToConfig which | |||
// makes the config match the variables rather than the variables match the | |||
// config. | |||
func (runner *TestFileRunner) FilterVariablesToConfig(config *configs.Config, values terraform.InputValues) terraform.InputValues { | |||
// | |||
// warnOnSensitivityChange will prompt this function to add warnings if an input |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a function/variable name that was refactored out elsewhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, initially I had an argument that meant the function would only selectively add the warnings if this was true but then I realised the caller could just ignore the diagnostics so we didn't need to modify the function to exclude them internally.
I must've forgot update the doc comment when I removed it!
Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch. |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
This PR removes the sensitive marks from variables before passing them as input variables into run blocks. This only affects situations where users are passing outputs from previous run blocks that are marked as sensitive.
In addition, we add a warning if the receiving variable configuration isn't also marked as sensitive, as the sensitive metadata is being lost if the config isn't also marked as sensitive. It might be we want to actually completely disallow this, so add this diagnostic as an error instead of a warning. I'm happy to make that change if we think it's necessary.
Fixes #34185
Target Release
1.6.4
Draft CHANGELOG entry
BUG FIXES
terraform test
: Fix bug preventing passing sensitive output values from previous run blocks as inputs to future run blocks.