Preserve sensitivity when set at impossible levels. #819
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Right now, anything that is represented by a *schema.Schema can be set as sensitive. This is problematic, as there are two things that we use *schema.Schema to represent that can't actually be set to Sensitive. First, a block is represented as a *schema.Schema with an Elem property set to another *schema.Schema or a *schema.Resource. Blocks can't be set to sensitive, however; they have no flag for it. Right now the SDK just discards that flag, ignoring it. This commit changes that to have all the attributes inside the block inherit its sensitivity. Attributes _can_ be sensitive, so this preserves the intent as best we can. Second, _sub-attributes_, pieces of complex attributes, are also represented as a *schema.Schema with an Elem property. These are rarer; to create these, a *schema.Schema needs to have an Elem property, and needs to be computed only (not optional). The SDK automatically converts this to an attribute when in SchemaConfigModeAuto. The other way to create these is to set a *schema.Schema with an Elem property to SchemaConfigModeAttr manually. Any fields below that *schema.Schema are then parts of a complex attribute, not attributes in their own right. But Sensitive can only be set on attributes, not on parts of attributes. In that situation, right now the SDK just discards the Sensitive flag. This commit changes that behavior so that in this situation, if any part of the attribute is marked as sensitive, the entire attribute becomes sensitive, getting as close to the intent as we can.
|
I honestly have no idea how we're going to test this, but we'll figure it out. |
|
Some additional unit test cases in |
|
|
bflad
added a commit
to hashicorp/terraform-docs-common
that referenced
this pull request
Jul 25, 2022
bflad
added a commit
to hashicorp/terraform-docs-common
that referenced
this pull request
Jul 25, 2022
Reference: hashicorp/terraform-plugin-framework#214 Reference: hashicorp/terraform-plugin-sdk#819 Reference: hashicorp/terraform-plugin-sdk#201 As part of investigating some differences between sdk/v2 and framework, the individual sensitivity configuration offered by nested attributes in protocol version 6 is important to call out explicitly.
bflad
added a commit
to hashicorp/terraform-docs-common
that referenced
this pull request
Jul 26, 2022
#76) Reference: hashicorp/terraform-plugin-framework#214 Reference: hashicorp/terraform-plugin-sdk#819 Reference: hashicorp/terraform-plugin-sdk#201 As part of investigating some differences between sdk/v2 and framework, the individual sensitivity configuration offered by nested attributes in protocol version 6 is important to call out explicitly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Right now, anything that is represented by a *schema.Schema can be set
as sensitive. This is problematic, as there are two things that we use
*schema.Schema to represent that can't actually be set to Sensitive.
First, a block is represented as a *schema.Schema with an Elem property
set to another *schema.Schema or a *schema.Resource. Blocks can't be set
to sensitive, however; they have no flag for it. Right now the SDK just
discards that flag, ignoring it. This commit changes that to have all
the attributes inside the block inherit its sensitivity. Attributes
can be sensitive, so this preserves the intent as best we can.
Second, sub-attributes, pieces of complex attributes, are also
represented as a *schema.Schema with an Elem property. These are rarer;
to create these, a *schema.Schema needs to have an Elem property, and
needs to be computed only (not optional). The SDK automatically converts
this to an attribute when in SchemaConfigModeAuto. The other way to
create these is to set a *schema.Schema with an Elem property to
SchemaConfigModeAttr manually. Any fields below that *schema.Schema are
then parts of a complex attribute, not attributes in their own right.
But Sensitive can only be set on attributes, not on parts of attributes.
In that situation, right now the SDK just discards the Sensitive flag.
This commit changes that behavior so that in this situation, if any part
of the attribute is marked as sensitive, the entire attribute becomes
sensitive, getting as close to the intent as we can.
This is intended to resolve #201.