Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform test: remove marks before passing variables as inputs to a plan #34190

Merged
merged 3 commits into from Nov 8, 2023
Merged

terraform test: remove marks before passing variables as inputs to a plan #34190

merged 3 commits into from Nov 8, 2023

Conversation

liamcervante
Copy link
Member

@liamcervante liamcervante commented Nov 6, 2023
edited

This PR removes the sensitive marks from variables before passing them as input variables into run blocks. This only affects situations where users are passing outputs from previous run blocks that are marked as sensitive.

In addition, we add a warning if the receiving variable configuration isn't also marked as sensitive, as the sensitive metadata is being lost if the config isn't also marked as sensitive. It might be we want to actually completely disallow this, so add this diagnostic as an error instead of a warning. I'm happy to make that change if we think it's necessary.

Fixes #34185

Target Release

1.6.4

Draft CHANGELOG entry

BUG FIXES

  • terraform test: Fix bug preventing passing sensitive output values from previous run blocks as inputs to future run blocks.

@liamcervante liamcervante added the 1.6-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged label Nov 6, 2023
@liamcervante liamcervante requested a review from a team November 6, 2023 09:30
jbardin
jbardin reviewed Nov 7, 2023
View reviewed changes
internal/backend/local/test.go Outdated
@@ -1124,17 +1136,50 @@ func (runner *TestFileRunner) GetVariables(config *configs.Config, run *modulete
// This function is essentially the opposite of AddVariablesToConfig which
// makes the config match the variables rather than the variables match the
// config.
func (runner *TestFileRunner) FilterVariablesToConfig(config *configs.Config, values terraform.InputValues) terraform.InputValues {
//
// warnOnSensitivityChange will prompt this function to add warnings if an input
Copy link
Member

@jbardin jbardin Nov 7, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a function/variable name that was refactored out elsewhere?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, initially I had an argument that meant the function would only selectively add the warnings if this was true but then I realised the caller could just ignore the diagnostics so we didn't need to modify the function to exclude them internally.

I must've forgot update the doc comment when I removed it!

@liamcervante liamcervante merged commit ad77877 into main Nov 8, 2023
6 checks passed
@liamcervante liamcervante deleted the liamcervante/34185 branch November 8, 2023 08:34
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 8, 2023

Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch.

@teamterraform teamterraform mentioned this pull request Nov 8, 2023
Closed
liamcervante added a commit that referenced this pull request Nov 8, 2023
@liamcervante
backport of #34190
daf5699
@liamcervante liamcervante mentioned this pull request Nov 8, 2023
Merged
liamcervante added a commit that referenced this pull request Nov 8, 2023
@liamcervante
backport of terraform test: remove marks before passing variables as …
0a2e93e 
…inputs to a plan (#34202)

* remove marks before passing variables as inputs to a plan

* backport of #34190
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 9, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jbardin jbardin jbardin approved these changes

Assignees
No one assigned
Labels
1.6-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Using sensitive values in subsequent run blocks of terraform test not possible: value has marks
2 participants
@liamcervante @jbardin