Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP Improve comparison of sensitive marks on resources, and propagate the sensitive_attributes correctly #1640

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

WIP Improve comparison of sensitive marks on resources, and propagate the sensitive_attributes correctly #1640

wants to merge 4 commits into from

Conversation

Yantrio
Copy link
Member

@Yantrio Yantrio commented May 10, 2024
edited

Note: I've marked this as a WIP so that I can get github to build this for and report test failures in a lazy way! Please hold off on reviews until tests are in.

This PR resolves 2 things primarily.

  • Ensure that we propagate the sensitive_attributes correctly to the statefile. This was raised as a possible point of concern by @cam72cam here
  • Move the mark comparison logic to just use the prior and the proposed values when detecting if a NoOp change is actually a change of sensitivity.

It also introduced a method to combine []cty.PathValueMark which is used to ensure that sensitive_attributes are not being thrown away.

This is used to combine the existing value marks with the marks from the configuration.
Because we handle it this way now, the sensitive_attributes value in the statefile will now include all sensitive properties and not just those where a sensitive value was passed in.

Resolves #1616

Target Release

1.8.0

@github-actions GitHub Actions
Copy link

Reminder for the PR assignee: If this is a user-visible change, please update the changelog as part of the PR.

@Yantrio
Ensure that marks are propagated from the schema as well as previous …
1f2bdd3 
…values and merge all marks where possible

Signed-off-by: James Humphries <james@james-humphries.co.uk>
@Yantrio Yantrio force-pushed the sensitive_attributes_from_schema branch from a3a8433 to 1f2bdd3 Compare May 13, 2024 13:49
@Yantrio
ImportResources now count as a no-op with import. instead of an update
ac0326d 
Signed-off-by: James Humphries <james@james-humphries.co.uk>
@Yantrio
Fixed issue with refreshing resources correctly
7d4213d 
Signed-off-by: James Humphries <james@james-humphries.co.uk>
@Yantrio
Update fixtures for latest update
8018475 
Signed-off-by: James Humphries <james@james-humphries.co.uk>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cam72cam cam72cam Awaiting requested review from cam72cam

@cube2222 cube2222 Awaiting requested review from cube2222

@janosdebugs janosdebugs Awaiting requested review from janosdebugs

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@Yantrio