-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ephemeral: support write-only attributes #36031
base: main
Are you sure you want to change the base?
Conversation
2b388e8
to
be31c29
Compare
The equivalence tests will be updated. Please verify the changes here. |
be31c29
to
2adec4b
Compare
The equivalence tests will be updated. Please verify the changes here. |
2adec4b
to
90a9119
Compare
90a9119
to
625b207
Compare
The equivalence tests will be updated. Please verify the changes here. |
ead805d
to
9f0ce65
Compare
The equivalence tests will be updated. Please verify the changes here. |
9f0ce65
to
3cd2fad
Compare
3cd2fad
to
2149025
Compare
The equivalence tests will be updated. Please verify the changes here. |
@@ -1180,6 +1181,10 @@ func (n *NodeAbstractResourceInstance) plan( | |||
} | |||
} | |||
|
|||
// We don't need ephemeral values anymore since the value has been planned | |||
ephemeralValuePaths, _ := marks.PathsWithMark(unmarkedPaths, marks.Ephemeral) | |||
plannedNewVal = ephemeral.RemoveEphemeralValues(plannedNewVal) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Provider cannot send back ephemeral values, so we should not just be blindly removing the values here. If they did somehow exist, that would be an error.
internal/plans/changes_src.go
Outdated
@@ -388,6 +394,10 @@ type ChangeSrc struct { | |||
// the serialized change. | |||
BeforeSensitivePaths, AfterSensitivePaths []cty.Path | |||
|
|||
// BeforeWriteOnlyPaths and AfterWriteOnlyPaths are paths for any values | |||
// in Before or After (respectively) that are considered to be write-only. | |||
BeforeWriteOnlyPaths, AfterWriteOnlyPaths []cty.Path |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
write-only paths are statically known in the schema, is this intended to track if one was set or not? If so there are no AfterWriteOnlyPaths
, because the provider must not return any write-only values.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was under the impression we need to track where ephemeral values have been set. If e.g. a provider changes the schema between two runs these paths might be different for the last state vs the next state, so I thought we would need to track both.
I'm also fine with not tracking them for now at all and taking a second look at it if we find we need them, currently I am also not really clear on the problem they are solving.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They can't change during a run, so before and after here would always match. I don't think we want to go down the path of tracking if something was set on a previous run though (at least for now), the semantics of that get really messy and don't really have any bearing on the API itself. From what I can see, the only reason to track this here is to help format the diff for the user.
internal/states/instance_object.go
Outdated
|
||
// AttrWriteOnlyPaths is an array of paths to mark as ephemeral coming out of | ||
// state, or to save as write_only paths when saving state | ||
AttrWriteOnlyPaths []cty.Path |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ephemeral can't go into or out of state, so there should be no reason to track the marked paths
internal/states/remote/state_test.go
Outdated
"sensitive_attributes": []interface{}{}, | ||
"schema_version": 0.0, | ||
"sensitive_attributes": []interface{}{}, | ||
"write_only_attributes": []interface{}{}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remote-state is all about outputs, so there can't be anything write-only
The equivalence tests will be updated. Please verify the changes here. |
we might need them later on, but it will be easier to find the right place and abstraction when the need to use them arises
we got the marks from the proposed value, the provider gets the value without the marks we then reapply the marks and need to also remove the write-only values by setting the values to null
76f2ba7
to
298b60b
Compare
The equivalence tests will be updated. Please verify the changes here. |
The equivalence tests will be updated. Please verify the changes here. |
This PR aims on building baseline support for write-only attributes, so attributes that can be set to ephemeral values and can not be read / referenced. These attributes are hidden from the state.
Fixes TF-18617
Target Release
1.11.x
Draft CHANGELOG entry
NEW FEATURES