github.com/opentofu/opentofu@v1.7.1/internal/lang/funcs/sensitive.go

github.com/opentofu/opentofu@v1.7.1/internal/lang/funcs/sensitive.go (about)

     1  // Copyright (c) The OpenTofu Authors
     2  // SPDX-License-Identifier: MPL-2.0
     3  // Copyright (c) 2023 HashiCorp, Inc.
     4  // SPDX-License-Identifier: MPL-2.0
     5  
     6  package funcs
     7  
     8  import (
     9  	"github.com/opentofu/opentofu/internal/lang/marks"
    10  	"github.com/zclconf/go-cty/cty"
    11  	"github.com/zclconf/go-cty/cty/function"
    12  )
    13  
    14  // SensitiveFunc returns a value identical to its argument except that
    15  // OpenTofu will consider it to be sensitive.
    16  var SensitiveFunc = function.New(&function.Spec{
    17  	Params: []function.Parameter{
    18  		{
    19  			Name:             "value",
    20  			Type:             cty.DynamicPseudoType,
    21  			AllowUnknown:     true,
    22  			AllowNull:        true,
    23  			AllowMarked:      true,
    24  			AllowDynamicType: true,
    25  		},
    26  	},
    27  	Type: func(args []cty.Value) (cty.Type, error) {
    28  		// This function only affects the value's marks, so the result
    29  		// type is always the same as the argument type.
    30  		return args[0].Type(), nil
    31  	},
    32  	Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
    33  		val, _ := args[0].Unmark()
    34  		return val.Mark(marks.Sensitive), nil
    35  	},
    36  })
    37  
    38  // NonsensitiveFunc takes a sensitive value and returns the same value without
    39  // the sensitive marking, effectively exposing the value.
    40  var NonsensitiveFunc = function.New(&function.Spec{
    41  	Params: []function.Parameter{
    42  		{
    43  			Name:             "value",
    44  			Type:             cty.DynamicPseudoType,
    45  			AllowUnknown:     true,
    46  			AllowNull:        true,
    47  			AllowMarked:      true,
    48  			AllowDynamicType: true,
    49  		},
    50  	},
    51  	Type: func(args []cty.Value) (cty.Type, error) {
    52  		// This function only affects the value's marks, so the result
    53  		// type is always the same as the argument type.
    54  		return args[0].Type(), nil
    55  	},
    56  	Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
    57  		v, m := args[0].Unmark()
    58  		delete(m, marks.Sensitive) // remove the sensitive marking
    59  		return v.WithMarks(m), nil
    60  	},
    61  })
    62  
    63  // IsSensitiveFunc returns whether or not the value is sensitive.
    64  var IsSensitiveFunc = function.New(&function.Spec{
    65  	Params: []function.Parameter{
    66  		{
    67  			Name:             "value",
    68  			Type:             cty.DynamicPseudoType,
    69  			AllowUnknown:     true,
    70  			AllowNull:        true,
    71  			AllowMarked:      true,
    72  			AllowDynamicType: true,
    73  		},
    74  	},
    75  	Type: func(args []cty.Value) (cty.Type, error) {
    76  		return cty.Bool, nil
    77  	},
    78  	Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
    79  		return cty.BoolVal(args[0].HasMark(marks.Sensitive)), nil
    80  	},
    81  })
    82  
    83  func Sensitive(v cty.Value) (cty.Value, error) {
    84  	return SensitiveFunc.Call([]cty.Value{v})
    85  }
    86  
    87  func Nonsensitive(v cty.Value) (cty.Value, error) {
    88  	return NonsensitiveFunc.Call([]cty.Value{v})
    89  }
    90  
    91  func IsSensitive(v cty.Value) (cty.Value, error) {
    92  	return IsSensitiveFunc.Call([]cty.Value{v})
    93  }